New technique: Fodhelper #118

Patrick-DE · 2023-11-29T01:13:46Z

{
  "id": "9ac4767a-0052-4770-9593-4f7de131b829",
  "phase": "05. Privilege Escalation",
  "ttp": "T1548.002",
  "external": false,
  "description": "The Fodhelper binary runs as high integrity, and it is vulnerable to exploitation due to the way it interacts with the Windows Registry.\nIt interacts with the current user’s registry and reads \"HKCU:\\Software\\Classes\\ms-settings\\shell\\open\\command\".\n",
  "category": "Exploits",
  "stealthy": false,
  "tools": [
    "Metasploit"
  ],
  "changes": [],
  "name": "Fodhelper",
  "content": "",
  "steps": [
    {
      "id": "9c88259b-cbaa-4ab2-870b-27bec659b31f",
      "name": "Setup MSF",
      "description": "",
      "requirements": {},
      "results": [
        "C2:LISTENER:HTTPS"
      ]
    },
    {
      "id": "814fae75-0492-49d5-8188-aa59f456e9a2",
      "name": "Exploit",
      "description": "",
      "requirements": {},
      "results": [
        "EXPLOITS:FODHELPER"
      ]
    }
  ],
  "references": [
    "https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/"
  ]
}

The text was updated successfully, but these errors were encountered:

Patrick-DE added the enhancement New feature or request label Nov 29, 2023

Patrick-DE self-assigned this Nov 29, 2023

Patrick-DE closed this as completed in 8a1de05 Oct 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New technique: Fodhelper #118

New technique: Fodhelper #118

Patrick-DE commented Nov 29, 2023 •

edited

Loading

New technique: Fodhelper #118

New technique: Fodhelper #118

Comments

Patrick-DE commented Nov 29, 2023 • edited Loading

Patrick-DE commented Nov 29, 2023 •

edited

Loading