From dea250c7547e091a34eb9e8c77068a3a93ec7141 Mon Sep 17 00:00:00 2001 From: api0cradle Date: Fri, 20 Apr 2018 15:31:50 +0200 Subject: [PATCH] Added and adjusted --- .gitignore | 1 + Contribute.md | 2 +- LOLBins.md | 1 + OSBinaries/Findstr.md | 4 +++- OSBinaries/Odbcconf.md | 8 ++++++-- OSBinaries/Robocopy.md | 28 ++++++++++++++++++++++++++++ notes.txt | 1 + 7 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 .gitignore create mode 100644 OSBinaries/Robocopy.md create mode 100644 notes.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d53de09 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +"notes.txt" diff --git a/Contribute.md b/Contribute.md index 25d12c0..45c2710 100644 --- a/Contribute.md +++ b/Contribute.md @@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you. ## Binary.exe -* Functions: Execute +* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search ``` Example diff --git a/LOLBins.md b/LOLBins.md index a18cb38..3121a54 100644 --- a/LOLBins.md +++ b/LOLBins.md @@ -40,6 +40,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge [Regasm.exe](OSBinaries/Regasm.md) [Regsvcs.exe](OSBinaries/Regsvcs.md) [Regsvr32.exe](OSBinaries/Regsvr32.md) +[Robocopy.exe](OSBinaries/Robocopy.md) [Replace.exe](OSBinaries/Replace.md) [Rundll32.exe](OSBinaries/Rundll32.md) [Runscripthelper.exe](OSBinaries/Runscripthelper.md) diff --git a/OSBinaries/Findstr.md b/OSBinaries/Findstr.md index 73c65fc..f15771e 100644 --- a/OSBinaries/Findstr.md +++ b/OSBinaries/Findstr.md @@ -1,11 +1,13 @@ ## Findstr.exe -* Functions: Add ADS +* Functions: Add ADS, Search ``` findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe + +findstr /S /I cpassword \\\sysvol\\policies\*.xml ``` Acknowledgements: diff --git a/OSBinaries/Odbcconf.md b/OSBinaries/Odbcconf.md index f654721..3d4876d 100644 --- a/OSBinaries/Odbcconf.md +++ b/OSBinaries/Odbcconf.md @@ -16,6 +16,7 @@ Code sample: Resources: * https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b * https://github.com/woanware/application-restriction-bypasses +* https://twitter.com/subTee/status/789459826367606784 Full path: ``` @@ -24,6 +25,9 @@ c:\windows\sysWOW64\odbcconf.exe ``` Notes: -Samples can be found in the resources. - +Text from @subtee tweet: +``` +Loads Dll from path in my.rsp. +Hide from command line auditing watching for regsvr32 +``` diff --git a/OSBinaries/Robocopy.md b/OSBinaries/Robocopy.md new file mode 100644 index 0000000..879c64b --- /dev/null +++ b/OSBinaries/Robocopy.md @@ -0,0 +1,28 @@ +## Robocopy.exe + +* Functions: Copy + +``` +Robocopy.exe - Needs example +``` + +Acknowledgements: +* Name of guy - @twitterhandle + +Code sample: +* [NameOfLink](Payload/NameOfPayload) + +Resources: +* https://linktosomethingusefull.com + +Full path: +``` +c:\windows\system32\binary.exe +c:\windows\sysWOW64\binary.exe +``` + +Notes: +Some specific details about the binary file. + + + diff --git a/notes.txt b/notes.txt new file mode 100644 index 0000000..30d74d2 --- /dev/null +++ b/notes.txt @@ -0,0 +1 @@ +test \ No newline at end of file