-
Notifications
You must be signed in to change notification settings - Fork 0
/
Out-CompressedDll.cs
96 lines (83 loc) · 3.67 KB
/
Out-CompressedDll.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using System.IO.Compression;
namespace Out_CompressedDll
{
class Program
{
static void Main(string[] args)
{
//You dont need main to have this work I have it here for testing you just need the Out_CompressedDll Method
Out_CompressedDll(args[0]);
}
private static void Out_CompressedDll(string FIlePath , string TemplatePath="")
{
/*
.SYNOPSIS
Creates the C# in-memory version of Out-CompressedDll.ps1.
Based entirely off Out-CompressedDll by Matthew Graeber (@mattifestation)
Original script at https://github.com/PowerShellMafia/PowerSploit/blob/master/ScriptModification/Out-CompressedDll.ps1
[Parameter(Mandatory = $True)]
[String]
$FilePath,
[Parameter(Mandatory = $True)]
[String]
$TemplatePath
)
$Path = Resolve-Path $FilePath
if (! [IO.File]::Exists($Path))
{
Throw "$Path does not exist."
}
$FileBytes = [System.IO.File]::ReadAllBytes($Path)
if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
{
Throw "$Path is not a valid executable."
}
*/
if (!File.Exists(FIlePath))
{
throw new System.ArgumentException(FIlePath + " does not exist.");
}
byte[] FileBytes = File.ReadAllBytes(FIlePath);
if (FileBytes.Length < 1)
{
throw new System.ArgumentException(FIlePath + "is not a valid executable.");
}
/*$Length = $FileBytes.Length
$CompressedStream = New-Object IO.MemoryStream
$DeflateStream = New - Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
$DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
$DeflateStream.Dispose()
$CompressedFileBytes = $CompressedStream.ToArray()
$CompressedStream.Dispose()
$EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)*/
Console.WriteLine(Convert.ToBase64String(Compress(FileBytes)));
/*$Output = @"
`$EncodedCompressedFile = '$EncodedCompressedFile`'
`$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
`$UncompressedFileBytes = New-Object Byte[]($Length)
`$DeflatedStream.Read(`$UncompressedFileBytes, 0, $Length) | Out-Null
`$Assembly = [Reflection.Assembly]::Load(`$UncompressedFileBytes)
`$BindingFlags = [Reflection.BindingFlags] "Public,Static"
`$a = @()
`$Assembly.GetType("Costura.AssemblyLoader", `$false).GetMethod("Attach", `$BindingFlags).Invoke(`$Null, @())
`$Assembly.GetType("Sharphound2.Sharphound").GetMethod("InvokeBloodHound").Invoke(`$Null, @(,`$passed))
"@
Get-Content $TemplatePath | %{$_ -replace "#ENCODEDCONTENTHERE", $Output}*/
}
private static byte[] Compress(byte[] data)
{
MemoryStream output = new MemoryStream();
using (DeflateStream dstream = new DeflateStream(output, CompressionLevel.Optimal))
{
dstream.Write(data, 0, data.Length);
}
return output.ToArray();
}
}
}