G0ldenGunSec/backdoorLnkMacroStagerCellEmbed G0ldenGunSec/backdoorLnkMacroStagerCellEmbed

  • Stars
    star
    5
  • Rank 2,850,299 (Top 57 %)
  • Language
    Python
  • Created almost 7 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
G0ldenGunSec/backdoorLnkMacroStagerCellEmbed
github

G0ldenGunSec

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Data is embedded in .xls cells and called in the macro to evade detection. Backdoors are self-cleaning on execution.

More Repositories

1

SharpSecDump

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
C#
571
star
2

SharpTransactedLoad

Load .net assemblies from memory while having them appear to be loaded from an on-disk location.
C#
157
star
3

PowerPriv

A Powershell implementation of PrivExchange designed to run under the current user's context
PowerShell
123
star
4

GetWebDAVStatus

Determine if the WebClient Service (WebDAV) is running on a remote system
C
117
star
5

wmiServSessEnum

.net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems
C#
32
star
6

DayBird

Extension functionality for the NightHawk operator client
C#
26
star
7

backdoorLnkMacroStagerObfuscated

Obfuscated Powershell Empire 2.x stager that allows for creation of a macro which uses VBA to backdoor .lnk files on the system. This is done to obtain a shell via follow-up user interaction natively through powershell, in order to evade tools that monitor process execution. Backdoors are self-cleaning on execution.
Python
17
star
8

PreliminaryBackdoorLnkMacroStager

Original testing version of the backdoorLnkMacroStager - please reference backdoorLnkMacroStagerObfuscated or backdoorLnkMacroStagerCellEmbed for current versions
Python
5
star
9

Service-Executable-Permissions-Checker

PowerShell
3
star