I learned a few things and had to trouble shoot a few things so I thought this might be helpful to someone else.
First, big thanks to Am0nSec, Hasherezade, Benjamin Delpy and Vincent Le Toux for their code contributions to the community.
Here is how got it working.
I got the SharpHellsGate code from Am0nsec here:
https://github.com/am0nsec/SharpHellsGate
I Got the PE to Shellcode from Hasherezade here:
I’m getting these files from PE to Shellcode.
I download a mimikatz release from here:
I’m grabbing this file.
I extract it and go to the x64 folder
I copy it to folder where I put the PE to Shellcode binaries and run “PE2shc.exe mimikatz.exe”
I copy mimikatz.sh.exe to my kali box and run “xxd -i mimikatz.shc.exe > mimi.out”
Next, I open up the SharpHellsGate code in Visual Studio. FYI, I have defender turned off (defender does catch this). I’m looking at the HellsGate.cs code here. This is the sample payload that comes with the source Am0nsec provided.
I’ll get rid of it for now and remove the size on the array.
I’m going to replace it with the shellcode PE to Shellcode created but I’m going to use notepad++ because Visual Studio doesn’t like me pasting that much data. NotePad++ handles it better.
I’m only copying everything after the “{“ all the way down to just before the “}”. Mimi.out is what got created when I ran the xxd -i command earlier.
I paste the shell code into HellsGate.cs where I emptied the original payload. I save HellsGate.cs and reopen the file in visual studio. Now its really LONG!
When I compile and run it, I get this problem (see image below). It starts but it closes! I’ll fix that!!!
I go to the program.cs file. I need to put a little code after gate.Payload(); Here it is before changes.
It took me a little bit to figure this out but it works. Here is what i’m pasting below the gate.Payload(). I don’t know why the image quality is poor.
Console.ReadLine();
while (true)
{
var x = Console.ReadLine();
Console.OpenStandardError(100);
}
Now it runs but it is a little quirky. The first command I give it works fine, However, after that it ignores whatever I put in the “mimikatz #” prompt so I just hit the enter key on this line. Then I put whatever command I want on the line below and it works fine.
Here is another example, I open a command prompt as Admin and I’ll dump my credentials.
Feel free to follow me on twitter (@_markmo_ yes, with the underscores). I try to share what I learn. Hopefully you learned something too.
If you figure out how to make that last bit function a little better, please let me know. I just slammed in the first thing that worked.