checkymander

## script.py
#!/usr/bin/python
import os
for root, dirs, files, in os.walk(".", topdown=False):
  for name in files:
    print(os.path.join(root, name))
  for name in dirs:
    print(os.path.join(root, name))

## script.sh
#!/bin/bash
for ip in $(seq 1 254); do
ping -c1 172.16.10.$ip |grep "bytes from " |cut -d" " -f 4|cut -d":" -f1 &
done

## _notes.md

      
        
          
            
              
              3 files
            
          
          
            
              
              0 forks
            
          
            
              
                
                0 comments
              
            
          
            
              
              0 stars
            
          
        
        
          
              
          
          
            
                checkymander
                / _notes.md
            
            
              Created
              March 12, 2020 17:57
            
              
                AppDomainManager Injection
              
          
        
      
        
  
      
    Let's turn Any .NET Application into an LOL Bin

We can do this by experimenting with .config files.
Many defenders catch/detect files that are renamed, they do this by matching Original Filename to Process Name
In this example, we don't have to rename anything.  We simple coerce a trusted signed app to load our Assembly.
We do this by directing the application to read a config file we provide.
	#!/usr/bin/python
	import os
	for root, dirs, files, in os.walk(".", topdown=False):
	for name in files:
	print(os.path.join(root, name))
	for name in dirs:
	print(os.path.join(root, name))
	#!/bin/bash
	for ip in $(seq 1 254); do
	ping -c1 172.16.10.$ip \|grep "bytes from " \|cut -d" " -f 4\|cut -d":" -f1 &
	done