LOLBAS icon indicating copy to clipboard operation
LOLBAS copied to clipboard

Published 20 hours ago verified publisher icon LOLBAS-Project

Update Tar.yml

Open Avesta-FA opened this issue 1 year ago • 7 comments

Hello I wanted to make this but then I saw it was already made so I added some updates to it hope it helps

Avesta-FA avatar Jul 12 '23 19:07 Avesta-FA

I can also change the file example to a file with zip or office extension as its important and not mentioned that tar can do this on windows.

Avesta-FA avatar Jul 13 '23 15:07 Avesta-FA

The reason I want this to be added is because I have seen malware being delivered via MS docs and the Macro calls tar to extract the tools inside the file it self by unzipping it and then running it

Avesta-FA avatar Aug 07 '23 12:08 Avesta-FA

@Avesta-FA, @wietze and @LOLBAS-Project/lolbas-team this one may be useful if it's changed to an ADS ability. Compressing and extracting files isn't special on it's own but the ability to do that with ADS is. I have tested this on Win 10 22H2.

My recommendation would be to change this up to an ADS ability and proceed if others agree to merge.

xenoscr avatar Oct 04 '23 04:10 xenoscr

That's also nice, the top section aside I would really appreciate if everyone could also use lines 28-34 because the documents do not tell you that tar on windows also can handle zip files.

Avesta-FA avatar Oct 04 '23 07:10 Avesta-FA

My recommendation would be to change this up to an ADS ability and proceed if others agree to merge.

Sounds good @xenoscr, I agree with your assessment.

wietze avatar Oct 04 '23 10:10 wietze

Agree with your assessment as well @xenoscr

api0cradle avatar Nov 06 '23 13:11 api0cradle

Hello Folks, @api0cradle @wietze

Sorry for the delay, I made the changes to show it can be used for zip files and office documents and it can be used for alternative data streams

Avesta-FA avatar Jan 17 '24 09:01 Avesta-FA