Accenture/CLRvoyance Accenture/CLRvoyance

  • Stars
    star
    263
  • Rank 155,624 (Top 4 %)
  • Language
    Assembly
  • Created over 4 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Accenture/CLRvoyance
github

Accenture

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Managed assembly shellcode generation

CLRvoyance

CLRvoyance is a shellcode kit that supports bootstrapping managed assemblies into unmanaged (or managed) processes. It provides three different implementations of position independent shellcode for CLR hosting, as well as a generator script for quickly embedding a managed assembly in position independent shellcode.

Please see the release blogpost here for technical information.

Usage

$ py clrvoyance.py -h
usage: clrvoyance.py [-h] -a [executable] [-p [32|64]] [-d [net|c]] [-n] [--apc]

optional arguments:
  -h, --help       show this help message and exit
  -a [executable]  Assembly
  -p [32|64]       Platform
  -d [net|c]       Dump binary shellcode of assembly
  -n               Load assembly into a new domain
  --apc            Use safe APC shellcode

CLRvoyance requires Python 3.6+ to generate embedded payloads. Using our included ExampleAssembly, we can generate 32-bit raw shellcode using the following:

$ py clrvoyance.py -a ExampleAssembly.exe -p 32
[+] 4608 byte assembly
[+] 1381 byte bootstrap
[+] 5988 byte shellcode written out (c:\users\bja\Desktop\project\clrvoyance\ExampleAssembly\ExampleAssembly\bin\Debug\ExampleAssembly.exe.shellcode)

ExampleAssembly.exe.shellcode can then be used as your shellcode payload.

If we want to view the shellcode for programmatic consumption, the -d flag can be used:

$ py clrvoyance.py -a ExampleAssembly.exe.shellcode -p 32 -d net
byte[] shellcode={
0xe8,0x00,0x00,0x00,0x00,0x5b,0x68,0x42,0x31,0x0e,0x00,0x68,0x88,0x4e,0x0d,0x00,
0xe8,0x23,0x04,0x00,0x00,0x6a,0x04,0x68,0x00,0x10,0x00,0x00,0x68,0x00,0x03,0x00,
0x00,0x6a,0x00,0xff,0xd0,0x85,0xc0,0x0f,0x84,0x46,0x03,0x00,0x00,0x64,0x8b,0x35,
0x18,0x00,0x00,0x00,0x89,0x46,0x14,0x68,0x86,0x57,0x0d,0x00,0x68,0x88,0x4e,0x0d,
0x00,0xe8,0xf2,0x03,0x00,0x00,0x64,0x8b,0x35,0x14,0x00,0x00,0x00,0x83,0xc6,0x38,
...snip...

The provided assemblies were compiled using nasm 2.14. If you modify the shellcode, please ensure you update offsets in clrvoyance.py.

Code

The project is broken up into multiple files described below:

clrvoyance.py  	    - Generator script
sc-*-clr.asm 	    - Primary CLR loader; RX page support
sc-*-clr-apc.asm    - APC CLR loader
sc-*-clr-rwx.asm    - RWX version of CLR loader
sc-*-clrnd.asm      - CLR loader with new domain
sc-*-clrnd-apc.asm  - APC CLR loader with new domain
sc-*-api-functions  - Helper functions
sc-32-jscript.asm   - Executes JScript instead of an assembly
sc-64-macros.asm    - 64-bit helper macros

More Repositories

1

AmpliGraph

Python library for Representation Learning on Knowledge Graphs https://docs.ampligraph.org
Python
2,147
star
2

Spartacus

Spartacus DLL/COM Hijacking Toolkit
C#
989
star
3

adop-docker-compose

Talk to us on Gitter: https://gitter.im/Accenture/ADOP
Shell
765
star
4

reactive-interaction-gateway

Create low-latency, interactive user experiences for stateless microservices.
Elixir
590
star
5

jenkins-attack-framework

Python
554
star
6

VulFi

IDA Pro plugin for query based searching within the binary useful mainly for vulnerability research.
Python
532
star
7

Codecepticon

.NET/PowerShell/VBA Offensive Security Obfuscator
C#
481
star
8

Ocaramba

C# Framework to automate tests using Selenium WebDriver
C#
277
star
9

protobuf-finder

IDA Pro plugin for reconstructing original .proto files from binary.
Python
256
star
10

alexia

A Framework for creating Amazon Echo (Alexa) skills using Node.js
JavaScript
164
star
11

adop-jenkins

Groovy
152
star
12

sfmc-devtools

Fast-track your developers and devops engineers by allowing them to programmatically copy-paste / deploy changes and work offline
JavaScript
137
star
13

Labs-Federated-Learning

Accenture Labs Federated Learning
92
star
14

FirmLoader

Python
90
star
15

mercury

Reference engine for composable applications
Java
81
star
16

serverless-ephemeral

This is a Serverless Framework plugin that helps bundling any stateless zipped library to AWS Lambda.
JavaScript
67
star
17

adop-platform-management

Groovy
60
star
18

adop-cartridge-java

Groovy
59
star
19

Condstanta

Python
56
star
20

EcoSonar

EcoSonar, the ecodesign audit tool
JavaScript
54
star
21

bdd-for-all

Flexible and easy to use library to enable your behavorial driven development (BDD) teams to easily collaborate while promoting automation, transparency and reporting.
Java
51
star
22

Cymple

Cymple - a productivity tool for creating Cypher queries in Python
Python
49
star
23

adop-gerrit

Shell
45
star
24

adop-aws

This repository contains a hardened, 2-tiered implementation of the DevOps Platform -> https://github.com/Accenture/adop-docker-compose
35
star
25

AARO-Bugs

Vulnerabilities, exploits, and PoCs
C
34
star
26

AIR

A deep learning object detector framework written in Python for supporting Land Search and Rescue Missions.
Python
30
star
27

generator-mario

Generator for Backbone/Marionette applications with lots of bells and whistles to help keep a non-trivial sized application moving forward at a breakneck pace!
JavaScript
29
star
28

sfmc-customapp

JavaScript
28
star
29

DBTestCompare

Application to compare results of two SQL queries
Java
25
star
30

AutoFixture.XUnit2.AutoMock

Autofixture auto-mocking for XUnit2 using a mocking library of your choice.
C#
22
star
31

kx.as.code

kx.as.code
Shell
19
star
32

openathon-2019-angular

IV OpenAthon CSE - Angular
TypeScript
19
star
33

OSDU-Ontology

An ontology designed for oil and gas, and subsurface energy data based on the industry standards.
HTML
18
star
34

alexia-starter-kit

Starter Kit project with sample Amazon Echo skill created using Alexia Framework
JavaScript
17
star
35

mv-unreal-aws

C++
16
star
36

tldr

The Lightweight Docker Runtime
Shell
15
star
37

pyheal

PyHeal is a Python wrapper for Microsoft SEAL aimed at making operations easier to use.
Python
15
star
38

openathon-2019-react

Openathon edition organised for the Accenture Technology Custom Open Cloud community where we will have again the opportunity to discover, in a practical way, the possibilities offered by the different architectures and leading frameworks in the market.
JavaScript
15
star
39

openathon-2019-docker

13
star
40

mercury-python

Python language pack for Mercury
Python
12
star
41

openathon-2020-serverless

Openathon VI - Custom Software Engineering
HTML
11
star
42

adop-sonar

Shell
11
star
43

waterfall-config

A simplistic configuration library for Java, heavily based on Typesafehub Config with some additional opinionated features
Java
9
star
44

sfmc-connector

Apex
8
star
45

askme

askme is a simple application designed to solicit immediate feedback during public speaking engagements, and is used as a demo app for multiple application architecture and dev process demos. It's also a cool and useful application in its own right.
JavaScript
8
star
46

adop-nexus

Shell
7
star
47

sfmc-devtools-copado

SFMC DevTools made easy using Copado Multi-Cloud's webinterface
JavaScript
7
star
48

mercury-composable

Reference implementation toolkit for writing composable applications
Java
7
star
49

adop-nginx

CSS
6
star
50

openathon-2020-python

openathon-2020-python
Python
6
star
51

ALM-SF-Metadata-API-Python-Tools

ALM SF Metadata API Python Tools
Python
6
star
52

DX-Mate

DX Mate
TypeScript
5
star
53

sfmc-devtools-vscode

Accenture SFMC DevTools for VS Code
TypeScript
5
star
54

Off-chain-storage-verification

A Blockchain-based Auditing Framework for Off-chain Storage
JavaScript
5
star
55

grails-spring-security-oauth-azure

grails-spring-security-oauth-azure
Groovy
5
star
56

mac-enablement

Shell
5
star
57

ALM-SF-DX-Python-Tools

ALM SF DX Python Tools
Python
5
star
58

adop-jenkins-worker

Dockerfile
4
star
59

adop-ldap-phpadmin

Shell
4
star
60

hiera-aws-sm

A Hiera 5 backend for AWS Secrets Manager
Ruby
4
star
61

Cockpit

Java
4
star
62

digital-products-boosters

digital-products-boosters
JavaScript
4
star
63

ALM-SF-DX-Pipelines

ALM SF DX Pipelines
Groovy
4
star
64

ALM-SF-Metadata-API-Pipelines

ALM SF Metadata API Pipelines
Groovy
4
star
65

openathon-2018-spring-boot-cloud

Materials (detailed guideline and exemplar solution) for the first Openathon organized by Accenture Technology Custom Software Engineering practice in Spain, focused on learning the basic to microservice development with Spring Boot and Spring Cloud.
Java
4
star
66

adop-cartridge-java-regression-tests

Java
3
star
67

speech2spikes

Python
3
star
68

mercury-nodejs

Reference engine for composable applications
TypeScript
3
star
69

alexa-pokitdok

JavaScript
3
star
70

cna-aws-cdk-patterns

TypeScript
3
star
71

openathon-2019-appian

OpenAthon 2019 - Appian
3
star
72

openathon-2021-quarkus

openathon-2021-quarkus
Shell
3
star
73

adop-cartridge-specification

Shell
3
star
74

adop-sensu

Ruby
3
star
75

azure-arc-playground-builder

Azure Arc Quickstart showcasing Arc-enabled App Service & Data Services
Shell
3
star
76

can_dlc_fuzzer

C++
3
star
77

tldr-alb

Application Load Balancer container for the The Lightweight Docker Runtime
Shell
2
star
78

evil_update

C
2
star
79

adop-cartridge-java-pipeline

Groovy
2
star
80

energy-consumption-measuring-toolkit

Python
2
star
81

openathon-2019-docker-spring-boot-app

Java
2
star
82

adop-cartridge-java-environment-template

2
star
83

DBTestCompareGenerator

Tool for generating database tests
C#
2
star
84

Mendix.RecaptchaWidget

JavaScript
2
star
85

adop-ldap-ltb

PHP
2
star
86

morpheus-data-api

Python client to Morpheus Data API https://apidocs.morpheusdata.com
Python
2
star
87

reactive_technologylearningpills

Technology Learning Pills: Reactive
TypeScript
2
star
88

adop-platform-extension-chef

Chef Server v12 extension for the ADOP platform.
2
star
89

Docknet

A pure Numpy implementation of neural networks for educational purposes
Jupyter Notebook
2
star
90

NEC850_Architecture

C++
2
star
91

Mendix.ObjectivityCommons

Java
1
star
92

Mendix.GlobusTheme

Objectivity’s UI resources module and theme for building apps on the Mendix 9 platform.
SCSS
1
star
93

Mendix.IfElse

JavaScript
1
star
94

adop-logstash

1
star
95

Shakespeare_RNN

Python
1
star
96

adop-gitlab

Shell
1
star
97

CIFR_Yara

YARA
1
star
98

Mendix.CssClassSwitcher

A Mendix widget that adds CSS classes determined by a microflow (or nanoflow) to elements determined by CSS selector.
CSS
1
star
99

docker-plaso

Makefile
1
star
100

openathon-2019-docker-angular-app

TypeScript
1
star