Skip to content
This repository has been archived by the owner on Mar 16, 2024. It is now read-only.
/ gruntfuscator Public archive

Strings replace for Grunt source templates

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thelikes/gruntfuscator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
gruntfuscator.py
gruntfuscator.py
 
 

Repository files navigation

gruntfuscator

Simple script to obfuscate Grunt strings

Adapted from: Fixing Some .NET Tradecraft

Implementation

  • Random replace for 'Grunt' , 'Covenant' , and 'Stage'
  • Hard-coded replace for 2 GUID strings

Usage

  1. Install Cov
  2. Head to Templates > GruntHTTP
  3. Copy the Stager code into stager.cs
  4. Copy the Executor code into executor.cs
  5. Run the py scipt
python3 gruntfuscator.py stager.cs obf-stager.cs
python3 gruntfuscator.py executor.cs obf-executor.cs
  1. Copy the contents of each back into the GUI's template

Finally, create your listener, then launcher(s).

Tips

  • the Stager and Executor can be compiled in Visual Studio and ThreatCheck/DefenderCheck can be run on them
  • Change the hard-coded replaces
  • Add more strings to be replaced
  • Throw in an AMSI bypass

About

Strings replace for Grunt source templates

Topics

covenant pentest redteam

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Languages