Sitting on the Lolbins, 1

August 19, 2019 in Anti-Forensics, Living off the land, LOLBins, Reusigned Binaries

I recently mentioned that I am sitting on quite a few lolbins, and was asked to share, so here’s the first batch – at least 6 of them 🙂

c:\Program Files\HP\<model>\

where <model> means the actual HP printer model e.g. HP OfficeJet Pro 8710:

c:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HP OfficeJet Pro 8710.exe

All of them take a nice command line argument -uiDll, e.g.:

Toolbox.exe -uiDll c:\Test\test.dll

This loads and executes your DLL of choice 🙂

Notably, there are a few more executables in the same directory that can be used for this purpose:


but they require additional command line arguments that I have not figured out yet.

Comments are closed.