Giters

api0cradle / LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add regini, nltest, schtasks, at, rpcping

fsacer opened this issue · comments

commented

Awesome. Thanks for sharing. Do you got any examples on the AT command?
NLtest, Rpcping and regini should be pushed to the repo already.

commented

I think that including binaries that can leak hashes is worthless as said here https://twitter.com/ryHanson/status/988416900764860417, should have realized that earlier. It's probably worth to reconsider if those bins should be included at all.

The example for at.exe is:

net time \\host
at \\host HH:MM c:\windows\temp\foobar.exe

(https://gist.github.com/infosecn1nja/23095d85c7c306b2c55c9da6abe6bdbd, https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf)

commented

It turns out at doesn't really work on Windows 10, even though the binary is there. It should still work on Windows 7 (https://blogs.technet.microsoft.com/supportingwindows/2013/07/05/whats-new-in-task-scheduler-for-windows-8-server-2012/), so the use is a bit limited.

commented

Looking at https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf the one binary that is really unique is psr.exe which allows you to effectivelly spy on user making repeated screenshots.

Screenshots with Problem Step Recorder
– Start the recorder
psr.exe /start /gui 0 /output c:\users\user\out.zip
– Stop the recorder
psr.exe /stop
• How to run in user’s desktop session?
schtasks /IT /RU DOMAIN\user /RP password

commented

The PSR.exe is a cool one, seen that one before and forgot about it. I will do some more research on the AT command before I add it. Thanks again.

commented

Psr.exe is now added. Thanks for sharing info with me.

commented

@api0cradle what about schtasks and at? I think it would be useful to add schtasks for quick reference, adding at might be for completeness reasons but it should be noted that it works up to Windows 7.