-
Notifications
You must be signed in to change notification settings - Fork 13
/
RunAsAttached.dpr
155 lines (119 loc) · 3.96 KB
/
RunAsAttached.dpr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
(*******************************************************************************
Jean-Pierre LESUEUR (@DarkCoderSc)
https://www.phrozen.io/
License : MIT
Version: 1.0 Stable.
Description:
------------------------------------------------------------------------------
This version doesn't work with programs such as Netcat in the scenario of an
initial reverse / bind shell.
Check my Github : https://github.com/darkcodersc to find the version that
supports netcat ;-)
Don't forgget to leave a star and follow if you found my work useful ! =P
*******************************************************************************)
program RunAsAttached;
{$APPTYPE CONSOLE}
{$R *.res}
uses
System.SysUtils,
Windows,
Classes,
UntFunctions in 'Units\UntFunctions.pas',
UntApiDefs in 'Units\UntApiDefs.pas',
UntGlobalDefs in 'Units\UntGlobalDefs.pas',
UntStdHandlers in 'Units\UntStdHandlers.pas',
UntTypeDefs in 'Units\UntTypeDefs.pas';
var SET_USERNAME : String = '';
SET_PASSWORD : String = '';
SET_DOMAINNAME : String = '';
LStdoutHandler : TStdoutHandler;
AExitCode : Cardinal;
LCommand : AnsiString;
{-------------------------------------------------------------------------------
Usage Banner
-------------------------------------------------------------------------------}
function DisplayHelpBanner() : String;
begin
result := '';
///
WriteLn;
WriteLn('-----------------------------------------------------------');
Write('RunAsAttached By ');
WriteColoredWord('Jean-Pierre LESUEUR ');
Write('(');
WriteColoredWord('@DarkCoderSc');
WriteLn(')');
WriteLn('https://www.phrozen.io/');
WriteLn('https://github.com/darkcodersc');
WriteLn('-----------------------------------------------------------');
WriteLn;
WriteLn('RunAsAttached.exe -u <username> -p <password> [-d <domain>]');
WriteLn;
end;
{-------------------------------------------------------------------------------
Program Entry
-------------------------------------------------------------------------------}
begin
isMultiThread := True;
try
{
Parse Parameters
}
if NOT GetCommandLineOption('u', SET_USERNAME) then
raise Exception.Create('');
if NOT GetCommandLineOption('p', SET_PASSWORD) then
raise Exception.Create('');
GetCommandLineOption('d', SET_DOMAINNAME);
{
Create Handlers (stdout, stdin, stderr)
}
try
LStdoutHandler := TStdoutHandler.Create(SET_USERNAME, SET_PASSWORD, SET_DOMAINNAME);
LStdoutHandler.Resume();
///
{
Wait for commands (stdin)
}
while True do begin
ReadLn(LCommand);
///
LCommand := LCommand + #13#10;
{
We could replace "PostThreadMessage" by WriteFile directly from main thread.
We would just need to retrieve the "FPipeOutWrite" handle from StdHandler thread.
}
PostThreadMessage(
LStdoutHandler.ThreadID,
WM_COMMAND,
NativeUInt(LCommand),
(Length(LCommand) * SizeOf(AnsiChar))
);
{
Check if our StdHandler thread is still alive
}
GetExitCodeThread(LStdoutHandler.Handle, AExitCode);
if (AExitCode <> STILL_ACTIVE) then
break;
end;
{
Close secondary thread if not already
}
GetExitCodeThread(LStdoutHandler.Handle, AExitCode);
if (AExitCode = STILL_ACTIVE) then begin
LStdoutHandler.Terminate();
LStdoutHandler.WaitFor();
end;
finally
if Assigned(LStdoutHandler) then
FreeAndNil(LStdoutHandler);
end;
except
on E: Exception do begin
if (E.Message <> '') then
Debug(Format('Exception in class=[%s], message=[%s]', [E.ClassName, E.Message]), dlError)
else
DisplayHelpBanner();
end;
end;
end.