LOLBAS icon indicating copy to clipboard operation
LOLBAS copied to clipboard

Published 20 hours ago verified publisher icon LOLBAS-Project

Create Wsdl.yml

Open teixeira0xfffff opened this issue 2 years ago • 5 comments

teixeira0xfffff avatar Jul 15 '23 12:07 teixeira0xfffff

wietze commented on Sep 2, 2022 Hey @teixeira0xfffff , could you provide some more detail on how this would work? How would you specify the file that is to be uploaded? Or does it simply reach out to the URL, and data can be smuggled in the URL itself?

Data can be smuggled in the URL itself like my las submission https://lolbas-project.github.io/lolbas/Binaries/DataSvcUtil/

teixeira0xfffff avatar Jul 15 '23 12:07 teixeira0xfffff

I can confirm it works as expected - it connects to the specified URL, which could contain (obfuscated) data one wishes to exfiltrate.

image

That being said, this would mean any executable that is able to make an HTTP request to a user-configurable location would quality for this kind of upload/exfiltration kind of use case. That would imply that every LOLBAS entry with 'download' functionality currently in the project automatically has 'upload' functionality.

Therefore, before merging, it'd be good to get a second opinion @LOLBAS-Project/lolbas-team - depending on the decision, we may have to re-evaulate DataSvcUtil too.

wietze avatar Aug 05 '23 18:08 wietze

one more https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/

teixeira0xfffff avatar Aug 07 '23 10:08 teixeira0xfffff

recente usage of my discovery https://thehackernews.com/2023/08/lolbas-in-wild-11-living-off-land.html

teixeira0xfffff avatar Aug 08 '23 10:08 teixeira0xfffff

this pr apply to all selected features: image

teixeira0xfffff avatar Feb 06 '24 12:02 teixeira0xfffff