A post-explotation uptime check implemented in pure C#.
All binaries in HastyShot are built targeting .NET 3.5, for windows 7+ support. The following build env should be used:
- Windows 10 - 1803
- Visual Studio 2017
- .NET 3.5
choco install sysinternalsor strings from SysInternals in your current path
ALL HastySeries compiled binaries can be found on the github page with the most recent releases. NOTE: THESE have many static sigs.. dont drop to disk unless you are sure they are cleared via PSP testing.
C:\Users\rt\Desktop\HastySeries\bin\Release>HastyUptime.exe[*] Current uptime using GetTimeStamp():
* Days: 2
* Hours: 0
* Minutes: 7
* Seconds: 12To prevent some basic string matching, some basic precautions where taken. of course this is a example and if OpSec is upmost concern change static key and use the HastyFixup string fixup project to build new strings before re-compile.
- All strings are XOR'd with a static key
- All strings are than encoded with Base64
- Strings are decoded at execution
- Strings are XOR'd with static key
- String is presented to console