winget: Install ROGUE Software & Packages?

Подписаться 1,9 млн

Просмотров 28 тыс.

50% 1

j-h.io/plextrac || Save time and effort on pentest reports with PlexTrac's premiere reporting & collaborative platform in a FREE one-month trial! j-h.io/plextrac 😎
🔥 RU-vid ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware

Опубликовано:

2 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 34

@MoustacheChauveau Год назад

I did not validate this with the winget docs, but if setting the LocalManifestFiles configuration would modify the user settings of winget, why would an attacker not simply edit that file to have the setting on instead of having to impersonate local admin? I think this would explain why changing the setting does not edit the user settings json.

@CZghost Год назад

I guess the file is likely also protected against writing with admin privileges.

@aviationbutterr Год назад

Little tip, around 6:24 you exit the terminal to open up a new admin one. I don't know about you but that gets a little annoying for me to do so I found this tool called "gsudo". You can call it as gsudo or just sudo. If you just type `gsudo` it will do a UAC prompt and then bring you to a new privliaged powershell environment, but if you do `gsudo [commands ...]` it will just do that command with admin privliages and then bring you back to your normal environment. I find it pretty handy

@Vilematrix Год назад

I always wonder. Malwarebytes uses LOL strings. Whut

@f.andersen3824 Год назад

Uhhh, didn’t know about winget at all. Thanks man, very interesting.

@dtvdavid Год назад

So if I interpret it correctly, these LOLBAS things are like syskey.exe in the past?

@ReligionAndMaterialismDebunked Год назад

Just 31 comments. Damn. Hehe. I saw this on my feed many hours ago, but now I'm here, at 21 hours ago posted status. Hehe

@6r1nch4 Год назад

Love it, I use winget all the time as a System Engineer

@vnc.t Год назад

why have winget download and execute the virus if you have a shell already? why not do it yourself?

@YouChwb Год назад

Probs malware...well, someone was going to say it eventually.

@dom1310df Год назад

TIL that winget is a thing. Will have to use it when I next need to install software on Windows. Might stop me from going crazy.

@Beateau Год назад

Seriously. I seem to have to install teams every time I use a new computer or tablet at work (which is often) This will be a lot faster than trying to do it through the store or browser. One simple cmd line. Elegant.

@_._._._._._._.__._._._._._._._ Год назад

Interesting....

@RazoBeckett. Год назад

i was watching ...

@uzumakiuchiha7678 Год назад

Its kewl

@baxuvis275 Год назад

sixth comment posted here

@blinking_dodo Год назад

Neat. Also, I am pretty sure that unzipping a folder can trigger network activity... Not gonna talk about it here, since i would be using it as my own 0-day. (Or is John interested?)

@Thiole Год назад

You should email him directly instead of having it up here.

@blinking_dodo Год назад

@@Thiole Yeah no, i am not going to just burn a potential 0-day on my own. If he is interested he can ask me to mail something, but if he doesn't read it, I'd rather not wake the sleeping John... 🙃

@DD-vp7fz Год назад

That's not a 0day but expected behavior

@ryanstricklin198 Год назад

Don’t think you understand what a zero day is since this is a common action that occurs

@uuu12343 Год назад

You keep calling it zero-day, but thats not a zero day Unzipping a folder via remote network connections such as ssh will trigger as a network activity...BECAUSE IT IS A NETWORK ACTIVITY it's down to your IDS to note down the whitelisted addresses or the blacklisted addresses Thats by nature

@DayzGone Год назад

He uses PowerShell instead of cmd. Is there any reason as to why?

@sahilsinhahhh8329 Год назад

winget is powershell native

@iam-py-test Год назад

@@sahilsinhahhh8329 winget is not part of PowerShell; it is an executable and can be run from cmd, or any other way to run an executable. (It is located in C:\Users\%username%\AppData\Local\Microsoft\WindowsApps\ on my system)

@1stAshaMan Год назад

Probably because powershell is more similar to the linux terminals he's used to than command prompt is

@DayzGone Год назад

@@1stAshaMan I noticed a difference even with the dir command. cmd just shows directories. PowerShell displays permissions and the last time a folder was accessed. I might switch lol

@iam-py-test Год назад

@@DayzGone Agreed. The only thing is that I'm familiar with Linux ls and cmd.exe dir, so it will take some learning