Secondary Categories: 02-Privilege Escalation - 02-Malware - 02-Persistence - 02-Defense Evasion
Description:
If you have administrative access you can drop a wkscli.dll
into C:\Windows
and get a shell on logon under the context of explorer.exe
.
Resources:
Title | URL |
---|---|
Mr-Un1k0d3r DLL Generator | https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator |
Flanvik SharpDllProxy | https://github.com/Flangvik/SharpDllProxy |
DLL Side Loading Video | https://www.youtube.com/watch?v=uPl28hTfFBs |
DLL Export Viewer | https://www.nirsoft.net/utils/dll_export_viewer.html |
Windows Procmon Download | https://docs.microsoft.com/en-us/sysinternals/downloads/procmon |
DLL Function Proxy | https://github.com/ravinacademy/DllFunctionProxy |
Mitre Hijack Execution Flow | https://attack.mitre.org/techniques/T1574/002/ |