• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    Python
  • Created over 8 years ago
  • Updated over 8 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is JSRat.ps1 in Python

MyJSRat.py

0x00 JSbackdoor

关于javascript backdoor 请查看:

JavaScript Backdoor

JavaScript Phishing

JSRat.ps1

0x01 说明

研究JSbackdoor 之后想着写一个py版的,后来发现已经有小伙伴写过了,地址如下:JSRat-Py

测试使用的时候,为了更加方便,对上面的这个脚本进行了修改,添加了-c 参数可以实现在客户端连接之后自动执行命令。具体使用方式如下:

JSRat Server
By: Evi1cg

Usage: MyJSRat.py [options]

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -i IP, --ip=IP        IP to Bind Server to (i.e. 192.168.0.69)
  -p PORT, --port=PORT  Port to Run Server on
  -u URL, --url=URL     URL to Initiate Client Connection (default: /connect)
  -f, --find-ip         Display Current Internal and External IP Addresses
  -c CMD, --command=CMD
                        auto Send command to client (No interaction)
  -v                    Enable Verbose Output

-f 参数可获取内外网ip地址:

Alt text

脚本修改分为两个模式,交互模式以及执行命令模式。

交互模式命令如下

 python MyJSRat.py -i 192.168.1.101 -p 8080

-u 为可选参数,为回连url地址。

交互模式下可进行文件上传、下载、删除、命令执行等。

执行命令模式命令如下

python MyJSRat.py -i 192.168.1.101 -p 8080 -c "whoami"

执行命令模式下,会在获得shell之后自动执行指定命令,使用了new ActiveXObject("WScript.Shell").Run(command,0,true),执行无回显,无弹框。

交互界面如下:

Alt text

命令发送:

Alt text

0x02 URL 说明

0x03 实际利用

CHM + JSRAT = Getshell

Alt text

Detail : chm_backdoor

More Repositories

1

Intranet_Penetration_Tips

2018年初整理的一些内网渗透TIPS,后面更新的慢,所以整理出来希望跟小伙伴们一起更新维护~
4,089
star
2

noPac

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Python
567
star
3

CVE-2017-11882

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
Python
531
star
4

Pentest

tools
C
524
star
5

Exchange2domain

CVE-2018-8581
Python
358
star
6

cve-2020-0688

cve-2020-0688
Python
315
star
7

acefile

POC of https://research.checkpoint.com/extracting-code-execution-from-winrar/
Python
270
star
8

CVE-2019-1040

CVE-2019-1040 with Exchange
Python
237
star
9

Mailget

通过脉脉用户猜测企业邮箱
Python
227
star
10

get_ip_by_ico

从shodan获取使用了相同favicon.ico的网站
Python
190
star
11

CVE-2018-15982_EXP

exp of CVE-2018-15982
Python
181
star
12

PySQLTools

Mssql利用工具
Python
165
star
13

RTF_11882_0802

PoC for CVE-2018-0802 And CVE-2017-11882
Python
164
star
14

owa_info

获取Exchange信息的小工具
Python
160
star
15

RelayX

NTLM relay test.
Python
156
star
16

CS_Chinese_support

Cobalt strike 修改支持回显中文。
145
star
17

AMSI_bypass

XSLT
78
star
18

SharpAddDomainMachine

SharpAddDomainMachine
C#
68
star
19

proxyshell_payload

proxyshell payload generate
Python
67
star
20

cs_custom_404

Cobalt strike custom 404 page
HTML
61
star
21

GhostPotato

Just pick out the code we need.
Python
52
star
22

pyForgeCert

pyForgeCert is a Python equivalent of the ForgeCert.
Python
51
star
23

DomainHiding

external c2 use domainhiding.
Go
48
star
24

hackredis

Python
42
star
25

p12tool

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
Go
39
star
26

MSSQL_CLR

MSSQL CLR for pentest.
C#
35
star
27

CVE-2019-1040-dcpwn

CVE-2019-1040 with Kerberos delegation
Python
32
star
28

WebDAV

Set Up WebDAV Server for Remote File Sharing and more
Shell
31
star
29

warp_proxy

cloudflare socks5 server
Shell
31
star
30

atexec-pro

Fileless atexec, no more need for port 445
Python
29
star
31

tshtun

Py写的tsh的流量加解密过程。
C
25
star
32

xslt_poc

Execute codes From XSLT
XSLT
17
star
33

mousejack_replay

mousejack hack
Python
11
star
34

Python_Codes

some python codes
Python
9
star
35

Cortana

Some Cortana scripts
Ruby
3
star
36

comment

orz..
2
star
37

gitTun

GIt tun
Python
1
star
38

Ridter

1
star