View sccmdecryptpoc.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
using System; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
namespace SCCMDecryptPOC | |
{ | |
internal class Program |
View DogFoodExec.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
using System.Linq; | |
namespace NautilusProject | |
{ | |
internal class CombinedExec | |
{ | |
public static IntPtr AllocMemory(int length) |
View WriteGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace NautilusProject | |
{ | |
public class WriteGadget | |
{ |
View ReadGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ReadGadget | |
{ | |
public static IntPtr ReadMemory(IntPtr addr) | |
{ |
View ExecNativeSlot.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecNativeSlot | |
{ | |
public static void Execute() | |
{ |
View ExecStubOverwriteWithoutPInvoke.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Reflection; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecStubOverwriteWithoutPInvoke | |
{ | |
public static void Execute(byte[] shellcode) | |
{ |
View ExecStubOverwrite.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Runtime.InteropServices; | |
namespace NautilusProject | |
{ | |
public class ExecStubOverwrite | |
{ | |
public static void Execute(byte[] shellcode) | |
{ | |
// mov rax, 0x4141414141414141 |
View dotnet_inject.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
#include <stdio.h> | |
#include <fcntl.h> | |
#include <string.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
#include "main.h" | |
// libcorclr.dll signature for finding hlpDynamicFuncTable |
View dotnet_injectbundle.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
#include <stdio.h> | |
#include <fcntl.h> | |
#include <string.h> | |
#include <unistd.h> | |
#include <stdlib.h> | |
#include <mach-o/dyld.h> | |
#include "main.h" |
View main.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
typedef unsigned int DWORD; | |
typedef unsigned char BYTE; | |
typedef unsigned char * PBYTE; | |
typedef DWORD HRESULT; | |
typedef unsigned short USHORT; | |
typedef unsigned int ULONG; | |
typedef unsigned char UCHAR; | |
typedef bool BOOL; | |
static const DWORD kCurrentMajorVersion = 2; |
NewerOlder