Giter Club home page Giter Club logo

cactustorch's Introduction

                                (              )  (            )  
   (    (       (    *   )      )\ )  *   ) ( /(  )\ )  (   ( /(  
   )\   )\      )\ ` )  /(   ( (()/(` )  /( )\())(()/(  )\  )\()) 
 (((_|(((_)(  (((_) ( )(_))  )\ /(_))( )(_)|(_)\  /(_)|((_)((_)\  
 )\___)\ _ )\ )\___(_(_())_ ((_|_)) (_(_())  ((_)(_)) )\___ _((_) 
((/ __(_)_\(_|(/ __|_   _| | | / __||_   _| / _ \| _ ((/ __| || | 
 | (__ / _ \  | (__  | | | |_| \__ \  | |  | (_) |   /| (__| __ | 
  \___/_/ \_\  \___| |_|  \___/|___/  |_|   \___/|_|_\ \___|_||_|

Author and Credits

Author: Vincent Yiu (@vysecurity)

Credits:

  • @cn33liz: Inspiration with StarFighters
  • @tiraniddo: James Forshaw for DotNet2JScript
  • @armitagehacker: Raphael Mudge for idea of selecting 32 bit version on 64 bit architecture machines for injection into
  • @_RastaMouse: Testing and giving recommendations around README
  • @bspence7337: Testing

Description

A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.

DotNetToJScript can be found here: https://github.com/tyranid/DotNetToJScript

Usage:

  • Choose a binary you want to inject into, default "rundll32.exe", you can use notepad.exe, calc.exe for example...

  • Generate a 32 bit raw shellcode in whatever framework you want. Tested: Cobalt Strike, Metasploit Framework

  • Run: cat payload.bin | base64 -w 0

  • For JavaScript: Copy the base64 encoded payload into the code variable below

    var code = "<base64 encoded 32 bit raw shellcode>";

  • For VBScript: Copy the base64 encoded payload into the code variable below

    Dim code: code = "<base64 encoded 32 bit raw shellcode>"

  • Then run:

wscript.exe CACTUSTORCH.js or wscript.exe CACTUSTORCH.vbs via command line on the target, or double click on the files within Explorer.

  • For VBA: Copy the base64 encoded payload into a file such as code.txt

  • Run python splitvba.py code.txt output.txt

  • Copy output.txt under the following bit so it looks like:

    code = ""
code = code & "<base64 code in 100 byte chunk"
code = code & "<base64 code in 100 byte chunk"

  • Copy and paste the whole payload into Word Macro

  • Save Word Doc and send off or run it.

CobaltStrike

  • Load CACTUSTORCH.cna
  • Go to Attack -> Host CACTUSTORCH Payload
  • Fill in fields
  • File hosted and ready to go!

cactustorch's People

Contributors

vysec avatar meatballs1 avatar rasta-mouse avatar

Watchers

Keybo@rd007 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.