Skip to content
No description, website, or topics provided.
C#
Branch: master
Clone or download
Casey
Casey Updated "last updated" timestamp
Updated README.md to include naming credit
Latest commit 5c6158d Oct 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
DueDLLigence Updated "last updated" timestamp Oct 10, 2019
packages added packages Oct 7, 2019
.gitignore Initial Commit Oct 7, 2019
DueDLLigence.sln Initial Commit Oct 7, 2019
README.md Updated "last updated" timestamp Oct 10, 2019

README.md

DueDLLigence

Shellcode runner for all application whitelisting bypasses. The shellcode included in this project spawns calc.exe.

If desired, change the injection type by modifying the following line to the appropriate injection type
public const ExecutionMethod method = ExecutionMethod.CreateThread;

Running the DLL with the following legitimate exes

Control.exe

Export: CPlApplet Syntax: Rename compiled “dll” extension to “cpl” and just double click it!
Control.exe [cplfile]
Rundll32.exe Shell32.dll, Control_RunDLL [cplfile]

Rasautou

Export: powershell
rasautou –d {dllpayload} –p powershell –a a –e e

Msiexec

Export: DllUnregisterServer
msiexec /z {full path to msiexec.dll}


Credit for the DueDLLigence name goes to Paul Sanders (@saul_panders)

You can’t perform that action at this time.