GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → EncodeGroup → AggressiveGadgetToJScript

EncodeGroup / AggressiveGadgetToJScript

Licence: GPL-3.0 license
A Cobalt Strike Aggressor script to generate GadgetToJScript payloads

Programming Languages

C#
18002 projects
javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language

Labels

redteamaggressoraggressor-scriptcobaltstrikegadgettojscript-payloads

Projects that are alternatives of or similar to AggressiveGadgetToJScript

DNSWho
transmit cs beacon (shellcode) over self-made dns to avoid anti-kill and AV
Stars: ✭ 47 (-47.78%)
Mutual labels:  redteam, cobaltstrike
Gopher
C# tool to discover low hanging fruits
Stars: ✭ 73 (-18.89%)
Mutual labels:  redteam
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Stars: ✭ 156 (+73.33%)
Mutual labels:  redteam
Malleable-C2-Profiles
Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.
Stars: ✭ 168 (+86.67%)
Mutual labels:  cobaltstrike
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-33.33%)
Mutual labels:  redteam
GoPhish-Templates
GoPhish Templates that I have retired and/or templates I've recreated.
Stars: ✭ 76 (-15.56%)
Mutual labels:  redteam
PwnedPasswordsChecker
Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
Stars: ✭ 52 (-42.22%)
Mutual labels:  redteam
csOnvps
CobaltStrike4.4 一键部署脚本 随机生成密码、key、端口号、证书等,解决cs4.x无法运行在Linux上报错问题 灰常银杏化设计
Stars: ✭ 263 (+192.22%)
Mutual labels:  cobaltstrike
dummyDLL
Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.
Stars: ✭ 35 (-61.11%)
Mutual labels:  redteam
aterm
It records your terminal, then lets you upload to ASHIRT
Stars: ✭ 17 (-81.11%)
Mutual labels:  redteam
Some Pentesters SecurityResearchers RedTeamers
Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...
Stars: ✭ 60 (-33.33%)
Mutual labels:  redteam
BlueTeam.Lab
Blue Team detection lab created with Terraform and Ansible in Azure.
Stars: ✭ 82 (-8.89%)
Mutual labels:  redteam
ligolo-ng
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Stars: ✭ 418 (+364.44%)
Mutual labels:  redteam
Screenshooter
C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
Stars: ✭ 61 (-32.22%)
Mutual labels:  cobaltstrike
SLib
SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#
Stars: ✭ 50 (-44.44%)
Mutual labels:  redteam
RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
Stars: ✭ 2,991 (+3223.33%)
Mutual labels:  redteam
DInvoke shellcodeload CSharp
ShellCodeLoader via DInvoke
Stars: ✭ 41 (-54.44%)
Mutual labels:  redteam
MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (-12.22%)
Mutual labels:  redteam
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-32.22%)
Mutual labels:  redteam
palinka c2
Just another useless C2 occupying space in some HDD somewhere.
Stars: ✭ 14 (-84.44%)
Mutual labels:  redteam
View All Similar Projects ➔

AggressiveGadgetToJScript

We created this aggressor script in order to automate the generation of payloads using the GadgetToJScript technique.

For the purposes of this release, we used a common injector that implements the QueueUserAPC injection method and injects to notepad.exe.

Feel free to use your own templates.

Additionally, the shellcode generated is compressed before being used in the injector template.

Usage

  • Install mono framework: apt install mono-complete.
  • Set the path variables inside GadgetToJScript.cna:
    • $toolpath is the absolute path of the installation directory.
    • $outpath is the directory used to output all generated artifacts.
    • $python3 is the absolute path of python3 binary.
    • $gzip is the absolute path of gzip binary.
    • $mcs is the absolute path of mcs binary.
  • Load cna into CobaltStrike.
  • A new menu CustomPayloads will appear. Generate the payload choosing listener, staged / stageless, architecture. Payload will be stored in your defined $outpath.
  • Due to ConfigurationManager.AppSettings being readonly in Mono (mono/mono#11751), we have to copy the generated EXE file into a windows box and execute it.
  • The final GadgetToJscript payload (.js) will be generated. Currently using the reg-free template from GadgetToJscript.

Configuration:

$toolpath = "/opt/cobaltstrike/custom/AggressiveGadgetToJScript";
$outpath = "/tmp/payloads";
$python3 = "/usr/bin/python3";
$gzip = "/usr/bin/gzip";
$mcs = "/usr/bin/mcs";

Caveats

  • Payload generated (.js) gets flagged by AV. Consider obfuscating /Templates/GadgetToJScript.js. As a PoC we opted using a powerful royal-like technique directly stolen from Caesar!
  • Shellcode can also be encrypted by placing an encrypt function in Helper.py and a decrypt function in /Templates/Injector.cs
  • Injection method can be replaced in /Templates/Injector.cs. Just make sure to place it in the constructor of the class.

Authors

Credits

This tool is based on:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].