Sitting on the Lolbins, 1

August 19, 2019 in Anti-Forensics, Living off the land, LOLBins, Reusigned Binaries

I recently mentioned that I am sitting on quite a few lolbins, and was asked to share, so here’s the first batch – at least 6 of them 🙂

c:\Program Files\HP\<model>\
\Bin\<model>.exe
\Bin\HPCustParticUI.exe
\Bin\hpqDTSS.exe
\Bin\InstanceFinderDlg.exe
\Bin\ScanToPCActivationApp.exe
\Bin\Toolbox.exe

where <model> means the actual HP printer model e.g. HP OfficeJet Pro 8710:

c:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HP OfficeJet Pro 8710.exe

All of them take a nice command line argument -uiDll, e.g.:

Toolbox.exe -uiDll c:\Test\test.dll

This loads and executes your DLL of choice 🙂

Notably, there are a few more executables in the same directory that can be used for this purpose:

\Bin\DigitalWizards.exe
\Bin\FaxApplications.exe
\Bin\HPRewards.exe

but they require additional command line arguments that I have not figured out yet.

Share this :)

Comments are closed.