Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mdsecactivebreach/CACTUSTORCH

CACTUSTORCH: Payload Generation for Adversary Simulations
https://github.com/mdsecactivebreach/CACTUSTORCH

Last synced: 2 months ago
JSON representation

CACTUSTORCH: Payload Generation for Adversary Simulations

Host: GitHub
URL: https://github.com/mdsecactivebreach/CACTUSTORCH
Owner: mdsecactivebreach
Created: 2017-07-04T10:20:34.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2018-07-03T06:47:36.000Z (almost 6 years ago)
Last Synced: 2024-01-26T07:37:35.732Z (5 months ago)
Language: Visual Basic
Homepage:
Size: 41 KB
Stars: 980
Watchers: 43
Forks: 239
Open Issues: 3
Metadata Files:
- Readme: README.md

Lists

awesome-threat-detection - CACTUSTORCH - Payload Generation for Adversary Simulations. (Threat Simulation Tools / Related Awesome Lists)
Awesome-Threat-Detection - CACTUSTORCH - Payload Generation for Adversary Simulations. (Threat Simulation / Tools)
repo-2396-awesome-threat-detection - CACTUSTORCH - Payload Generation for Adversary Simulations. (Threat Simulation / Tools)
repo-2430-awesome-threat-detection - CACTUSTORCH - Payload Generation for Adversary Simulations. (Threat Simulation / Tools)

README

        ```

                                (              )  (            )  

   (    (       (    *   )      )\ )  *   ) ( /(  )\ )  (   ( /(  

   )\   )\      )\ ` )  /(   ( (()/(` )  /( )\())(()/(  )\  )\()) 

 (((_|(((_)(  (((_) ( )(_))  )\ /(_))( )(_)|(_)\  /(_)|((_)((_)\  

 )\___)\ _ )\ )\___(_(_())_ ((_|_)) (_(_())  ((_)(_)) )\___ _((_) 

((/ __(_)_\(_|(/ __|_   _| | | / __||_   _| / _ \| _ ((/ __| || | 

 | (__ / _ \  | (__  | | | |_| \__ \  | |  | (_) |   /| (__| __ | 

  \___/_/ \_\  \___| |_|  \___/|___/  |_|   \___/|_|_\ \___|_||_| 

```

Author and Credits

==================

Author: Vincent Yiu (@vysecurity)

Credits:

   - @cn33liz: Inspiration with StarFighters

   - @tiraniddo: James Forshaw for DotNet2JScript

   - @armitagehacker: Raphael Mudge for idea of selecting 32 bit version on 64 bit architecture machines for injection into

   - @_RastaMouse: Testing and giving recommendations around README

   - @bspence7337: Testing

Description

===========

A JavaScript and VBScript shellcode launcher. This will spawn a 32 bit version of the binary specified and inject shellcode into it.

DotNetToJScript can be found here: https://github.com/tyranid/DotNetToJScript

Usage:

======

* Choose a binary you want to inject into, default "rundll32.exe", you can use notepad.exe, calc.exe for example...

* Generate a 32 bit raw shellcode in whatever framework you want. Tested: Cobalt Strike, Metasploit Framework

* Run: cat payload.bin | base64 -w 0

* For JavaScript: Copy the base64 encoded payload into the code variable below

  ```var code = "";```

* For VBScript: Copy the base64 encoded payload into the code variable below

  ```Dim code: code = ""```

* Then run:

```wscript.exe CACTUSTORCH.js``` or ```wscript.exe CACTUSTORCH.vbs``` via command line on the target, or double click on the files within Explorer.

* For VBA: Copy the base64 encoded payload into a file such as code.txt

* Run python splitvba.py code.txt output.txt

* Copy output.txt under the following bit so it looks like:

  ```

  code = ""

  code = code & " Host CACTUSTORCH Payload

* Fill in fields

* File hosted and ready to go!