Learning only one framework such as Metasploit, etc. has its own limitations. Todays’ ever developing cyber world required end to end knowledge of every tool and framework so that if you are cut off of one method, you have another to save yourself. That is the reason today through this article we are going to learn about JSRat.
Tables of content
- Introduction
- Downloading and installation
- Access the webserver
- Rundll attack
- Regsvr32 attack
Introduction
As the name suggest this tool is developed in JavaScript. Numeral commands and controls of this framework can be used for multiple methods of attack and also, to hide malicious traffic. These attacks can be done in various formats. JSRat is developed by Casey Smith. He developed this framework as a prototype tool. It allows the payload to connect to listening server. 3gstudent is the security researcher who extended Casey’s work and refined the tool. He developed it in PowerShell due which extra features are added. These features were created in python which allows the server to be both linux and windows friendly. The basic protocol used is HTTP for the server to work. Usage of both implementation, i.e. in python and PowerShell, are shown in this article.
Downloading and Installation
As this tool is user friendly, downloading and installation of this tool is very easy. You can download it from here. Once you copy the cloning code from the link provided then type the following command to download :
git clone https://github.com/Hood3dRob1n/JSRat-Py.git
Running the command presented above will download and install JSRat. Once it’s all done, use the following command to check the file.
cd JSRat-Py/ ls
Now, use the following command to start the framework :
./JSRat.py -I 192.168.1.107 -p 4444
In the above command we have specified IP of our own machine and port for the webserver to run.
As the server is up and running, it will show the various files it made as shown in the image below :
You can find these files by accessing the server from your or victim’s browser. If you look closely, there is a code given on the server. This code allows you to execute rundll attack.
Copy this code and paste it in the command prompt of the victims’ PC. As shown in the following image :
As soon as the command is executed you will have a session.
Now on the same server there is a regsvr32 file, which can also help us to get session.
Copy the file command and paste it in the run window.
Similar to rundll attack, after running the above command you will have your session.
Conclusion
As this framework returns HTTP shell using JavaScript. You can see that the two attacks that we have shown above exhibits that rundll and regsvr32 uses JavaScript code in command prompt and http shell to return while the coded is executed. As it works through the server developed in python; our malicious files doesn’t get written on the disk, which is an advantage to us. This also increases possibility of being the stealthiest of the attacks. Another advantage is this file can avoid being killed. Therefore, this tools proves to be great without fail.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here
The post Command and Control with HTTP Shell using JSRat appeared first on Hacking Articles.