Skip to content

Commit

Permalink
Update Winget.yml (#384)
Browse files Browse the repository at this point in the history
Co-authored-by: Wietze <wietze@users.noreply.github.com>
  • Loading branch information
unrooted and wietze authored Aug 17, 2024
1 parent d5d11f4 commit 659a024
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion yml/OSBinaries/Winget.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,19 @@ Author: Paul Sanders
Created: 2022-01-03
Commands:
- Command: winget.exe install --manifest manifest.yml
Description: 'Downloads a file from the web address specified in manifest.yml and executes it on the system. Local manifest setting must be enabled in winget for it to work: "winget settings --enable LocalManifestFiles"'
Description: 'Downloads a file from the web address specified in manifest.yml and executes it on the system. Local manifest setting must be enabled in winget for it to work: `winget settings --enable LocalManifestFiles`'
Usecase: Download and execute an arbitrary file from the internet
Category: Execute
Privileges: Local Administrator - required to enable local manifest setting
MitreID: T1105
OperatingSystem: Windows 10, Windows 11
- Command: winget.exe install --accept-package-agreements -s msstore [name or ID]
Description: 'Download and install any software from the Microsoft Store using its name or Store ID, even if the Microsoft Store App itself is blocked on the machine. For example, use "Sysinternals Suite" or `9p7knl5rwt25` for obtaining ProcDump, PsExec via the Sysinternals Suite. Note: a Microsoft account is required for this.'
Usecase: Download and install software from Microsoft Store, even if Microsoft Store App is blocked
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows 10, Windows 11
Full_Path:
- Path: C:\Users\user\AppData\Local\Microsoft\WindowsApps\winget.exe
Code_Sample:
Expand All @@ -26,3 +33,4 @@ Resources:
Acknowledgement:
- Person: Paul
Handle: '@saulpanders'
- Person: Konrad 'unrooted' Klawikowski

0 comments on commit 659a024

Please sign in to comment.