示例#1
0
        public DonutShellcode(byte[] input, string fileExtension, int bypass = 3, string className = null, string method = null, string args = null, string runtime = null)
        {
            Input         = input;
            FileExtension = fileExtension;

            var config = new DonutConfig();

            config.Arch   = global::Constants.DONUT_ARCH_X84;
            config.Bypass = bypass;
            if (className != null)
            {
                config.Class = className;
            }
            if (method != null)
            {
                config.Method = method;
            }
            if (args != null)
            {
                config.Args = args;
            }
            if (runtime != null)
            {
                if (runtime != global::Constants.DONUT_RUNTIME_NET2 && runtime != global::Constants.DONUT_RUNTIME_NET4)
                {
                    throw new ArgumentException();
                }
            }
            config.Runtime = runtime;
            Config         = config;
        }
示例#2
0
        public static byte[] GenerateShellcode(DonutConfig config)
        {
            var buffer = DonutCreate(config);

            DonutDelete(config);
            return(buffer);
        }
        public override string GetLauncher(string StagerCode, byte[] StagerAssembly, Grunt grunt, ImplantTemplate template)
        {
            this.StagerCode = StagerCode;
            string inputf  = Common.CovenantTempDirectory + Utilities.GetSanitizedFilename(template.Name + ".exe");
            string outputf = Common.CovenantTempDirectory + Utilities.GetSanitizedFilename(template.Name + ".bin");

            File.WriteAllBytes(inputf, StagerAssembly);
            DonutConfig config = new DonutConfig
            {
                Arch      = 3,
                Bypass    = 3,
                InputFile = inputf,
                Class     = "GruntStager",
                Method    = "Execute",
                Args      = "",
                Payload   = outputf
            };
            int ret = Generator.Donut_Create(ref config);

            if (ret == Constants.DONUT_ERROR_SUCCESS)
            {
                this.Base64ILByteString = Convert.ToBase64String(File.ReadAllBytes(outputf));
                this.LauncherString     = template.Name + ".bin";
            }
            return(this.LauncherString);
        }
示例#4
0
        // This parses if using nuget package
        public static int ParseArguments(ref DonutConfig args, ref DSConfig config)
        {
            int ret;

            // If no input file
            if (string.IsNullOrEmpty(args.InputFile) == true)
            {
                return(Constants.DONUT_ERROR_FILE_NOT_FOUND);
            }

            // URL not supported yet
            if (string.IsNullOrEmpty(args.URL) == false)
            {
                return(Constants.DONUT_ERROR_INVALID_URL);
            }

            // Assign values
            config.arch   = args.Arch;
            config.bypass = args.Bypass;

            if (string.IsNullOrEmpty(args.Class) == false)
            {
                Helper.Copy(config.cls, args.Class);
            }

            if (string.IsNullOrEmpty(args.Domain) == false)
            {
                Helper.Copy(config.domain, args.Domain);
            }

            if (string.IsNullOrEmpty(args.Method) == false)
            {
                Helper.Copy(config.method, args.Method);
            }

            if (string.IsNullOrEmpty(args.Runtime) == false)
            {
                Helper.Copy(config.runtime, args.Runtime);
            }

            if (string.IsNullOrEmpty(args.Payload) == false)
            {
                Helper.Copy(config.outfile, args.Payload);
            }

            if (string.IsNullOrEmpty(args.Args) == false)
            {
                Helper.Copy(config.param, args.Args);
            }

            if (string.IsNullOrEmpty(args.InputFile) == false)
            {
                Helper.Copy(config.file, args.InputFile);
            }

            return(Constants.DONUT_ERROR_SUCCESS);
        }
示例#5
0
        private static void DonutDelete(DonutConfig config)
        {
            var delErrorCode = (ErrorCode)DonutDelete(ref config);

            if (delErrorCode != ErrorCode.SUCCESS)
            {
                var errorMessage = GetDonutError(delErrorCode);
                throw new DonutException($"Donut error: {errorMessage}");
            }
        }
示例#6
0
        private static byte[] DonutCreate(DonutConfig config)
        {
            var createErrorCode = (ErrorCode)DonutCreate(ref config);

            if (createErrorCode != ErrorCode.SUCCESS)
            {
                var errorMessage = GetDonutError(createErrorCode);
                throw new DonutException($"Donut error: {errorMessage}");
            }
            var buffer = new byte[config.pic_len];

            Marshal.Copy(config.pic, buffer, 0, config.pic_len);
            return(buffer);
        }
示例#7
0
        // Overload to parse nuget package config
        // Pass to actual Donut_Create
        public static int Donut_Create(ref DonutConfig args)
        {
            // Create Config
            DSConfig config = new Helper().InitStruct("DSConfig");

            // Parse provided args
            Helper.ParseArguments(ref args, ref config);

            int ret = Donut_Create(ref config);

            // Free PIC shellcode
            Marshal.FreeHGlobal(config.pic);

            return(ret);
        }
示例#8
0
 public DonutShellcode(DonutConfig config) => Config = config;
示例#9
0
 private static extern int DonutDelete(ref DonutConfig donutConfig);