Skip to content
/ Payload-to-iso-packager Public

Lighweight script to create ISO payloads by using DLL sideloading and LNK file to trigger the payload execution.

5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Preffet/Payload-to-iso-packager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
PackMyPayload
PackMyPayload
 
 
README.md
README.md
 
 
make-iso.ps1
make-iso.ps1
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Badge tracking project sizeBadge tracking code sizeBadge tracking last commit

Screen Shot 2023-05-31 at 17 59 19

Description

Small powershell script to create ISO payloads by using DLL sideloading and then LNK file to trigger the payload execution. Can be used to bypass Mark-Of-Web.

Requirements

Use the pip install -r requirements.txt command to install all of the Python modules and packages listed in your requirements.txt file

Also PackMyPayload by Mariusz Banach / mgeeky script is used, but it is included with the project files, you do not need to install it.

High-Level Script Overview

  1. DLL file, an EXE file, and a LNK file are provided as inputs.
  2. Check if the necessary input parameters are provided, and also if the provided LNK file has the correct extension.
  3. If all inputs are correct, create a shortcut file (.lnk) with the given parameters using Windows Script Host (WSH) COM object. This shortcut file opens a command prompt and runs the EXE file specified in the parameters.
  4. Create two directories if they don't exist yet: "Payloads" and "Output". The former is used to store the input files (DLL, EXE, LNK), and the latter is used to store the output ISO file.
  5. Copy the input files (DLL, EXE, LNK) to the "Payloads" directory.
  6. After all the files are in place, package these files into an ISO file. The files "OneDriveStandaloneUpdater.exe" and "version.dll" (your payload) are hidden in the ISO.
  7. If successful, display a message stating that the payload was created successfully, if an error occurs at any point in the process (such as Python or required dependencies not being installed), catch the error and display the error message.

Usage

To run the script, you can use:

.\make-iso.ps1 -dll version.dll -lnk readme.txt.lnk -iso Updates.iso -file OneDriveStandaloneUpdater.exe

Here:

  • OneDriveStandaloneUpdater.exe is a real Microsoft OneDrive binary. By default it is located at C:\Users%USERPROFILE%\AppData\Local\Microsoft\OneDrive
  • version.dll is your payload script (you have to rename it to "version.dll")
  • readme.txt.lnk is the LNK file that will trigger the payload process. You can rename it if you wish.
  • Updates.iso is the final payload containing all pieces, you can rename it if you wish.

Disclaimer

This application was developed as part of my learning journey around DLL sideloading and is intended solely for educational purposes.

About

Lighweight script to create ISO payloads by using DLL sideloading and LNK file to trigger the payload execution.

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages