• Stars
    star
    319
  • Rank 131,491 (Top 3 %)
  • Language Visual Basic
  • Created over 7 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.
  _________ __              ___________.__       .__     __                       
 /   _____//  |______ ______\_   _____/|__| ____ |  |___/  |_  ___________  ______
 \_____  \\   __\__  \\_  __ \    __)  |  |/ ___\|  |  \   __\/ __ \_  __ \/  ___/
 /        \|  |  / __ \|  | \/     \   |  / /_/  >   Y  \  | \  ___/|  | \/\___ \ 
/_______  /|__| (____  /__|  \___  /   |__\___  /|___|  /__|  \___  >__|  /____  >
        \/           \/          \/      /_____/      \/          \/           \/ 

A JavaScript and VBScript Based Empire Launcher - by Cn33liz 2017

Both Launchers run within their own embedded PowerShell Host, so we don't need PowerShell.exe. This might be usefull when a company is blocking PowerShell.exe and/or is using a Application Whitelisting solution, but does not block running JS/VBS files.

Empire PowerShell Host build by Cn33liz and embedded within JavaScript using DotNetToJScript from James Forshaw https://github.com/tyranid/DotNetToJScript

Usage:

* Setup a new Listener within PowerShell Empire.

* Use the Launcher command to Generate a PowerShell launcher for this listener.

* Copy and Replace the Base64 encoded Launcher Payload within the StarFighter JavaScript or VBScript file.

* For the JavaScript version use the following Variable: 

  var EncodedPayload = "<Paste Encoded Launcher Payload Here>"

* For the VBScript version use the following Variable: 
  
  Dim EncodedPayload: EncodedPayload = "<Paste Encoded Launcher Payload Here>"

* Then run: wscript.exe StarFighter.js or StarFighter.vbs on Target, or DoubleClick the launchers within Explorer.

BlueTeam Advice

  • Instead of Blocking PowerShell.exe, make sure you enable PowerShell Constrained Language to all of your users that do not need to use PowerShell for their daily work.
  • Use Device Guard and make sure you only allow signed Java, VBS and PowerShell Scripts to prevent Malicious use.

More Repositories

1

p0wnedShell

PowerShell Runspace Post Exploitation Toolkit
C#
1,519
star
2

MSBuildShell

MSBuildShell, a Powershell Host running within MSBuild.exe
283
star
3

CScriptShell

CScriptShell, a Powershell Host running within cscript.exe
C#
158
star
4

JSMeter

JavaScript Reversed TCP Meterpreter Stager
JavaScript
136
star
5

TpmInitUACBypass

Bypassing User Account Control (UAC) using TpmInit.exe
C++
125
star
6

VBSMeter

VBS Reversed TCP Meterpreter Stager
Visual Basic
87
star
7

SmashedPotato

C#
83
star
8

p0wnedLoader

C#
72
star
9

p0shKiller

C++
62
star
10

HSEVD-StackOverflowX64

HackSys Extreme Vulnerable Driver - Windows 10 x64 StackOverflow Exploit with SMEP Bypass
C
62
star
11

MacroMeter

VBA Reversed TCP Meterpreter Stager
Visual Basic
62
star
12

MS17-012

MS17-012 - COM Session Moniker EoP Exploit running within MSBuild.exe
59
star
13

SharpCat

SharpCat - A Simple Reversed Command Shell which can be started using InstallUtil (Bypassing AppLocker)
C#
46
star
14

EasySystem

Quick and dirty System (Power)Shell using NamedPipe impersonation.
C
43
star
15

TpmInitUACAnniversaryBypass

Bypassing User Account Control (UAC) using TpmInit.exe
C++
42
star
16

HSEVD-ArbitraryOverwriteGDI

HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit using GDI
C
40
star
17

HSEVD-StackOverflow

HackSys Extreme Vulnerable Driver - StackOverflow Exploit
C
30
star
18

p0wnedReverse

PowerShell Runspace Connect-Back Shell
C#
27
star
19

HSEVD-ArbitraryOverwrite

HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit
C
25
star
20

HSEVD-VariousExploits

HackSys Extreme Vulnerable Driver - Various Windows 7 x86 Kernel Exploits
C
21
star
21

HSEVD-StackCookieBypass

HackSys Extreme Vulnerable Driver - StackOverflow with Stack Cookie Bypass Exploit
C
19
star
22

HSEVD-StackOverflowGDI

HackSys Extreme Vulnerable Driver - Windows 10 x64 StackOverflow Exploit using GDI
C
18
star
23

HackTheBox-Jail

HTB Jail Remote Exploit By Cneeliz - 2017
Python
15
star
24

HSEVD-ArbitraryOverwriteLowIL

HackSys Extreme Vulnerable Driver - ArbitraryOverwrite Exploit using GDI -> Low Integrity to System
C
14
star
25

HackTheBox-Smasher

Python
8
star
26

FortiParse

Fortigate Configuration Parser
Python
4
star