维权访问-ADS数据流

enter description here

TeamViewer13

1
2
C :\>type :\temp\helloworld.hta >"C :\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:helloworld.hta"
C :\>mshta"c :\Program Files (x86)\TeamViewer\TeamViewer13_Logfile.log:helloworld.hta"

enter description here

enter description here

enter description here

2.PHP

未寄宿 可以执行
enter description here

删除文件
enter description here

删除文件—-寄宿数据流成功,并可以运行
enter description here

3.Control

enter description here

enter description here

链接资料:https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/

https://twitter.com/bohops/status/954466315913310209