byt3bl33d3r
commented
5 years ago interesting idea, I'll do some research about it.
Thanks!
Closed h0w1tzr closed 5 years ago
byt3bl33d3r
commented
5 years ago interesting idea, I'll do some research about it.
Thanks!
egypt
commented
5 years ago Might potentially be able to use the ZipPackage class with compatibility back to .NET 3.0. It would impose some requirements on the format of the zip file, though:
its not possible to just use a third-party tool like 7-zip to create the zip files because the client side code can't open it -- ZipPackage adds a hidden file describing the content type of each component file and cannot open a zip file if that content type file is missing.
davidtavarez
commented
5 years ago Using the Shell32 class is not a good option because you can't decompress streams. ZipStorer is great since you can use streams. Anyways the minimum version could be 4.0 because IronPython.dll is set on 4.0 and TLS 1.1 and TLS 1.2 is only available since .NET 4.0
byt3bl33d3r
commented
5 years ago Related PR https://github.com/byt3bl33d3r/SILENTTRINITY/pull/55, @davidtavarez got the .NET version down to 4.0 which is an amazing start
byt3bl33d3r
commented
5 years ago The new windows stager (Naga) works with .NET 4.0, anything less than that will not work unfortunately due to Boolang requirements. This isn't a big deal in my mind just cause you can revert back to using Powershell attacks on anything with .NET < 4.0 as it doesn't have AMSI or anything else.
Closing.
Do you think you might be able to use COM interop to open the ZIP file using the "Shell.Application" COM interface?
Just a suggestion.