Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Cn33liz/StarFighters

A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
https://github.com/Cn33liz/StarFighters

Last synced: 22 days ago
JSON representation

A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.

Host: GitHub
URL: https://github.com/Cn33liz/StarFighters
Owner: Cn33liz
Created: 2017-06-05T18:28:22.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2017-06-05T19:18:38.000Z (over 7 years ago)
Last Synced: 2024-11-11T05:14:23.903Z (about 1 month ago)
Language: Visual Basic
Size: 26.4 KB
Stars: 319
Watchers: 25
Forks: 66
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - Cn33liz/StarFighters - A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host. (Visual Basic)

README

```
_________ __ ___________.__ .__ __
/ _____// |______ ______\_ _____/|__| ____ | |___/ |_ ___________ ______
\_____ \\ __\__ \\_ __ \ __) | |/ ___\| | \ __\/ __ \_ __ \/ ___/
/ \| | / __ \| | \/ \ | / /_/ > Y \ | \ ___/| | \/\___ \
/_______ /|__| (____ /__| \___ / |__\___ /|___| /__| \___ >__| /____ >
\/ \/ \/ /_____/ \/ \/ \/
```

### A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017

Both Launchers run within their own embedded PowerShell Host, so we don't need PowerShell.exe.
This might be usefull when a company is blocking PowerShell.exe and/or is using a Application Whitelisting solution, but does not block running JS/VBS files.

Empire PowerShell Host build by Cn33liz and embedded within JavaScript using DotNetToJScript from James Forshaw
https://github.com/tyranid/DotNetToJScript

```
Usage:

* Setup a new Listener within PowerShell Empire.

* Use the Launcher command to Generate a PowerShell launcher for this listener.

* Copy and Replace the Base64 encoded Launcher Payload within the StarFighter JavaScript or VBScript file.

* For the JavaScript version use the following Variable:

var EncodedPayload = ""

* For the VBScript version use the following Variable:

Dim EncodedPayload: EncodedPayload = ""

* Then run: wscript.exe StarFighter.js or StarFighter.vbs on Target, or DoubleClick the launchers within Explorer.
```

### BlueTeam Advice
* Instead of Blocking PowerShell.exe, make sure you enable PowerShell Constrained Language to all of your users that do not need to use PowerShell for their daily work.
* Use Device Guard and make sure you only allow signed Java, VBS and PowerShell Scripts to prevent Malicious use.