Skip to content
Quick Malicious ClickOnceGenerator for Red Team
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
template Create Program-ps.cs Jun 7, 2018
ClickOnceGenerator.py Update ClickOnceGenerator.py Jun 7, 2018
LICENSE.md Create LICENSE.md Mar 30, 2018
README.md Update README.md Apr 24, 2018
config-report.json Create config-report.json Apr 24, 2018
config.json Obfuscating variables Apr 15, 2018

README.md

ClickOnceGenerator

Quick Malicious ClickOnceGenerator for Red Team. The default application a simple WebBrowser widget that point to a website of your choice.

Usage

$ python ClickOnceGenerator.py --help


ClickOnceGenerator | Mr.Un1k0d3r RingZer0 Team
usage: ClickOnceGenerator.py [-h] [--config CONFIG] [--out OUT]
                             [--override [OVERRIDE]]

ClickOnceGenerator Options.

optional arguments:
  -h, --help            show this help message and exit
  --config CONFIG       Path to the JSON config file.
  --out OUT             Output solution name.
  --override [OVERRIDE]
                        Delete destination if exists
  --report [REPORT]     Will perform a POST request to the url defined by url_report variable. The POST contains the list of running processes                    
python ClickOnceGenerator.py --config config.json --out myClickOnce --override True --report True

config.json example. The shellcode payload.bin need to be the RAW format of your shellcode.

{
        "title": "My Evil ClickOnce",
        "url": "http://ringzer0team.com/",
        "shellcode": "payload.bin",
        "process_name": "iexplore"
}
  • title is the title of the ClickOnce Application
  • url url used by the WebBrowser widget
  • shellcode the payload you want to execute while the application is launched
  • process_name used to evade sandbox by checking if a specific process is running. (default to iexplore)

Windows 10

process_name on Windows 10 should be set to MicrosoftEdge instead of iexplore.

Generating the Visual Studio Project

Once the files are created in the target folder create a new C# project and import the files.

To publish the ClickOnce in Visual Studio go to Project -> Publish

Credit

Mr.Un1k0d3r RingZer0 Team

You can’t perform that action at this time.