A post-explotation NSLOOKUP.exe command implemented in pure C#.
All binaries in HastySeries are built targeting .NET 3.5, for windows 7+ support. The following build env should be used:
- Windows 10 - 1803
- Visual Studio 2017
- .NET 3.5
choco install sysinternalsor strings from SysInternals in your current path
ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyNslookup.exe -help
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyNslookup.exe google.com
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyNslookup.exe 1.1.1.1Host Name : google.com
Address 0 : 172.217.15.78To prevent some basic string matching, some basic precautions where taken. of course this is a example and if OpSec is upmost concern change static key and use the HastyFixup string fixup project to build new strings before re-compile.
- All strings are XOR'd with a static key
- All strings are than encoded with Base64
- Strings are decoded at execution
- Strings are XOR'd with static key
- String is presented to console