Last active
April 23, 2025 13:52
-
-
Save api0cradle/563226464376d40e191ce53abcf9c4d0 to your computer and use it in GitHub Desktop.
Revisions
-
api0cradle revised this gist
Sep 28, 2018 . 1 changed file with 0 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,9 +25,5 @@ Drop and execute == Just copy the binary into the folder and execute it. | C:\Windows\SysWOW64\com\dmp | Hardlink fsutil/mklink | W | | C:\Windows\SysWOW64\Tasks\Microsoft\Windows\SyncCenter | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\System | Drop and execute | RW | -
Sep 5, 2018 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,3 @@ c:\Windows\ccm\inventory\noidmifs\ c:\Windows\ccm\logs\ c:\Windows\ccm\systemtemp\appvtempdata\appvcommandoutput -
Aug 31, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ Create folder - Add ADS stream and execute == mkdir a folder in the path, do type evil.exe > newfolderinpath:evil.exe and wmic process call create 'newfolderinpath:evil.exe' Take ownership - Add all rights - Drop and execute == Take ownership of folder, add all NTFS rights to your current user (icacls <folder> /grant:r Everyone:(OI)(CI)F /T) and then place binary file inside folder and execute. Hardlink fsutil/mklink == Place evil.exe in user controlled folder (c:\myfolder) where you have execute rights. Do: fsutil hardlink create Folder\run.exe c:\myfolder\evil.exe. Execute run.exe. mklink /H folder\run.exe c:\myfolder\evil.exe works also... -
Aug 30, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,6 +10,7 @@ Drop and execute == Just copy the binary into the folder and execute it. | Folder | Bypass | Access | | --------- | :-------: | -------: | | C:\Windows\Tasks | Drop and execute | RW | | C:\Windows\Temp | Drop and execute | RW | | C:\Windows\tracing | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\Registration\CRMLog | Hardlink fsutil/mklink | RW | -
Aug 30, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,7 +14,7 @@ Drop and execute == Just copy the binary into the folder and execute it. | C:\Windows\tracing | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\Registration\CRMLog | Hardlink fsutil/mklink | RW | | C:\Windows\System32\FxsTmp | Hardlink fsutil/mklink | RW | | C:\Windows\System32\com\dmp | Hardlink fsutil/mklink | W | | C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys | Drop and execute | RW | | C:\Windows\System32\spool\PRINTERS | Hardlink fsutil/mklink | W | | C:\Windows\System32\spool\SERVERS | Hardlink fsutil/mklink | W | -
Aug 30, 2018 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,11 @@ Create folder - Add ADS stream and execute == mkdir a folder in the path, do type evil.exe > newfolderinpath:evil.exe and wmic process call create 'newfolderinpath:evil.exe' Take ownership - Add all rights - Drop and execute == Take ownership of folder, add all NTFS rights to your current user and then place binary file inside folder and execute. Hardlink fsutil/mklink == Place evil.exe in user controlled folder (c:\myfolder) where you have execute rights. Do: fsutil hardlink create Folder\run.exe c:\myfolder\evil.exe. Execute run.exe. mklink /H folder\run.exe c:\myfolder\evil.exe works also... Drop and execute == Just copy the binary into the folder and execute it. | Folder | Bypass | Access | -
Aug 30, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,28 @@ Create folder - Add ADS stream and execute == mkdir a folder in the path, do type evil.exe > newfolderinpath:evil.exe and wmic process call create 'newfolderinpath:evil.exe' Take ownership - Add all rights - Drop and execute == Take ownership of folder, add all NTFS rights to your current user and then place binary file inside folder and execute. Hardlink fsutil/mklink == Place evil.exe in user controlled folder (c:\myfolder) where you have execute rights. Do: fsutil hardlink create Folder\run.exe c:\myfolder\evil.exe. Execute run.exe. mklink /H folder\run.exe c:\myfolder\evil.exe works also... Drop and execute == Just copy the binary into the folder and execute it. | Folder | Bypass | Access | | --------- | :-------: | -------: | | C:\Windows\Temp | Drop and execute | RW | | C:\Windows\tracing | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\Registration\CRMLog | Hardlink fsutil/mklink | RW | | C:\Windows\System32\FxsTmp | Hardlink fsutil/mklink | RW | | C:\Windows\System32\com\dmp | Hardlink fsutil/mklink | RW | | C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys | Drop and execute | RW | | C:\Windows\System32\spool\PRINTERS | Hardlink fsutil/mklink | W | | C:\Windows\System32\spool\SERVERS | Hardlink fsutil/mklink | W | | C:\Windows\System32\spool\drivers\color | Drop and execute | RW | | C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\SysWOW64\FxsTmp | Hardlink fsutil/mklink | RW | | C:\Windows\SysWOW64\com\dmp | Hardlink fsutil/mklink | W | | C:\Windows\SysWOW64\Tasks\Microsoft\Windows\SyncCenter | Create folder - Add ADS stream and execute OR Create new folder - Take ownership - Add all rights - Drop and execute | RW | | C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\System | Drop and execute | RW | | C:\Windows\Temp\DiagTrack_alternativeTrace | Drop and execute | RW | | C:\Windows\Temp\DiagTrack_aot | Drop and execute | RW | | C:\Windows\Temp\DiagTrack_diag | Drop and execute | RW | | C:\Windows\Temp\DiagTrack_miniTrace | Drop and execute | RW |