public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-25 22:39:27 +01:00
Code Issues Projects Releases Wiki Activity

extrac32-more

Browse Source
This commit is contained in:
Tim Abdiukov 100 2024-08-10 07:50:52 +10:00
parent 74ffaa534f
commit 5b13dd7a86
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
yml/OSBinaries/Extrac32.yml
View File

@ -22,6 +22,15 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Type: Compression
- Command: copy /b extrac32.exe+files.cab files.exe
Description: Creates an Alternate Data Stream (ADS) of SFX CAB file that extracts files in the original CAB file on execution.
Usecase: Store data in an EXE that cab file and hide it in an alternate data stream. Move file contents.
Category: ADS
Privileges: User
MitreID: T1564.004
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Type: Compression
- Command: extrac32 /Y /C \\webdavserver\share\test.txt C:\folder\test.txt
Description: Copy the source file to the destination file and overwrite it.
Usecase: Download file from UNC/WEBDav
@ -49,6 +58,7 @@ Resources:
- Link: https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
- Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
- Link: https://twitter.com/egre55/status/985994639202283520
- Link: https://www.autoitscript.com/forum/topic/11330-extract-zip-folder/
Acknowledgement:
- Person: egre55
Handle: '@egre55'