Git Product home page Git Product logo

bsides18_breakfree's Introduction

BSidesNYC 2018: I Want to Break Free - Examples

This repository contains the demonstration code and examples used during the talk.

message.dll

This is a DLL file created using msfvenom whose sole purpose is to display a message box.

$ msfvenom -p windows/messagebox -f dll -o message.dll TITLE=BSidesNYC ICON=INFORMATION TEXT="BSidesNYC 2018!"

message.exe

This is an EXE file created using msfvenom whose sole purpose is to display a message box.

$ msfvenom -p windows/messagebox -f exe -o message.exe TITLE=BSidesNYC ICON=INFORMATION TEXT="BSidesNYC 2018!"

message.cs

This is a file containing shellcode in a buffer (C style) which displays a message box.

$ msfvenom -p windows/messagebox -f csharp -o message.cs TITLE=BSidesNYC ICON=INFORMATION TEXT="BSidesNYC 2018!"

msbuild-message.xml

This is an XML file which, when run with msbuild.exe, will run inline shellcode. It was originally developed by Casey Smith (@subTee), but the shellcode has been replaced by the output of message.cs (above).

file2vb.py

This is a python script which takes a file as a parameter and:

  1. Converts it to a character-by-character chr() representation
  2. Splits it up into multiple functions if it would end up being too large
  3. Formats it so that it can be copy/pasted into a VB macro

Note that this a proof of concept script; there are many ways it can be improved; ideas include:

  1. Using an array rather than a chr() concatenation
  2. Stripping of unnecessary whitespace or other characters
  3. Base64 encoding or compression
  4. Obfuscation of some description

BSidesNYC_Message.doc

This is an example word document containing a macro which, when executed, will drop an XML file to disk and run it using msbuild.exe. This is to demonstrate a method of bypassing default AppLocker rules without calling PowerShell.

As discussed during the talk, it does have some disadvantages (e.g. execution of a separate binary, dropping a file to disk), but in itself works well as a proof of concept to demonstrate an alternative method of executing an implant.

bsides18_breakfree's People

Contributors

stufus avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.