Merge pull request #43 from trustedsec/listpipes

Adds the listpipes command
trustedsec · May 7, 2021 · c46f814 · c46f814
2 parents 5dba422 + f76bf47
commit c46f814
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ Realistically, this could be compressed into a helper script, but those steps we
 |ldapsearch|ldapsearch [query] [opt: attribute] [opt: results_limit] | Executes LDAP searches |
 |listdns|listdns| Pulls dns cache entries, attempts to query and resolve each|
 |listmods|listmods [opt: pid]| List a process modules (DLL). Target current process if pid is empty. Complement to driversigs to determine if our process was injected by edr/av.|
+|listpipes|listpipes| Lists named pipes|
 |netstat|netstat| tcp / udp ipv4 netstat listing|
 |netuser|netuser [username] [opt: domain]| Pulls info about specific user.  Pulls from domain if a domainname is specified|
 |netview|netview| Gets a list of reachable servers in the current domain|

diff --git a/SA/SA.cna b/SA/SA.cna
@@ -1118,6 +1118,18 @@ Summary: This command retrieves the advanced security audit policies set in the
 Usage:   adv_audit_policies
 "
 );
+
+alias listpipes
+{
+	blog($1, "Listing Named Pipes");
+	bls($1, "//./pipe/");
+}
+
+beacon_command_register(
+	"listpipes",
+	"Lists local named pipes",
+	"Usage: listpipes"
+);
 alias enumLocalSessions{
 	beacon_inline_execute($1, readbof($1, "enumLocalSessions"), "go", $null);
 }