Tag

Appcmd

3 briefs RSS

IIS AppCmd Tool Used to Dump Service Account Credentials

Attackers with access to IIS web servers may use the AppCmd command-line tool to dump sensitive configuration data, including application pool credentials, potentially leading to lateral movement and privilege escalation.

IIS credential-access appcmd windows

2r 2t Jan 9, 2024

medium advisory

IIS HTTP Logging Disabled via AppCmd.exe

2 rules 2 TTPs

Detection of adversaries disabling HTTP logging on IIS servers using AppCmd.exe, potentially evading detection by removing evidence of their actions.

IIS +3 httplogging appcmd defense-evasion persistence windows

2r 2t Jan 3, 2024

medium advisory

Microsoft IIS Service Account Password Dump via AppCmd

2 rules 2 TTPs

An attacker with IIS web server access via a web shell can extract service account passwords by requesting full configuration output or targeting credential-related fields using the AppCmd tool.

IIS credential-access appcmd windows

2r 2t Jan 2, 2024