search

mitre / caldera

Automated Adversary Emulation Platform
https://caldera.mitre.org
Apache License 2.0
5.34k stars 1.03k forks source link

DLL Injection with Payloads on Caldera #2498

Closed gkshakthi15 closed 2 years ago

gkshakthi15 commented 2 years ago

Hello all,

I am trying to perform DLL Injection - Adversary Emulation using Caldera. The command leverages odbcconf.exe and registers sandcat.dll to registry. Also, I am attaching a payload (187e67_calc.cpl) which should open Calculator application when the command is executed.

However, I neither could see the sandcat.dll file in C:\Users\ and calc is not opened but the Operation status shows "success".

Also, the command works only with executor "psh", cmd is not working.

Could anyone explain what's happening? Untitled

github-actions[bot] commented 2 years ago

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

gkshakthi15 commented 2 years ago

Does each payload execution is limited to specific TTPs?

github-actions[bot] commented 2 years ago

This issue is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 5 days