Skip to content

eladshamir/RPC-Backdoor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

RpcClient

RpcClient

 
 

RpcServer

RpcServer

 
 

RpcServerDll

RpcServerDll

 
 

RpcServerInterface

RpcServerInterface

 
 

RpcServerInterface2

RpcServerInterface2

 
 

RpcSharpClient

RpcSharpClient

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

RPC Backdoor.sln

RPC Backdoor.sln

 
 

Repository files navigation

RPC Backdoor Emulation

This project is a basic implementation of an "RPC Backdoor" meant to emulate TTPs used by certain groups.

The project contains an RPC server with five functions:

  • Execute a command with cmd.exe /c and the CreateProcess API call.
  • Steal a token and execute a command with cmd.exe /c and the CreateProcessWithTokenW API call.
  • Download a file from the remote host.
  • Upload a file to the remote host.
  • Terminate the RPC server.

The server is implemented both as an executable (RpcServer) and a DLL (RpcServerDll).

The server registers two RPC servers:

  1. RPC over named pipes with the hard-coded pipe name "ncacn_np".
  2. RPC over TCP/IP with the hard-coded port number 4747.

The client is implemented both as a native executable (RpcClient) and a .NET executable (RpcSharpClient).

About

A basic emulation of an "RPC Backdoor"

Resources

Readme

License

MIT license
Activity

Stars

191 stars

Watchers

4 watching

Forks

44 forks
Report repository

Releases 1

RPC Backdoor v1.0 Latest
Aug 25, 2022

Languages