Closed h0w1tzr closed 5 years ago
interesting idea, I'll do some research about it.
Thanks!
Might potentially be able to use the ZipPackage class with compatibility back to .NET 3.0. It would impose some requirements on the format of the zip file, though:
its not possible to just use a third-party tool like 7-zip to create the zip files because the client side code can't open it -- ZipPackage adds a hidden file describing the content type of each component file and cannot open a zip file if that content type file is missing.
Using the Shell32
class is not a good option because you can't decompress streams. ZipStorer is great since you can use streams. Anyways the minimum version could be 4.0
because IronPython.dll
is set on 4.0
and TLS 1.1 and TLS 1.2 is only available since .NET 4.0
Related PR https://github.com/byt3bl33d3r/SILENTTRINITY/pull/55, @davidtavarez got the .NET version down to 4.0 which is an amazing start
The new windows stager (Naga) works with .NET 4.0, anything less than that will not work unfortunately due to Boolang requirements. This isn't a big deal in my mind just cause you can revert back to using Powershell attacks on anything with .NET < 4.0 as it doesn't have AMSI or anything else.
Closing.
Do you think you might be able to use COM interop to open the ZIP file using the "Shell.Application" COM interface?
Just a suggestion.