Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update path information for several LOLBAS #332

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

update path information for several LOLBAS #332

wants to merge 6 commits into from

Conversation

ciwen3
Copy link

@ciwen3 ciwen3 commented Oct 3, 2023

added paths:
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

updated:
teams to have %localappdata% in the path
AgentExecutor added the exe name to the path to match all the other lolbas

@ciwen3
Update Vbc.yml
ce3127a 
added path:   - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
@ciwen3
Update MpCmdRun.yml
3c7b2bd 
added path: C:\Program Files\Windows Defender\MpCmdRun.exe
@ciwen3
Update msedgewebview2.yml
6172ca2 
added path: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
@ciwen3
Update Teams.yml
a57c96b 
changed path from c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe to %localappdata%\Microsoft\Teams\current\Teams.exe
  to standardize the format and match the more common usage in the file paths.
@ciwen3
Update Agentexecutor.yml
1a80384 
updated path to include the name of the exe like all the other paths have.
xenoscr
xenoscr reviewed Oct 4, 2023
View reviewed changes
yml/OSBinaries/Teams.yml
@@ -12,7 +12,7 @@ Commands:
MitreID: T1218
OperatingSystem: Windows 10, Windows 11
Full_Path:
- Path: c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe
- Path: %localappdata%\Microsoft\Teams\current\Teams.exe
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ciwen3 this string is failing the YAML linting. The string cannot start with a "%" which is a reserved character that denotes a directive.
"Error: inaries/Teams.yml:15:11: [error] syntax error: found character '%' that cannot start any token (syntax)"

xenoscr
xenoscr requested changes Oct 4, 2023
View reviewed changes
Copy link
Contributor

@xenoscr xenoscr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ciwen3 Please review the comments, address the syntax issues and update your pull request. Once all checks are passing, we can merge your changes.

"Error: inaries/Teams.yml:15:11: [error] syntax error: found character '%' that cannot start any token (syntax)"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xenoscr xenoscr xenoscr requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ciwen3 @xenoscr