LOFLCAB


By Arris Huijgen - @bitsadmin

Living off the Foreign Land Cmdlets and Binaries

This project is for hackers, administrators and defenders.

The blog which introduces Living Off the Foreign Land can be found at the BITSADMIN blog.

If you want to contribute, check out contribution guide. The criteria list sets out what is defined as a LOFLCmdlet/Binary. More information on programmatically accesssing this project can be found on the API page.

Credits for web page front- and backend: LOLBAS / GTFOBins.
Types
 
Functions
 
Toolsets
 

Command Functions Type Toolset
AccessEnum.exe
Microsoft.ConfigurationManagement.exe
RDCMan.exe
ServerManager.exe
SmeDesktop.exe
Ssms.exe
TpmVscMgr.exe
WinAppDeployCmd.exe
adexplorer.exe
adrestore.exe
at.exe
csvde.exe
cusrmgr.exe
dcdiag.exe
devcon.exe
dfscmd.exe
dfsdiag.exe
dfsrdiag.exe
dfsutil.exe
djoin.exe
dnscmd.exe
driverquery.exe
dsac.exe
dsacls.exe
dsadd.exe
dsget.exe
dsmgmt.exe
dsmod.exe
dsmove.exe
dsquery.exe
dsrm.exe
eventcreate.exe
finger.exe
getmac.exe
gpfixup.exe
gpresult.exe
ldifde.exe
local.exe
logman.exe
logoff.exe
manage-bde.exe
mofcomp.exe
msg.exe
msinfo32.exe
msra.exe
mstsc.exe
ndkping.exe
net.exe
netdom.exe
netsh.exe
nlb.exe
nltest.exe
nslookup.exe
portqry.exe
printui.exe
psexec.exe
psfile.exe
psgetsid.exe
psinfo.exe
pskill.exe
pslist.exe
psloggedon.exe
psloglist.exe
pspasswd.exe
psping.exe
psservice.exe
psshutdown.exe
pssuspend.exe
qappsrv.exe
qprocess.exe
query.exe
quser.exe
qwinsta.exe
reg.exe
regedit.exe
regini.exe
rendom.exe
repadmin.exe
reset.exe
rpcdump.exe
rwinsta.exe
sc.exe
schtasks.exe
sdelete.exe
setspn.exe
setx.exe
shadow.exe
shutdown.exe
sqlcmd.exe
srvcheck.exe
srvinfo.exe
systeminfo.exe
takeown.exe
taskkill.exe
tasklist.exe
tsdiscon.exe
tskill.exe
typeperf.exe
uptime.exe
volrest.exe
w32tm.exe
waitfor.exe
winrs.exe
wmic.exe
Add-ADGroupMember
Add-DnsClientNrptRule
Add-EtwTraceProvider
Add-MpPreference
Add-NetEventPacketCaptureProvider
Add-NetNatExternalAddress
Add-NetNatStaticMapping
Backup-GPO
Clear-Disk
Clear-DnsClientCache
Clear-Eventlog
Close-SmbOpenFile
Close-SmbSession
Connect-WSMan
Copy-Item
Copy-VMFile
Disable-ADAccount
Disable-NetAdapter
Disable-NetFirewallRule
Dismount-DiskImage
Enable-ADAccount
Enable-NetFirewallRule
Enter-PSSession
Export-VM
Export-VMSnapshot
Find-NetRoute
Format-Volume
Get-ADComputer
Get-ADComputerServiceAccount
Get-ADDomain
Get-ADDomainController
Get-ADForest
Get-ADGroup
Get-ADGroupMember
Get-ADObject
Get-ADOrganizationalUnit
Get-ADReplicationSubnet
Get-ADTrust
Get-ADUser
Get-AppvVirtualProcess
Get-ChildItem
Get-CimAssociatedInstance
Get-CimClass
Get-CimInstance
Get-DfsnFolder
Get-DfsnFolderTarget
Get-DfsnRoot
Get-DfsnRootTarget
Get-DhcpServerAuditLog
Get-DhcpServerDatabase
Get-DhcpServerDnsCredential
Get-DhcpServerInDC
Get-DhcpServerSetting
Get-DhcpServerv4DnsSetting
Get-DhcpServerv4Filter
Get-DhcpServerv4FilterList
Get-DhcpServerv4Lease
Get-Disk
Get-DiskImage
Get-DnsClientCache
Get-DnsClientNrptRule
Get-DnsClientServerAddress
Get-DnsServer
Get-DnsServerCache
Get-DnsServerForwarder
Get-EtwTraceProvider
Get-EtwTraceSession
Get-FileShare
Get-GPO
Get-GPOReport
Get-GPPermission
Get-GPResultantSetOfPolicy
Get-GPStarterGPO
Get-HotFix
Get-MpComputerStatus
Get-MpPreference
Get-MpThreat
Get-MpThreatCatalog
Get-MpThreatDetection
Get-NetAdapter
Get-NetConnectionProfile
Get-NetEventSession
Get-NetFirewallRule
Get-NetIPAddress
Get-NetIPInterface
Get-NetNat
Get-NetNatExternalAddress
Get-NetNatGlobal
Get-NetNatSession
Get-NetNatStaticMapping
Get-NetNeighbor
Get-NetRoute
Get-NetTCPConnection
Get-NetUDPEndpoint
Get-NfsSession
Get-NfsShare
Get-OdbcDsn
Get-Partition
Get-PhysicalDisk
Get-Printer
Get-Process
Get-RemoteAccess
Get-ScheduledTask
Get-ScheduledTaskInfo
Get-Service
Get-SmbConnection
Get-SmbOpenFile
Get-SmbServerConfiguration
Get-SmbSession
Get-SmbShare
Get-VM
Get-VirtualDisk
Get-Volume
Get-VpnConnection
Get-WSManInstance
Get-WinEvent
Get-WindowsFeature
Install-WindowsFeature
Invoke-CimMethod
Invoke-Command
Invoke-WSManAction
Mount-DiskImage
Move-Item
New-ADComputer
New-ADGroup
New-ADObject
New-ADOrganizationalUnit
New-ADServiceAccount
New-ADUser
New-CimInstance
New-CimSession
New-EtwTraceSession
New-GPLink
New-GPO
New-NetEventSession
New-NetFirewallRule
New-NetNat
New-NetRoute
New-PSSession
New-ScheduledTask
New-SmbShare
New-VirtualDisk
New-VirtualDiskSnapshot
New-WSManInstance
Out-File
Publish-DscConfiguration
Register-CimIndicationEvent
Register-ScheduledTask
Remove-ADUser
Remove-DhcpServerv4Lease
Remove-FileShare
Remove-MpPreference
Remove-MpThreat
Remove-NetEventSession
Remove-NetNat
Remove-NetNatExternalAddress
Remove-NetNatStaticMapping
Remove-SmbShare
Remove-VirtualDisk
Rename-ADObject
Resolve-DnsName
Restart-Computer
Search-ADAccount
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword
Set-ADGroup
Set-ADObject
Set-ADServiceAccount
Set-ADUser
Set-CimInstance
Set-DhcpServerAuditLog
Set-MpPreference
Set-NetConnectionProfile
Set-NetFirewallProfile
Set-NetFirewallRule
Set-NetFirewallSetting
Set-NetNat
Set-NetNatGlobal
Set-NetRoute
Set-ScheduledTask
Set-WSManInstance
Show-DnsServerCache
Show-EventLog
Show-NetFirewallRule
Start-DscConfiguration
Start-NetEventSession
Start-ScheduledTask
Start-VM
Stop-Computer
Stop-EtwTraceSession
Stop-NetEventSession
Test-Connection
Test-NetConnection
Uninstall-WindowsFeature
Unlock-ADAccount
Unregister-ScheduledTask
Write-EventLog
AdRmsAdmin.msc
CluAdmin.msc
DevModeRunAsUserConfig.msc
Microsoft.IdentityServer.msc
RAMgmtUI.exe
SQLServerManager15.msc
SQLServerManager16.msc
WF.msc
WdsMgmt.msc
WmiMgmt.msc
adsiedit.msc
azman.msc
certlm.msc
certmgr.msc
certsrv.msc
certtmpl.msc
comexp.msc
compmgmt.msc
devmgmt.msc
dfsmgmt.msc
dhcpmgmt.msc
diskmgmt.msc
dnsmgmt.msc
domain.msc
dsa.msc
dssite.msc
eventvwr.msc
fsmgmt.msc
fsrm.msc
fxsadmin.msc
gpedit.msc
gpmc.msc
gpme.msc
gptedit.msc
iis.msc
iis6.msc
ipsecsnp.dll
ipsmsnap.dll
lsdiag.msc
lusrmgr.msc
nfsmgmt.msc
nps.msc
ocsp.msc
perfmon.msc
pkiview.msc
printmanagement.msc
remoteprograms.msc
rrasmgmt.msc
rsop.msc
schmmgmt.dll
secpol.msc
services.msc
tapimgmt.msc
taskschd.msc
tpm.msc
tsadmin.msc
tsconfig.msc
tsgateway.msc
virtmgmt.msc
wbadmin.msc
winsmgmt.msc
wsecedit.dll
wsus.msc
ospp.vbs
pubprn.vbs
slmgr.vbs
winrm.cmd
CIM_DataFile
CIM_Directory
CIM_LogicalFile
MSFT_DNSClientCache
MSFT_NetFirewallRule
StdRegProv
Win32_DfsNode
Win32_Environment
Win32_NTLogEvent
Win32_OperatingSystem
Win32_Process
Win32_Product
Win32_QuickFixEngineering
Win32_Service
Win32_ShadowCopy
Win32_SystemDriver
No matches…