cd ../$RANDOM

Simple Trick For Red Teams

1 minute read

If you have an unsigned binary, which requires administrator privileges, when a target runs the binary following window will show up:

unsigned_binary

The window’s header is yellow, which means the binary is not signed, also in the current example, a publisher is unknown.

There is a way to request administrator privileges a bit more convincing way, execute cmd.exe with elevated privileges and run your binary from the cmd.exe process.

Code:

With this approach, the window is blue (binary is signed) and also publisher is Microsoft, it’s more likely that the target will approve the request:

signed_cmd

Twitter: @_qaz_qaz