securityonline.info

Description

A JavaScript and VBScript shellcode launcher. This will spawn a 32-bit version of the binary specified and inject shellcode into it.

DotNetToJScript can be found here: http://ift.tt/2ocnTpH

Download

git clone http://ift.tt/2upi7Y1

Usage:

Choose a binary you want to inject into, default “rundll32.exe”, you can use notepad.exe, calc.exe for example…

Generate a 32 bit raw shellcode in whatever framework you want. Tested: Cobalt Strike, Metasploit Framework

Run: cat payload.bin | base64 -w 0

For JavaScript: Copy the base64 encoded payload into the code variable belowvar code = “”;

For VBScript: Copy the base64 encoded payload into the code variable belowDim code: code = “”

Then run:

wscript.exe CACTUSTORCH.js or wscript.exe CACTUSTORCH.vbs via command line on the target, or double click on the files within Explorer.

For VBA: Copy the base64 encoded payload into a file such as code.txt

Run python splitvba.py code.txt output.txt

Copy output.txt under the following bit so it looks like:

code = “”
code = code & “<base64 code in 100 byte chunk"
code = code & " Host CACTUSTORCH Payload

Fill in fields

File hosted and ready to go!

Tutorial

Payload Generation with CACTUSTORCH

Demo

Author and Credits

Author: Vincent Yiu (@vysecurity)

Credits:

@cn33liz: Inspiration with StarFighters

@tiraniddo: James Forshaw for DotNet2JScript

@armitagehacker: Raphael Mudge for idea of selecting 32 bit version on 64 bit architecture machines for injection into

@_RastaMouse: Testing and giving recommendations around README

@bspence7337: Testing

Source: Github

The post CACTUSTORCH: Payload Generation for Adversary Simulations appeared first on Penetration Testing.

http://ift.tt/2uXQp1n http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s