{"id":7214,"date":"2020-05-23T14:33:27","date_gmt":"2020-05-23T14:33:27","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=7214"},"modified":"2020-05-23T14:35:21","modified_gmt":"2020-05-23T14:35:21","slug":"lolbin-wow-ltd","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2020\/05\/23\/lolbin-wow-ltd\/","title":{"rendered":"Lolbin WOW Ltd"},"content":{"rendered":"\n<p>It turns out there is one more lolbin one can create that is subject to constrains described <a href=\"https:\/\/www.hexacorn.com\/blog\/2020\/05\/23\/lolbin-ltd\/\">previously<\/a>. And not only that &#8212; there is one more extra limitation in this case: only the 32-bit version of this executable exhibits lolbin properties.<\/p>\n\n\n\n<p>When you run 64-bit msra.exe on a 64-bit system, it just starts as it should. But if you run a 32-bit version, it will detect that it runs on a 64-bit system and will immediately launch the 64-bit version. So, same as in the previous example, we just change the windir to our own path, and c:\\test\\system32\\msra.exe will be executed. Note that we enforce the 32-bit msra.exe to be ran by using a full path pointing to SysWOW64 directory:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">set windir=c:\\test &amp; c:\\windows\\syswow64\\msra.exe<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>It turns out there is one more lolbin one can create that is subject to constrains described previously. And not only that &#8212; there is one more extra limitation in this case: only the 32-bit version of this executable exhibits &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2020\/05\/23\/lolbin-wow-ltd\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[56,64],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/7214"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=7214"}],"version-history":[{"count":2,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/7214\/revisions"}],"predecessor-version":[{"id":7216,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/7214\/revisions\/7216"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=7214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=7214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=7214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}