View sccmdecryptpoc.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;) | |
| // Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work. | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| namespace SCCMDecryptPOC | |
| { | |
| internal class Program |
View DogFoodExec.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| using System.Linq; | |
| namespace NautilusProject | |
| { | |
| internal class CombinedExec | |
| { | |
| public static IntPtr AllocMemory(int length) |
View WriteGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| namespace NautilusProject | |
| { | |
| public class WriteGadget | |
| { |
View ReadGadget.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ReadGadget | |
| { | |
| public static IntPtr ReadMemory(IntPtr addr) | |
| { |
View ExecNativeSlot.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecNativeSlot | |
| { | |
| public static void Execute() | |
| { |
xpn
/ ExecStubOverwriteWithoutPInvoke.cs
Created May 3, 2021
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
View ExecStubOverwriteWithoutPInvoke.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Reflection; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecStubOverwriteWithoutPInvoke | |
| { | |
| public static void Execute(byte[] shellcode) | |
| { |
xpn
/ ExecStubOverwrite.cs
Created May 3, 2021
https://blog.xpnsec.com/weird-ways-to-execute-dotnet/
View ExecStubOverwrite.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace NautilusProject | |
| { | |
| public class ExecStubOverwrite | |
| { | |
| public static void Execute(byte[] shellcode) | |
| { | |
| // mov rax, 0x4141414141414141 |
xpn
/ dotnet_inject.cpp
Created Sep 13, 2020
View dotnet_inject.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include "main.h" | |
| // libcorclr.dll signature for finding hlpDynamicFuncTable |
xpn
/ dotnet_injectbundle.cpp
Created Sep 13, 2020
View dotnet_injectbundle.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with g++ dotnet_injectbundle.cpp -o dotnet_injectbundle | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <stdlib.h> | |
| #include <mach-o/dyld.h> | |
| #include "main.h" |
View main.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef unsigned int DWORD; | |
| typedef unsigned char BYTE; | |
| typedef unsigned char * PBYTE; | |
| typedef DWORD HRESULT; | |
| typedef unsigned short USHORT; | |
| typedef unsigned int ULONG; | |
| typedef unsigned char UCHAR; | |
| typedef bool BOOL; | |
| static const DWORD kCurrentMajorVersion = 2; |
NewerOlder