Closed fSociety-Protected closed 2 months ago
private async void QUIT_Click(object sender, RoutedEventArgs e)
{
using (NamedPipeClientStream pipe = new NamedPipeClientStream(".", "$r77", PipeDirection.InOut))
{
pipe.Connect();
int controlCode = CONTROL_USER_UNNISTALL;
string shellExecPath = @"C:\Windows\System32\notepad.exe";
string shellExecCommandline = "mytextfile.txt";
byte[] controlCodeBytes = BitConverter.GetBytes(controlCode);
byte[] shellExecPathBytes = Encoding.Unicode.GetBytes(shellExecPath + "\0");
byte[] shellExecCommandlineBytes = Encoding.Unicode.GetBytes(shellExecCommandline + "\0");
pipe.Write(controlCodeBytes, 0, controlCodeBytes.Length);
pipe.Write(shellExecPathBytes, 0, shellExecPathBytes.Length);
pipe.Write(shellExecCommandlineBytes, 0, shellExecCommandlineBytes.Length);
}
}
📋 📋 [ UPDATE ] — 30/04/2024 | 20:57
I found the error, the error, was the name of the pipe, its rlly strange cause If I change the name of the pipe to another thing than PREFIX + "control" then I cant connect to PIPE.
But when the name is PREFIX + "control" then works nice! 🧡 🔥
Yeah, the name of the pipe was simply wrong. Also, you only need to send the two bytes of CONTROL_USER_UNNISTALL
without the other parameters, they will be ignored.
Check out 4.10 Compile Time Constants in the documentation if you want to change the name of the pipe or other constants.
✔ ✔ [ SOLVED ] — 03/05/2024 | 03:25
The solution was in the definitions, I really don't know why I didn't see it before, sometimes the things that you have closer, are the ones that are more difficult to discern. 🥴
Hey! How you doing @bytecode77!! 🧡 🔥
I'd need you to give me a hand, because I'm going crazy, really... 🥴 😅 🥴
I want control the rootkit using PIPES, but Im trying to connect him to send the UNINSTALL command as a function, as its likely impossible 😭 😭
And I try to translate the code into a C# but dont works 🤔🤔 I hope you can help me a bit, how I can made it work that! 🙏 🙏