public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity
64 Commits 4 Branches 0 Tags
d6fe95fe98fe81fd709180ed4dd587a2d15cd6b7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
xenoscr d6fe95fe98 Adding Microsoft.Workflow.Compiler.exe and payload examples.
2018-10-24 22:48:45 -04:00
Logo
Initial commit - LOLBAS V2.0
2018-06-09 00:15:06 +02:00
Mgmt-Scripts
Update scripts with new template. Fixed mgmt script for webportal. Adjustments to existing yml files
2018-09-26 11:41:58 +02:00
OSBinaries
Adding Microsoft.Workflow.Compiler.exe and payload examples.
2018-10-24 22:48:45 -04:00
OSLibraries
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00
OSScripts
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00
OtherBinaries
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00
OtherMSBinaries
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00
OtherScripts
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00
yml
Adding Microsoft.Workflow.Compiler.exe and payload examples.
2018-10-24 22:48:45 -04:00
Backlog.txt
Initial commit - LOLBAS V2.0
2018-06-09 00:15:06 +02:00
CONTRIBUTING.md
First stab at CONTRIBUTING. Addresses #3.
2018-10-03 20:33:14 -06:00
LOLBins.md
Adjustments
2018-09-14 15:54:20 +02:00
LOLLibs.md
Adjustments
2018-09-14 15:54:20 +02:00
LOLScripts.md
Adjustments
2018-09-14 15:54:20 +02:00
Projectnotes.md
Added Projectnotes
2018-06-12 08:26:24 +02:00
README.md
Updated readme.md to include information on contributing.
2018-10-23 19:40:18 -04:00
YML-Template.yml
Update YML-Template.yml
2018-09-18 16:32:50 +02:00

README.md

Living Off The Land Binaries and Scripts (and now also Libraries)

There are currently three different lists:

The above files can be found behind a fancy frontend here: https://lolbas-project.github.io (thanks @ConsciousHacker for this bit of eyecandy and the team over at https://gtfobins.github.io/).

Goal

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Criteria

A LOLBin/Lib/Script must:

  • Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
  • Have extra "unexpected" functionality. It is not interesting to document intended use cases.
    • Exceptions are application whitelisting bypasses
  • Have functionality that would be useful to an APT or red team

Interesting functionality can include:

  • Executing code
    • Arbitrary code execution
    • Pass-through execution of other programs (unsigned) or scripts (via a LOLBin)
  • Compiling code
  • File operations
    • Downloading
    • Upload
    • Copy
  • Persistence
    • Pass-through persistence utilizing existing LOLBin
    • Persistence (e.g. hide data in ADS, execute at logon)
  • UAC bypass
  • Credential theft
  • Dumping process memory
  • Surveillance (e.g. keylogger, network trace)
  • Log evasion/modification
  • DLL side-loading/hijacking without being relocated elsewhere in the filesystem.

Contributing

If you have found a new LOLBin or LOLScript that you would like to contribute, please review the contributing guidelines located here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/CONTRIBUTING.md

A template for the required format has been provided here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/YML-Template.yml

The History of the LOLBin

The phrase "Living off the land" was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The term LOLBins came from a Twitter discussion on what to call binaries that can be used by an attacker to perform actions beyond their original purpose. Philip Goh (@MathCasualty) proposed LOLBins. A highly scientific internet poll ensued, and after a general consensus (69%) was reached, the name was made official. Jimmy (@bohops) followed up with LOLScripts. No poll was taken.

Common hashtags for these files are:

  • #LOLBin
  • #LOLBins
  • #LOLScript
  • #LOLScripts
  • #LOLLib
  • #LOLLibs

Thanks

As with many open-source projects, this one is the product of a community and we would like to thank ours:

  • The domain http://lolbins.com has been registered by an unknown individual and redirected it to this project.
  • The domain http://lolbas-project.com has been registered by Jimmy (@bohops).
  • The logos for the project were created by Adam Nadrowski (@_sup_mane). We #@&!!@#! love them.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme GPL-3.0 13 MiB
Languages
XSLT 100%