Skip to content
.vbs script to deliver payload with persistence.
Python
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
GhostDelivery.py Update GhostDelivery.py Sep 12, 2019
README.md Update README.md Jun 12, 2019

README.md

GhostDelivery

GD Python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions.

Heavy:

  • Downloads payload to TEMP directory and executes payload to bypass windows smart screen
  • Disables Defender
  • Disables UAC/user account control
  • Disables Defender Notifications
  • Injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe) to execute payload when opened
  • Creates a scheduled task called "WindowsDefender" for payload to be run at login and obfuscates the vbs delivery script
  • Includes a serveo function to deliver obfuscated vbs script

Medium:

  • Delivers/executes payload
  • Creates a scheduled task named "WindowsDefender" to run payload at login for persistence
  • Disables UAC and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path
  • Includes a serveo function to deliver obfuscated vbs script

Light:

  • Delivers/executes payload
  • Creates a scheduled task named "WindowsDefender" to run payload at login for persistence
  • Injects/creates Command Prompt and Microsoft Edge shortcuts with payload path
  • Includes a serveo function to deliver obfuscated vbs script

Prerequisites/requirements:

*Python 2.7 + Modules imported in script.

  • random
  • sys
  • string
  • os
  • time
  • base64
You can’t perform that action at this time.