MaliciousMacroGenerator/configs/wmi-msbuild-evasion-domain....

{
	"description": "Command exec payload Certutil and MSBuild Whitelisting Bypass using WMI \nEvasion technique set to domain check",
	"template": "templates/payloads/wmi-msbuild-evasion-domain-template.vba",
	"varcount": 150,
	"encodingoffset": 3,
	"chunksize": 200,
	"encodedvars": 	{
				"DOMAIN":"TEST"
			},
	"vars": 	[],
	"evasion": 	["encoder", "domain"],
	"payload": "INSERT YOUR PAYLOAD BASE64 MSBUILD XML HERE"
}
Create wmi-msbuild-evasion-domain.json 2018-06-21 01:26:24 +00:00			`{`
			`"description": "Command exec payload Certutil and MSBuild Whitelisting Bypass using WMI \nEvasion technique set to domain check",`
			`"template": "templates/payloads/wmi-msbuild-evasion-domain-template.vba",`
			`"varcount": 150,`
			`"encodingoffset": 3,`
			`"chunksize": 200,`
			`"encodedvars": {`
			`"DOMAIN":"TEST"`
			`},`
			`"vars": [],`
			`"evasion": ["encoder", "domain"],`
			`"payload": "INSERT YOUR PAYLOAD BASE64 MSBUILD XML HERE"`
			`}`