GitHub - Mr-Un1k0d3r/ThunderShell: PowerShell based RAT
source link: https://github.com/Mr-Un1k0d3r/ThunderShell
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
ThunderShell
ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is used to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption.
Information on how to use the tool and it's supported features is located on the Wiki.
Be nice
If you like ThunderShell and are using it to accomplish your work, consider donating to the project to help keep it alive. This project is 100% developed on our own time for free.
With love, Mr.Un1k0d3r
Current beta version
Current release is 3.1.2
Credits
Mr.Un1k0d3r @MrUn1k0d3r
Tazz0 @Tazz019
RingZer0 Team 2017
Recommend
-
59
PowerLessShell - Run PowerShell command without invoking powershell.exe
-
68
README.md ClickOnceGenerator Quick Malicious ClickOnceGenerator for Red Team. The default application a simple WebBrowser widget that point to a website of your choice. Usage ...
-
64
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
-
48
README.md MaliciousDLLGenerator DLL Generator for side loading attack Currently only support 64 bits shellcode Usage $...
-
22
README.md SCShell Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn...
-
37
如今攻击者可以选择多种 RAT,现在的这些 RAT 不仅针对 Windows 而是跨平台的(如 CrossRAT、Pupy 与 Netwire)。尽管此前有大量的研究针对
-
18
最近新出现了一个功能丰富的 RAT 名为 Pekraut,经过分析后推测可能来源于德国。 在日常通过可疑路径检索新兴恶意软件时,一个在%APPDATA%/Microsoft中伪装 svchost.exe 的样本引起了我们的注意。该
-
4
initTouchEvent is a rat's nestinitTouchEvent is a rat's nest 10 Sep 2015 Reading my bugmail this morning, as one does, I came upon a comment by my colleag...
-
11
README.md This repo contains information about EDRs that can be useful during red team exercise. Want to contribute simply run hook_finder64.exe C:\windo...
-
49
RedTeamCCode Red Team C code repo Want to know what is the syscall ID been used by your system getsyscall.exe ntdll.dll NtProtectVirtualMemory ntdll.dll!NtProtectVirtualMemory at 0x00007FFDE568D010 NtProtectVi...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK