~/Privilege Escalation/Windows/Binaries# cat Msdeploy.exe.md █
Microsoft tool used to deploy Web Applications.
Paths:
C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\msdeploy.exe
Detection:
Execute
Launch calc.bat via msdeploy.exe.
msdeploy.exe -verb:sync -source:RunCommand -dest:runCommand="c:\temp\calc.bat"
AWL bypass
Launch calc.bat via msdeploy.exe.
msdeploy.exe -verb:sync -source:RunCommand -dest:runCommand="c:\temp\calc.bat"