Closed ghost closed 3 years ago
So -O flag specifies the to write the loader in. Because you defined the -loader
to be wscript it's going to treat output file name as jscript file. if you put now file extension it will still treat it as a jscript file but provide an additional message about the extension. For it to generate the HTA() code you need to specify the -delivery hta
command-line argument with the -url
of where you are going to host it. With that delivery flag set to hta it will generate the HTA() code
gotcha makes sense. thank you
Input:
./ScareCrow -I /root/tools/b64.bin -Loader wscript -O loader.hta -domain microsoft.com
Output:
Thoughts: Tested 3 times. File output only appears to show code from Structs.go JSfile() the code from HTA() does not appear in file. I could be using it wrong or something but I think the expected output would be using some of the HTA() code (at least for the html). Might help solve issue #19.
Interesting Output found during testing (file extension left blank):