slyd0g/UrbanBishopLocal slyd0g/UrbanBishopLocal

  • Stars
    star
    114
  • Rank 306,244 (Top 7 %)
  • Language
    C#
  • Created almost 4 years ago
  • Updated almost 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
slyd0g/UrbanBishopLocal
github

slyd0g

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A port of FuzzySecurity's UrbanBishop project for inline shellcode execution

UrbanBishopLocal

UrbanBishopLocal

Description

A port of FuzzySecurity's UrbanBishop project for inline shellcode execution. The execution vector uses a delegate vs an APC on a suspended threat at ntdll!RtlExitUserThread in UrbanBishop

  • NtCreateSection is used to create a section object
  • NtMapViewOfSection creates a section view with RW permissions we can write shellcode to
  • Shellcode is written to the section view
  • A second call to NtMapViewOfSection creates a section view with RX permissions
  • A pointer to the base address of the shellcode is converted to a delegate and executed

Usage

  1. Base64 encode XOR encrypted 64 bit shellcode with PowerShell
    • [Convert]::ToBase64String([System.IO.File]::ReadAllBytes("$PSScriptRoot\encrypted_shellcode.bin")) | clip
  2. Copy base64 string into Program.cs
  3. Replace your XOR key within Program.cs
  4. Build the project for x64

More Repositories

1

DLLHijackTest

DLL and PowerShell script to assist with finding DLL hijacks
PowerShell
326
star
2

PrimaryTokenTheft

Steal a primary token and spawn cmd.exe using the stolen token
C++
225
star
3

SharpClipboard

C# Clipboard Monitor
C#
159
star
4

WhiteChocolateMacademiaNut

Interact with Chromium-based browsers' debug port to view open tabs, installed extensions, and cookies
Go
149
star
5

SwiftSpy

macOS keylogger, clipboard monitor, and screenshotter
Swift
76
star
6

SwiftInMemoryLoading

Swift implementation of in-memory Mach-O loading on macOS
C
61
star
7

LNKMod

C# project to create or modify existing LNKs
C#
53
star
8

TimeStomper

PoC that manipulates Windows file times using SetFileTime() API
C++
49
star
9

ObjCShellcodeLoader

macOS shellcode loader written in Objective-C
Objective-C
48
star
10

SK8RAT

C++ implant that interfaces with a SK8PARK server
C++
46
star
11

SharpCrashEventLog

C# port of LogServiceCrash
C#
45
star
12

DylibHijackTest

Discover DYLD_INSERT_LIBRARIES hijacks on macOS
Python
40
star
13

SwiftParseTCC

Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
Swift
37
star
14

SK8PARK

Python 3 server used to control SK8RAT implant
Python
33
star
15

SharpRoast-Parser

Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.
32
star
16

XORShellcodeLoader

Loads shellcode from a resource file.
C++
20
star
17

SwiftLiverpool

Enumerate Location Services using CoreLocation API on macOS
Swift
16
star
18

pwnVNC

Python script that will attempt connection to unauthenticated VNC sessions on the entire Internet and take a screenshot of the user's current session.
Python
16
star
19

SharpCryptUnprotectData

C#
15
star
20

C-Sharp-Out-Minidump

C# implementation of Out-Minidump.ps1
C#
9
star
21

SwiftPlist

Partial rewrite of the `plutil` utility on macOS
Swift
7
star
22

MiniShare-1.4.1-RCE

MiniShare 1.4.1 remote buffer overflow leading to RCE.
Python
3
star
23

Debian8JessieSetup

Run on a fresh install of Debian 8 Jessie to create a new user, give sudo privileges, update your system, update your source list and more!
Shell
2
star
24

TestingDLL

TestingDLL using ShellExecuteA to spawn processes
C++
1
star
25

XORcipher

Script will ask you to encrypt or decrypt a message by XORing the message with a OTP.
Python
1
star