Comments (16)
@adelicato @Sh0ckFR I see a bug with the zip function handling full and relative paths. I am working to address it right now. If you use the current folder where the zipexec binary is living i.ie -I binary.exe, -o output.js, rather than /home/user/...
it should be a quick workaround while I fix this. @Acey34 Once I address this bug I will provide something along those lines.
from zipexec.
We would appreciate if @Tylous can provide with a short video of the PoC
from zipexec.
@Acey34 I am still tweaking things to make sure all potential inputted paths work. I will add something demo-wise shortly afterward.
from zipexec.
That bug should be fixed. As for the Defender comment, @Sh0ckFR Defender is probably catching it at runtime. This technique helps avoid everything but that. When a payload runs it acts the same way as it would if you just double-clicked it and ran. This is simply a unique way of delivering a binary-based payload to an endpoint and protecting it on disk.
from zipexec.
I agree with you, it does not work on my side either
from zipexec.
Two things come to mind, the first is the windows 10 machine on a domain? if it's not it won't work because the -sandbox will only allow it to run on Domain-Joined systems. The second is the binary itself. It might be worth trying different loaders.
from zipexec.
Mine is just in the WORKGROUP, why is it mandatory to be part of a domain? I have tried a bunch of different binaries so I will try adding the machine to a domain and see what happens
from zipexec.
If its not domain-joined then don't use the -sandbox
flag
from zipexec.
On my side, I tested both options, with -sandbox
flag and and without, my binary is a classic cobalt-strike beacon and nothing happening (in stageless or stagefull mode)
My windows vm version is a windows 10.0.19043, I will try on another vm with a different version tomorrow
from zipexec.
I have tried both with and without the -sandbox
flag and it does not work (with a bunch of different binaries as I said before). Could you provide a working binary (and a way to check if it worked)?
from zipexec.
@Acey34 Nope, and I checked the %temp%
directory, the zip file is not present
from zipexec.
when i run the js, the exe created in %TEMP% was caught by the anti-malware...
from zipexec.
@Tylous I can confirm, it is working with stageless payloads without absolute paths, but yes like specified by @dennis268 the payload is detected by Windows Defender, I'm able to avoid the AV with my custom payload but I guess, this is not the goal here (interesting way anyway)
from zipexec.
@Sh0ckFR If the issue has been resolved, should we close the thread?
@Tylous Also, I would appreciate it if you can add a quick demo of the PoC along the fixes as well.
from zipexec.
@Acey34 I will close the thread once the bug is fixed and I also hope that the detection can be avoided, if so, it will be a really nice PoC
from zipexec.
Okay, I totally understand, this is a normal behavior then, good job, I close this thread
from zipexec.
Related Issues (7)
- Loader.js Problem HOT 3
- Not Working HOT 2
- nice HOT 1
- No se visualiza el archivo loader.js HOT 2
- Temp1_xxxx.zip ?
- Cryptor HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zipexec.