January | 2016 | kickass infosec

Hey,

I thought I would share some code snippets used in various projects of mine. The code I will be sharing can be compiled with Visual Studio 2015 or later (probably).

The first one is a piece of code to get any of the KNOWNFOLDERID‘s in Windows.

#include "stdafx.h"
#include <Windows.h>
#include <string>
#include <Shlobj.h> 
#include <comutil.h> //for _bstr_t (used in the string conversion below)

#pragma comment(lib, "Advapi32.lib") //To get the FOLDERID_vars
#pragma comment(lib, "comsuppw") //For the _bstr_t conversion
using namespace std;

string GetAppDataPath() {

	//Get the folder C:\Users\<user>\AppData\Local which is given by FOLDERID_LocalAppData
	LPWSTR wszPath = NULL;
	SHGetKnownFolderPath(FOLDERID_LocalAppData, 0, NULL, &wszPath);

	//Convert the unicode char to string.
	_bstr_t bstrPath(wszPath);
	std::string strPath((char*)bstrPath);

	return strPath;
}
int main()
{
	
	string tmp = GetAppDataPath();
	//Will give you a messagebox showing the path.
	MessageBoxA(0, tmp.c_str(), "Demo", 0);
	return 0;
}

#include "stdafx.h"

#include <Windows.h>

#include <string>

#include <Shlobj.h>

#include <comutil.h> //for _bstr_t (used in the string conversion below)

#pragma comment(lib, "Advapi32.lib") //To get the FOLDERID_vars

#pragma comment(lib, "comsuppw") //For the _bstr_t conversion

using namespace std;

string GetAppDataPath() {

//Get the folder C:\Users\<user>\AppData\Local which is given by FOLDERID_LocalAppData

LPWSTR wszPath = NULL;

SHGetKnownFolderPath(FOLDERID_LocalAppData, 0, NULL, &wszPath);

//Convert the unicode char to string.

_bstr_t bstrPath(wszPath);

std::string strPath((char*)bstrPath);

return strPath;

}

int main()

{

string tmp = GetAppDataPath();

//Will give you a messagebox showing the path.

MessageBoxA(0, tmp.c_str(), "Demo", 0);

return 0;

}

If you are using shellcode from meterpreter and you are going to bundle this into another executable, you can execute the shellcode by using this code.

void executeShellcode() {
//My NOP-sled
unsigned char buf[] =
		"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
		"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
		"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

	//Executing the NOP-sled
	void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	memcpy(exec, buf, sizeof buf);
	((void(*)())exec)();
}

void executeShellcode() {

//My NOP-sled

unsigned char buf[] =

"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"

"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";

//Executing the NOP-sled

void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

memcpy(exec, buf, sizeof buf);

((void(*)())exec)();

}

The last snippet is code that can be used to convert a string in hex to the char values.

#include "stdafx.h"
#include <Windows.h>
#include <string>
#include <sstream>
using namespace std;
int main()
{
	
	string hex = "414243"; //ABC in hex, 41=A, 42=B, 43=C
	int len = hex.length();
	stringstream ss;
	for (int i = 0; i< len; i += 2)
	{
		string byte = hex.substr(i, 2);
		char chr = (char)(int)strtol(byte.c_str(), NULL, 16);
		ss << chr;
	}

	MessageBoxA(0, ss.str().c_str(), "Decoded", 0);
	
    return 0;
}

#include "stdafx.h"

#include <Windows.h>

#include <string>

#include <sstream>

using namespace std;

int main()

{

string hex = "414243"; //ABC in hex, 41=A, 42=B, 43=C

int len = hex.length();

stringstream ss;

for (int i = 0; i< len; i += 2)

{

string byte = hex.substr(i, 2);

char chr = (char)(int)strtol(byte.c_str(), NULL, 16);

ss << chr;

}

MessageBoxA(0, ss.str().c_str(), "Decoded", 0);

return 0;

}

Good luck!

kickass infosec

saving the world one byte at a time

Monthly Archives: January 2016

Various code snippets in C++ (Mostly WINAPI)