msdt.exe issues

[nemesis7331]

Hi,

I'm trying to reproduce msdt.exe execution but I'm unable to :\

First issue was with the xml file, on my pc only the UTF-8 is accepted, the utf-16 doesn't, working version below:

<?xml version="1.0" encoding="UTF-8"?>
<Answers Version="1.0">
	<Interaction ID="IT_LaunchMethod">
		<Value>ContextMenu</Value>
	</Interaction>
	<Interaction ID="IT_SelectProgram">
		<Value>NotListed</Value>
	</Interaction>
	<Interaction ID="IT_BrowseForFile">
		<Value>C:\poc.exe</Value>
	</Interaction>
</Answers>

Even after changing the xml the executable is not run automatically but requires additional user interaction, is it the correct behavior?

I'm running windows 10.0.18363 Build 18363

Thanks and keep rocking!

[bohops]

Hello,

Have you tried crafting a MSI package payload (e.g. C:\path\to\poc.msi). If so, does that work?

[wietze]

With a .exe file, i got this:

I could not get the .exe to execute.

With a .msi file, i got this:

I was able to get the .msi to run by clicking Test the program button.

This seems to match the behaviour as described by @pabraeken: https://twitter.com/pabraeken/status/991335019833708544 (different command but targeting the same back end)

To answer your main question, yes, this seems to be a GUI-based LOLBAS, meaning you cannot let msdt.exe execute arbitrary .msi files without user interaction.

[wietze]

FWIW, msdt has been tagged as a GUI-based LOLBAS now.