Repository of Windows offensive techniques implemented in C#. Meant to be a study of techniques implemented in Cobalt Strike's Beacon, Metasploit's Meterpreter, and some Mimikatz functionality as well.
Implements three techniques:
- Service/pipe creation and execution of cmd.exe /c echo getsysdata > \\.\pipe\getsys
- Service/pipe creation and execution of DLL written to disk that executes rundll32.exe GetSystemDLL.dll,ConnectPipe
- Steals a token from the winlogon process and executes a process with the token
Steal a token from a given PID or process name and create a new process with the token.
Given a username and password, utilize the LogonUserA() function to interact with network resources as the provided user.
Mimick Cobalt Strike techniques for process injection. Implements five techniques:
- Spawn rundll32 (x86/x64) and inject a payload into the process
- Spawn to a program of choice (x86/x64) and inject a payload into the process
- Inject a payload into a currently-running process (x86/x64)
- Reflective DLL injection of a DLL of your choosing into a currently-running process (x86/x64) - thanks to @monoxgas for the sRDI project. I merely merged their project into this one to allow for reflective DLL injection.
- Load an on-disk DLL into a currently-running process (x86/x64)
What happens when I type getsystem? - Cobalt Strike
Windows Access Tokens and Alternate Credentials - Cobalt Strike