GhostDelivery - This Tool Creates A Obfuscated .Vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions.
Features:
Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe), adds a scheduled task called "WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script. This tool also has a serveo function to deliver obfuscated vbs script.
Light version:
The light version is less noisy and only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path.
Prerequisites/requirements:
*Python 2.7, Modules imported in script. (random, sys, string, os, time, base64)
Source: feedproxy.google.com
GhostDelivery - This Tool Creates A Obfuscated .Vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence
Reviewed by Anonymous
on
2:53 PM
Rating: