.. /
Netsh.exe
Netsh is a Windows tool used to manipulate network interface settings.
Paths:
- C:\WINDOWS\System32\Netsh.exe
- C:\WINDOWS\SysWOW64\Netsh.exe
Resources:
Acknowledgements:
- Freddie Barr-Smith
- Riccardo Spolaor
- Mariano Graziano
- Xabier Ugarte-Pedrero
Execute
Use Netsh in order to execute a .dll file and also gain persistence, every time the netsh command is called
netsh.exe add helper C:\Users\User\file.dll
Usecase: Proxy execution of .dll
Privileges required: User
OS: Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
MITRE ATT&CK®: T1546.007