.. /
Netsh.exe
Netsh is a Windows tool used to manipulate network interface settings.
Paths:
- C:\WINDOWS\System32\Netsh.exe
- C:\WINDOWS\SysWOW64\Netsh.exe
Resources:
https://freddiebarrsmith.com/trix/trix.html
https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html
https://liberty-shell.com/sec/2018/07/28/netshlep/
Acknowledgement:
Freddie Barr-Smith -
Riccardo Spolaor -
Mariano Graziano -
Xabier Ugarte-Pedrero -
Detection:
Netsh initiating a network connection
Execute
Use Netsh in order to execute a .dll file and also gain persistence, every time the netsh command is called
netsh.exe add helper C:\Users\User\file.dll
Usecase:Proxy execution of .dll
Privileges required:User
OS:Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1128