I shot the sigverif.exe – the GUI-based LOLBin
April 27, 2018 in Living off the land, LOLBins
File Signature Verification has nothing to do with launching arbitrary applications, but it is just a similar case to odbcad32.exe – the GUI apps can sometimes be abused to produce undesired effects – ones that their authors most likely have not anticipated…
Time for the recipe.
So we launch the sigverif.exe:
Then we go to Advanced settings by clicking the Advanced button, and we choose … the log file. And while we are at it why shouldn’t we choose the c:\windows\system32\calc.exe as a destination?
We then hit the View Log button, and voila. Calculator is on the screen:
Comments are closed.