.. / Functions
Star

A binary may support one or more of the following functions:

Execute

The LOLBAS can achieve abritrary code execution.

Download

The LOLBAS can download files.

Upload

The LOLBAS can upload files.

Encode

The LOLBAS can encode files.

Decode

The LOLBAS can decode files.

Alternate data streams

The LOLBAS can write or read alternate data streams.

Copy

The LOLBAS can copy file.

Credentials

The LOLBAS can view credentials file.

Compile

The LOLBAS can compile code.

AWL bypass

The LOLBAS can bypass application whitelisting solutions.

Reconnaissance

The LOLBAS can be used to gather interesting information.

Dump

The LOLBAS can be used to dump process.

Shell

It can be used to break out from restricted environments by spawning an interactive system shell.

Command

It can be used to break out from restricted environments by running non-interactive system commands.

Reverse shell

It can send back a reverse shell to a listening attacker to open a remote network access.

Non-interactive reverse shell

It can send back a non-interactive reverse shell to a listening attacker to open a remote network access.

Bind shell

It can bind a shell to a local port to allow remote network access.

Non-interactive bind shell

It can bind a non-interactive shell to a local port to allow remote network access.

File upload

It can exfiltrate files on the network.

File download

It can download remote files.

File write

It writes data to files, it may be used to do privileged writes or write files outside a restricted file system.

File read

It reads data from files, it may be used to do privileged reads or disclose files outside a restricted file system.

Library load

It loads shared libraries that may be used to run code in the binary execution context.

SUID

It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run sh -p, omit the -p argument on systems like Debian that allow the default sh shell to run with SUID privileges.

Sudo

It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on sudo.

Capabilities

It can manipulate its process UID and can be used on Linux as a backdoor to maintain elevated privileges with the CAP_SETUID capability set. This also works when executed by another binary with the capability set.

Limited SUID

It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run commands it only works on systems like Debian that allow the default sh shell to run with SUID privileges.