I have committed some updates and fixes to #GRAT2 C2 project.
Some of the new features are:
- DNS Listener (Thank @Arno0x0x for the DNSExfiltrator tool)
- HTTPS Listener
- List active agents
github.com/r3nhat/GRAT2
Just finished "The Queen's Gambit". Last time I was in such a state was after finishing "Stranger Things" (season 1). Even though their respective universe can't compare, well... just "WOW".
Because it's using "System.Reflection", this innocent assembly code is detected and deleted by McAfee ATP, at least in my environment. Looks like I'm running out of options. Was hoping to do some dynamic assembly loading... Any idea someone ?
Seems like McAfee "Real Protect client" has become really picky. I can't even execute a mere .Net assembly which is simply importing some well known Kernel32 functions ;-) cc: @Flangvik#NetLoader
Tu as 5mn à perdre ? Petit thread (dans l’ordre) d’un poissard xxl en vacances. Si possible partagez, faites du bruit, ce sera ma petite revanche perso. A lire, particulièrement si vous êtes client de ces %&&!!!^% de @LaBanquePostale
👇🏻👇🏻👇🏻
Thx to an idea from @bitsadmin, here's a simple cmd line to start the WebClient service from low privilege user:
pushd \\1.1.1.1\DavWWWRoot
The key here being the usage of the "DavWWWRoot" folder. This cmd line does NOT spawn any window.