[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Windows PowerShell / Trojan File RCE revisited
From: hyp3rlinx <apparitionsec () gmail ! com>
Date: 2023-06-08 2:29:41
Message-ID: CAFD2FDNg33GvCUuhXtyHOQLX3ow6tTpiBefWiTZ2j31=h3hszA () mail ! gmail ! com
[Download RAW message or body]
Hi,
Windows PowerShell Filename Code Execution POC
Discovery: 2019 and revisited 2023
Since it still works, I dusted off and made minor improvements:
Execute a remote DLL using rundll32
Execute an unintended secondary PS1 script or local text-file (can be
hidden)
Updated the PS1 Trojan Filename Creator Python3 Script
First reported to Microsoft back in 2019 yet remains unfixed as of the time
of this writing.
Remote code execution via a specially crafted filename.
https://github.com/hyp3rlinx/PSTrojanFile
Thank you,
hyp3rlinx
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic