GhostDelivery - This Tool Creates A Obfuscated .vbs Script To Download A Payload Hosted On A Server To %TEMP% Directory, Execute Payload And Gain Persistence


Python script to generate obfuscated .vbs script that delivers payload with persistence and windows antivirus disabling functions.

Features:
Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender, UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe), adds a scheduled task called "WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script. This tool also has a serveo function to deliver obfuscated vbs script.

Light version:
The light version is less noisy and only delivers/executes payload, creates a scheduled task named "WindowsDefender" to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path.

Prerequisites/requirements:
*Python 2.7, Modules imported in script. (random, sys, string, os, time, base64)


Disqus Comments