This repository has been archived by the owner on Aug 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
create_process.cs
116 lines (99 loc) · 3.49 KB
/
create_process.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
// Source
// - Slice - https://www.dotnetperls.com/array-slice
// TODO
// - Add username/password option like taskkill.cs
// - Populate other fields to blend in better - https://docs.microsoft.com/en-us/dotnet/api/system.management.managementobject.invokemethod?view=netframework-4.7.2
// To Compile:
// C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe /t:exe /out:create_process.exe create_process.cs
using System;
using System.Management;
public static class Extensions
{
/// <summary>
/// Get the array slice between the two indexes.
/// ... Inclusive for start index, exclusive for end index.
/// </summary>
public static T[] Slice<T>(this T[] source, int start, int end)
{
// Handles negative ends.
if (end < 0)
{
end = source.Length + end;
}
int len = end - start;
// Return new array.
T[] res = new T[len];
for (int i = 0; i < len; i++)
{
res[i] = source[i + start];
}
return res;
}
}
public class CreateProcess
{
private static void PrintUsage()
{
Console.WriteLine(@"Executes the given command on the specified system
USAGE:
CreateProcess.exe <system> <full_path_to_command_on_system> <executable args...>
Example:
CreateProcess.exe 192.168.20.10 C:\Windows\System32\program.exe -Run");
}
public static void Main(string[] args)
{
try
{
// Parse arguments
for (int i = 0; i < args.Length; i++)
{
string arg = args[i];
switch (arg.ToUpper())
{
case "/?":
PrintUsage();
return;
}
}
if (args.Length == 0)
{
PrintUsage();
return;
}
else if (args.Length > 1)
{
// Parse target system from first arg; strip \\ just in case
string system = args[0].Trim(new Char[] { ' ', '\\' });
// Catenate remaining args into a command string
string command = String.Join(" ", args.Slice(1, args.Length));
Console.WriteLine("[*] Running '" + command + "' on " + system);
ManagementClass processClass = new ManagementClass(@"\\" + system + @"\root\cimv2:Win32_Process");
// Execute the method
ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
inParams["CommandLine"] = command;
ManagementBaseObject result = processClass.InvokeMethod("Create", inParams, null);
// Display results
if (result["returnValue"].ToString() == "0")
{
Console.WriteLine("Process ID: " + result["processId"]);
}
else
{
throw new Exception(String.Format("Failed to start process; exit code: {0}", result["returnValue"]));
}
}
else
{
throw new ArgumentException("No command specified");
}
}
catch (Exception e)
{
Console.Error.WriteLine("[-] ERROR: {0}", e.Message.Trim());
}
finally
{
Console.WriteLine("\nDONE");
}
}
}