Once injected, can be executed by using traditional commands like type, or start or be scripted inside typical scripting languages like bash or perl ecc. When launched it will appear to run as the original file – looking undetectable to process viewers like Windows Task Manager. Using this method, it is not only possible to hide a file, but to also hide the execution of an illegitimate process.
- C:\Users\lollo\Desktop>type C:\Windows\System32\calc.exe > secrets.txt:calc.exe
- C:\Users\lollo\Desktop>forfiles /P C:\Windows\System32 /m notepad.exe /c “C:\Users\lollo\Desktop\secrets.txt:calc.exe”
- Previous Post