mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-26 14:59:03 +01:00
Remove/fix unnecessary Categories field
This commit is contained in:
parent
5ec4de562b
commit
fc223eb3d8
@ -3,7 +3,6 @@ Name: Explorer.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: explorer.exe calc.exe
|
- Command: explorer.exe calc.exe
|
||||||
Description: 'Executes calc.exe as a subprocess of explorer.exe.'
|
Description: 'Executes calc.exe as a subprocess of explorer.exe.'
|
||||||
|
@ -3,7 +3,6 @@ Name: Netsh.exe
|
|||||||
Description: Execute, Surveillance
|
Description: Execute, Surveillance
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: |
|
- Command: |
|
||||||
netsh.exe trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl IPv4.Address=!(<IPofRemoteFileShare>)
|
netsh.exe trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl IPv4.Address=!(<IPofRemoteFileShare>)
|
||||||
|
@ -3,7 +3,6 @@ Name: Nltest.exe
|
|||||||
Description: Credentials
|
Description: Credentials
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: nltest.exe /SERVER:192.168.1.10 /QUERY
|
- Command: nltest.exe /SERVER:192.168.1.10 /QUERY
|
||||||
Description: ''
|
Description: ''
|
||||||
|
@ -3,7 +3,6 @@ Name: Openwith.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: OpenWith.exe /c C:\test.hta
|
- Command: OpenWith.exe /c C:\test.hta
|
||||||
Description: Opens the target file with the default application.
|
Description: Opens the target file with the default application.
|
||||||
|
@ -3,7 +3,6 @@ Name: Powershell.exe
|
|||||||
Description: Execute, Read ADS
|
Description: Execute, Read ADS
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: powershell -ep bypass - < c:\temp:ttt
|
- Command: powershell -ep bypass - < c:\temp:ttt
|
||||||
Description: Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS).
|
Description: Execute the encoded PowerShell command stored in an Alternate Data Stream (ADS).
|
||||||
|
@ -3,7 +3,6 @@ Name: Psr.exe
|
|||||||
Description: Surveillance
|
Description: Surveillance
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: psr.exe /start /gui 0 /output c:\users\user\out.zip
|
- Command: psr.exe /start /gui 0 /output c:\users\user\out.zip
|
||||||
Description: Capture screenshots of the desktop and save them in the target .ZIP file.
|
Description: Capture screenshots of the desktop and save them in the target .ZIP file.
|
||||||
|
@ -3,7 +3,6 @@ Name: Robocopy.exe
|
|||||||
Description: Copy
|
Description: Copy
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Robocopy.exe C:\SourceFolder C:\DestFolder
|
- Command: Robocopy.exe C:\SourceFolder C:\DestFolder
|
||||||
Description: Copy the entire contents of the SourceFolder to the DestFolder.
|
Description: Copy the entire contents of the SourceFolder to the DestFolder.
|
||||||
|
@ -3,7 +3,6 @@ Name: AcroRd32.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
|
- Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
|
||||||
Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
|
Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
|
||||||
|
@ -3,7 +3,6 @@ Name: Gpup.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe
|
- Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe
|
||||||
Description: Execute another command through gpup.exe (Notepad++ binary).
|
Description: Execute another command through gpup.exe (Notepad++ binary).
|
||||||
|
@ -3,7 +3,6 @@ Name: Nlnotes.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
- Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
||||||
Description: Run PowerShell via LotusNotes.
|
Description: Run PowerShell via LotusNotes.
|
||||||
|
@ -3,7 +3,6 @@ Name: Notes.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
- Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
|
||||||
Description: Run PowerShell via LotusNotes.
|
Description: Run PowerShell via LotusNotes.
|
||||||
|
@ -3,7 +3,6 @@ Name: Nvudisp.exe
|
|||||||
Description: Execute, Copy, Add registry, Create shortcut, kill process
|
Description: Execute, Copy, Add registry, Create shortcut, kill process
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Nvudisp.exe System calc.exe
|
- Command: Nvudisp.exe System calc.exe
|
||||||
Description: Execute calc.exe as a subprocess.
|
Description: Execute calc.exe as a subprocess.
|
||||||
|
@ -3,7 +3,6 @@ Name: Nvuhda6.exe
|
|||||||
Description: Execute, Copy, Add registry, Create shortcut, kill process
|
Description: Execute, Copy, Add registry, Create shortcut, kill process
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: nvuhda6.exe System calc.exe
|
- Command: nvuhda6.exe System calc.exe
|
||||||
Description: Execute calc.exe as a subprocess.
|
Description: Execute calc.exe as a subprocess.
|
||||||
|
@ -3,7 +3,6 @@ Name: ROCCAT_Swarm.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe
|
- Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe
|
||||||
Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe
|
Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe
|
||||||
|
@ -3,7 +3,6 @@ Name: Setup.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Run Setup.exe
|
- Command: Run Setup.exe
|
||||||
Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload.
|
Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload.
|
||||||
|
@ -3,7 +3,6 @@ Name: Usbinst.exe
|
|||||||
Description: Execute
|
Description: Execute
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf"
|
- Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf"
|
||||||
Description: Execute calc.exe through DefaultInstall Section Directive in INF file.
|
Description: Execute calc.exe through DefaultInstall Section Directive in INF file.
|
||||||
|
@ -3,7 +3,6 @@ Name: VBoxDrvInst.exe
|
|||||||
Description: Persistence
|
Description: Persistence
|
||||||
Author: ''
|
Author: ''
|
||||||
Created: 2018-05-25
|
Created: 2018-05-25
|
||||||
Categories: []
|
|
||||||
Commands:
|
Commands:
|
||||||
- Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf
|
- Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf
|
||||||
Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe
|
Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe
|
||||||
|
@ -6,14 +6,14 @@ Created: 2018-05-25
|
|||||||
Commands:
|
Commands:
|
||||||
- Command: cscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
|
- Command: cscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
|
||||||
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
|
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
|
||||||
Categories: Execution
|
Category: Execution
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1064
|
MitreID: T1064
|
||||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
|
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
|
||||||
OperatingSystem: Windows
|
OperatingSystem: Windows
|
||||||
- Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
|
- Command: wscript testxlst.js C:\test\test.xml c:\test\test.xls c:\test\test.out
|
||||||
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
|
Description: Test Jscript included in Python tool to perform XSL transform (for payload execution).
|
||||||
Categories: Execution
|
Category: Execution
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1064
|
MitreID: T1064
|
||||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
|
MitreLink: https://attack.mitre.org/wiki/Technique/T1064
|
||||||
|
Loading…
Reference in New Issue
Block a user