GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Arno0x → ObfuscateCactusTorch

Arno0x / ObfuscateCactusTorch

Licence: GPL-3.0 license
When CactusTorch meets WebDavDelivery and obfuscation

Programming Languages

python
139335 projects - #7 most used programming language
Smarty
1635 projects

Obfuscate CactusTorch

Author: Arno0x0x - @Arno0x0x

The CactusTorch project from Vincent Yiu (@vysecurity) is a fantastic toolkit making use of the DotNetToJScript project.

This little tool tries to achieve two goals:

  1. Make a more obfuscated versions of the Office macro (VBA) and JScript stagers,
  2. Make use my WebDavDelivery project to deliver the shellcode and CactusTorch serialized assembly.

Here is born ObfuscateCactusTorch, when CactusTorch meets WebDavDelivery :-).

How to use it

Installation is pretty straight forward:

  • Git clone this repository: git clone https://github.com/Arno0x/ObfuscateCactusTorch ObfuscateCactusTorch
  • cd into the WebDAVDelivery folder: cd ObfuscateCactusTorch
  • Give the execution rights to the main script: chmod +x obfuscateCactusTorch.py

  1. Get a working copy of WebDavDelivery tool

  2. Lunch obfuscateCactusTorch.py with the following arguments:

    • type of stager to generate: can be either js or vba
    • IP address or FQDN of the WebDavDelivery server
    • binary name in which CactusTorch should inject the shellcode (must be a 32 bits binary check CactusTorch project for details)
    • output file name for the generated stager (either VBA or JS)

  1. Generate an x86 shellcode with no encoding, you can use metasploit for instance.
  2. Copy the shellcode file as well as the provided cactusTorch/cactusTorch_serialized.bin in the servedFiles folder of your WebDav Delivery folder.
  3. Start WebDavDelivery.
  4. On the target system, launch the stager generated in step 2.
  5. You can see on the WebDavDelivery side that the stager is downloading the shellcode and the serialized object.

  1. Let the magic happen :-)

DISCLAIMER

This tool is intended to be used in a legal and legitimate way only:

  • either on your own systems as a means of learning, of demonstrating what can be done and how, or testing your defense and detection mechanisms
  • on systems you've been officially and legitimately entitled to perform some security assessments (pentest, security audits)

Quoting Empire's authors: There is no way to build offensive tools useful to the legitimate infosec industry while simultaneously preventing malicious actors from abusing them.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].