eladshamir/RPC-Backdoor

Stars
180
Rank 212,008 (Top 5 %)
Language
C
License
MIT License
Created about 2 years ago
Updated over 1 year ago

eladshamir/RPC-Backdoor

eladshamir

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A basic emulation of an "RPC Backdoor"

RPC Backdoor Emulation

This project is a basic implementation of an "RPC Backdoor" meant to emulate TTPs used by certain groups.

The project contains an RPC server with five functions:

Execute a command with cmd.exe /c and the CreateProcess API call.
Steal a token and execute a command with cmd.exe /c and the CreateProcessWithTokenW API call.
Download a file from the remote host.
Upload a file to the remote host.
Terminate the RPC server.

The server is implemented both as an executable (RpcServer) and a DLL (RpcServerDll).

The server registers two RPC servers:

RPC over named pipes with the hard-coded pipe name "ncacn_np".
RPC over TCP/IP with the hard-coded port number 4747.

The client is implemented both as a native executable (RpcClient) and a .NET executable (RpcSharpClient).

Internal-Monologue

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

Whisker

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

SharpElevator

SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and published in his brilliant post at: https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html

BadWindowsService

An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities

VfsEmulation