[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAFD2FDNg33GvCUuhXtyHOQLX3ow6tTpiBefWiTZ2j31=h3hszA@mail.gmail.com>
Date: Wed, 7 Jun 2023 22:29:41 -0400
From: hyp3rlinx <apparitionsec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Windows PowerShell / Trojan File RCE revisited
Hi,
Windows PowerShell Filename Code Execution POC
Discovery: 2019 and revisited 2023
Since it still works, I dusted off and made minor improvements:
Execute a remote DLL using rundll32
Execute an unintended secondary PS1 script or local text-file (can be
hidden)
Updated the PS1 Trojan Filename Creator Python3 Script
First reported to Microsoft back in 2019 yet remains unfixed as of the time
of this writing.
Remote code execution via a specially crafted filename.
https://github.com/hyp3rlinx/PSTrojanFile
Thank you,
hyp3rlinx
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists