The python implementation of JSRat will start a web server and it will wait for the client command to be executed:
python MyJSRat.py -i 192.168.1.203 -p 8080
Once the user visit the Client Command URL a connection will be established with the host. The JSRat can be used to executed commands, run executables and scripts or just for data exfiltration.
The command that it has been generated needs to be executed from command prompt.
Once the command is executed a shell will be received.
Commands can be executed from the shell as normal.
JSRat can also read, download or upload files.
Execution of executables and scripts can be also performed by following a sequence like:
There is also another python implementation of this tool which provides and a method (regsvr32) of AppLocker bypass.
The JSRat will generate and host a scriptlet file which will contain the payload.
Alternatively there is also a PowerShell implementation of this JSRat which can perform the same operations from a PowerShell console. The script needs to be modified with the IP address of the listener prior to any execution.
The payload command that needs to be executed on the target is also included in the comments of the script.
Running the payload command will connect the target host and a console will be obtained.
Commands can be executed on the target like any other normal command prompt.
Leave a Reply