commit
c5aa721d7e
|
@ -91,6 +91,8 @@ If you are missing from the acknowledgement, please let me know (I did not forge
|
||||||
|
|
||||||
|
|
||||||
# OTHER NON MICROSOFT BINARIES
|
# OTHER NON MICROSOFT BINARIES
|
||||||
|
[AcroRd32.exe](OtherBinaries/AcroRd32.md)
|
||||||
|
[Gpup.exe](OtherBinaries/Gpup.md)
|
||||||
[Nlnotes.exe](OtherBinaries/Nlnotes.md)
|
[Nlnotes.exe](OtherBinaries/Nlnotes.md)
|
||||||
[Notes.exe](OtherBinaries/Notes.md)
|
[Notes.exe](OtherBinaries/Notes.md)
|
||||||
[Nvuhda6.exe](OtherBinaries/Nvuhda6.md)
|
[Nvuhda6.exe](OtherBinaries/Nvuhda6.md)
|
||||||
|
|
|
@ -7,6 +7,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
|
||||||
[Advpack.dll](OSLibraries/Advpack.md)
|
[Advpack.dll](OSLibraries/Advpack.md)
|
||||||
[Ieadvpack.dll](OSLibraries/Ieadvpack.md)
|
[Ieadvpack.dll](OSLibraries/Ieadvpack.md)
|
||||||
[Ieframe.dll](OSLibraries/Ieframe.md)
|
[Ieframe.dll](OSLibraries/Ieframe.md)
|
||||||
|
[Mshtml.dll](OSLibraries/Mshtml.md)
|
||||||
[Pcwutl.dll](OSLibraries/Pcwutl.md)
|
[Pcwutl.dll](OSLibraries/Pcwutl.md)
|
||||||
[Shdocvw.dll](OSLibraries/Shdocvw.md)
|
[Shdocvw.dll](OSLibraries/Shdocvw.md)
|
||||||
[Zipfldr.dll](OSLibraries/Zipfldr.md)
|
[Zipfldr.dll](OSLibraries/Zipfldr.md)
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
## Mshtml.dll
|
||||||
|
|
||||||
|
* Functions: Execute
|
||||||
|
|
||||||
|
```
|
||||||
|
rundll32.exe Mshtml.dll,PrintHTML "C:\temp\calc.hta"
|
||||||
|
```
|
||||||
|
|
||||||
|
Acknowledgements:
|
||||||
|
* Pierre-Alexandre Braeken - @pabraeken
|
||||||
|
|
||||||
|
Code sample (calc.hta):
|
||||||
|
```
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>LOLBin</title>
|
||||||
|
<script language="VBScript">
|
||||||
|
Sub RunProgram
|
||||||
|
Set objShell = CreateObject("Wscript.Shell")
|
||||||
|
objShell.Run "c:\windows\system32\calc.exe"
|
||||||
|
Self.Close
|
||||||
|
End Sub
|
||||||
|
</script>
|
||||||
|
</head>
|
||||||
|
<body onload="RunProgram">
|
||||||
|
<h1>LOLBin</h1>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
```
|
||||||
|
|
||||||
|
Resources:
|
||||||
|
* https://twitter.com/pabraeken/status/998567549670477824
|
||||||
|
|
||||||
|
Full path:
|
||||||
|
```
|
||||||
|
c:\windows\system32\Mshtml.dll
|
||||||
|
c:\windows\sysWOW64\Mshtml.dll
|
||||||
|
```
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
|
||||||
|
|
||||||
|
Detection:
|
|
@ -0,0 +1,27 @@
|
||||||
|
## AcroRd32.exe
|
||||||
|
|
||||||
|
* Prerequisites
|
||||||
|
|
||||||
|
```
|
||||||
|
Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
|
||||||
|
```
|
||||||
|
|
||||||
|
* Functions: Execute
|
||||||
|
|
||||||
|
```
|
||||||
|
Run AcroRd32.exe
|
||||||
|
```
|
||||||
|
|
||||||
|
Acknowledgements:
|
||||||
|
* Pierre-Alexandre Braeken - @pabraeken
|
||||||
|
|
||||||
|
Code sample:
|
||||||
|
*
|
||||||
|
|
||||||
|
Resources:
|
||||||
|
* https://twitter.com/pabraeken/status/997997818362155008
|
||||||
|
|
||||||
|
Full path:
|
||||||
|
```
|
||||||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
|
||||||
|
```
|
|
@ -0,0 +1,29 @@
|
||||||
|
## Gpup.exe
|
||||||
|
|
||||||
|
* Functions: Execute
|
||||||
|
|
||||||
|
```
|
||||||
|
Gpup.exe -w whatever -e c:\Windows\System32\calc.exe
|
||||||
|
```
|
||||||
|
|
||||||
|
Acknowledgements:
|
||||||
|
* Pierre-Alexandre Braeken - @pabraeken
|
||||||
|
|
||||||
|
Code sample:
|
||||||
|
*
|
||||||
|
|
||||||
|
Resources:
|
||||||
|
* https://twitter.com/pabraeken/status/997892519827558400
|
||||||
|
|
||||||
|
|
||||||
|
Full path:
|
||||||
|
```
|
||||||
|
C:\Program Files (x86)\Notepad++\updater\gpup.exe
|
||||||
|
```
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
Used by Notepad++
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue