public DonutShellcode(byte[] input, string fileExtension, int bypass = 3, string className = null, string method = null, string args = null, string runtime = null) { Input = input; FileExtension = fileExtension; var config = new DonutConfig(); config.Arch = global::Constants.DONUT_ARCH_X84; config.Bypass = bypass; if (className != null) { config.Class = className; } if (method != null) { config.Method = method; } if (args != null) { config.Args = args; } if (runtime != null) { if (runtime != global::Constants.DONUT_RUNTIME_NET2 && runtime != global::Constants.DONUT_RUNTIME_NET4) { throw new ArgumentException(); } } config.Runtime = runtime; Config = config; }
public static byte[] GenerateShellcode(DonutConfig config) { var buffer = DonutCreate(config); DonutDelete(config); return(buffer); }
public override string GetLauncher(string StagerCode, byte[] StagerAssembly, Grunt grunt, ImplantTemplate template) { this.StagerCode = StagerCode; string inputf = Common.CovenantTempDirectory + Utilities.GetSanitizedFilename(template.Name + ".exe"); string outputf = Common.CovenantTempDirectory + Utilities.GetSanitizedFilename(template.Name + ".bin"); File.WriteAllBytes(inputf, StagerAssembly); DonutConfig config = new DonutConfig { Arch = 3, Bypass = 3, InputFile = inputf, Class = "GruntStager", Method = "Execute", Args = "", Payload = outputf }; int ret = Generator.Donut_Create(ref config); if (ret == Constants.DONUT_ERROR_SUCCESS) { this.Base64ILByteString = Convert.ToBase64String(File.ReadAllBytes(outputf)); this.LauncherString = template.Name + ".bin"; } return(this.LauncherString); }
// This parses if using nuget package public static int ParseArguments(ref DonutConfig args, ref DSConfig config) { int ret; // If no input file if (string.IsNullOrEmpty(args.InputFile) == true) { return(Constants.DONUT_ERROR_FILE_NOT_FOUND); } // URL not supported yet if (string.IsNullOrEmpty(args.URL) == false) { return(Constants.DONUT_ERROR_INVALID_URL); } // Assign values config.arch = args.Arch; config.bypass = args.Bypass; if (string.IsNullOrEmpty(args.Class) == false) { Helper.Copy(config.cls, args.Class); } if (string.IsNullOrEmpty(args.Domain) == false) { Helper.Copy(config.domain, args.Domain); } if (string.IsNullOrEmpty(args.Method) == false) { Helper.Copy(config.method, args.Method); } if (string.IsNullOrEmpty(args.Runtime) == false) { Helper.Copy(config.runtime, args.Runtime); } if (string.IsNullOrEmpty(args.Payload) == false) { Helper.Copy(config.outfile, args.Payload); } if (string.IsNullOrEmpty(args.Args) == false) { Helper.Copy(config.param, args.Args); } if (string.IsNullOrEmpty(args.InputFile) == false) { Helper.Copy(config.file, args.InputFile); } return(Constants.DONUT_ERROR_SUCCESS); }
private static void DonutDelete(DonutConfig config) { var delErrorCode = (ErrorCode)DonutDelete(ref config); if (delErrorCode != ErrorCode.SUCCESS) { var errorMessage = GetDonutError(delErrorCode); throw new DonutException($"Donut error: {errorMessage}"); } }
private static byte[] DonutCreate(DonutConfig config) { var createErrorCode = (ErrorCode)DonutCreate(ref config); if (createErrorCode != ErrorCode.SUCCESS) { var errorMessage = GetDonutError(createErrorCode); throw new DonutException($"Donut error: {errorMessage}"); } var buffer = new byte[config.pic_len]; Marshal.Copy(config.pic, buffer, 0, config.pic_len); return(buffer); }
// Overload to parse nuget package config // Pass to actual Donut_Create public static int Donut_Create(ref DonutConfig args) { // Create Config DSConfig config = new Helper().InitStruct("DSConfig"); // Parse provided args Helper.ParseArguments(ref args, ref config); int ret = Donut_Create(ref config); // Free PIC shellcode Marshal.FreeHGlobal(config.pic); return(ret); }
public DonutShellcode(DonutConfig config) => Config = config;
private static extern int DonutDelete(ref DonutConfig donutConfig);