-
Notifications
You must be signed in to change notification settings - Fork 5
/
CheckExplorerExeExtensions.cs
157 lines (124 loc) · 3.91 KB
/
CheckExplorerExeExtensions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
// Jean-Pierre LESUEUR (@DarkCoderSc)
// https://keybase.io/phrozen
using System;
using System.Diagnostics;
using System.IO.Pipes;
using System.Runtime.InteropServices;
using System.Threading;
[DllImport("Shell32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr ShellExecute(IntPtr hwnd, string lpOperation, string lpFile, string lpParameters, string lpDirectory, int nShowCmd);
string PIPE_NAME = "DarkCoderScPipe";
static IEnumerable<string> ExtensionGenerator(int max_length)
{
string charList = "abcdefghijklmnopqrstuvwxyz0123456789";
if (max_length > 1)
{
foreach (string candidate in ExtensionGenerator(max_length -1))
{
foreach (char c in charList)
{
yield return candidate + c;
}
}
}
else
{
foreach (char c in charList)
{
yield return c.ToString();
}
}
}
string GetCurrentImagePath()
{
return Process.GetCurrentProcess()?.MainModule?.FileName ?? "";
}
void SendClientPipeMessage(string message = "")
{
NamedPipeClientStream client = new NamedPipeClientStream("localhost", PIPE_NAME, PipeDirection.InOut, PipeOptions.None);
client.Connect(100);
try
{
StreamWriter writer = new StreamWriter(client);
writer.WriteLine(message);
writer.Flush();
}
finally
{
client.Close();
}
}
// __entry__
string currentImage = GetCurrentImagePath();
if (Path.GetExtension(currentImage).ToLower() != ".exe")
{
SendClientPipeMessage(currentImage);
}
else
{
Console.WriteLine("Checking...");
///
if (!String.IsNullOrEmpty(currentImage))
{
// Check routine
Thread checkThread = new Thread(() =>
{
try
{
using (NamedPipeServerStream server = new NamedPipeServerStream(PIPE_NAME, PipeDirection.InOut))
{
while (true)
{
server.WaitForConnection();
StreamReader reader = new StreamReader(server);
string message = reader.ReadLine() ?? "";
Thread.Sleep(1); // To signal "ThreadInterruptedException", dirty but it works
if (!String.IsNullOrEmpty(message))
{
Console.Write("Executable Extension Found: \"");
Console.ForegroundColor = ConsoleColor.Green;
Console.Write(Path.GetExtension(message));
Console.ResetColor();
Console.WriteLine("\".");
}
server.Disconnect();
}
}
}
catch (ThreadInterruptedException)
{}
});
checkThread.Start();
// Bruteforce
foreach (string extension in ExtensionGenerator(3))
{
string newImageExtension = Path.ChangeExtension(currentImage, extension);
try
{
File.Copy(currentImage, newImageExtension, true);
}
catch(IOException)
{
continue;
}
try
{
ShellExecute(IntPtr.Zero, "open", newImageExtension, "", "", 0);
}
finally
{
while (Process.GetProcessesByName(Path.GetFileName(newImageExtension)).Length > 0)
{
Thread.Sleep(1);
}
///
File.Delete(newImageExtension);
}
}
Thread.Sleep(5000);
SendClientPipeMessage();
checkThread.Interrupt();
checkThread.Join();
Console.WriteLine("Done.");
}
}