{"id":6353,"date":"2019-05-29T20:53:13","date_gmt":"2019-05-29T20:53:13","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=6353"},"modified":"2019-06-12T22:18:41","modified_gmt":"2019-06-12T22:18:41","slug":"msiexec-exe-as-a-lolbin","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2019\/05\/29\/msiexec-exe-as-a-lolbin\/","title":{"rendered":"msiexec.exe as a LOLBIN"},"content":{"rendered":"\n<p><strong>Update:<\/strong><\/p>\n\n\n\n<p>As <a href=\"https:\/\/twitter.com\/Oddvarmoe\">Oddvarmoe<\/a> pointed out it was <a href=\"https:\/\/twitter.com\/PhilipTsukerman\/status\/992021361106268161\">described<\/a> before by <a href=\"https:\/\/twitter.com\/PhilipTsukerman\">Philip Tsukerman<\/a>. Thanks!<\/p>\n\n\n\n<p><strong>Update #2<\/strong><\/p>\n\n\n\n<p>It looks that this technique was described even earlier by Stefan Kanthak on his excellent <a href=\"https:\/\/skanthak.homepage.t-online.de\/sentinel.html\">Sentinel<\/a> page.<\/p>\n\n\n\n<p><strong>Old Post<\/strong><\/p>\n\n\n\n<p>This is just a quick note. Not sure if anyone pointed it out before, but msiexec.exe can work as a replacement for rundll32.exe.<\/p>\n\n\n\n<p>Recipe:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">msiexec.exe -Z &lt;your DLL&gt;\nmsiexec.exe -Y &lt;your DLL&gt; <\/pre>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" loading=\"lazy\" width=\"440\" height=\"128\" src=\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2019\/05\/msiexec_lolbin.png\" alt=\"\" class=\"wp-image-6354\" srcset=\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2019\/05\/msiexec_lolbin.png 440w, https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2019\/05\/msiexec_lolbin-300x87.png 300w\" sizes=\"(max-width: 440px) 100vw, 440px\" \/><\/figure>\n\n\n\n<p>That&#8217;s it!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update: As Oddvarmoe pointed out it was described before by Philip Tsukerman. Thanks! Update #2 It looks that this technique was described even earlier by Stefan Kanthak on his excellent Sentinel page. Old Post This is just a quick note. &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2019\/05\/29\/msiexec-exe-as-a-lolbin\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[52,56,64],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/6353"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=6353"}],"version-history":[{"count":4,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/6353\/revisions"}],"predecessor-version":[{"id":6440,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/6353\/revisions\/6440"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=6353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=6353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=6353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}