LightMe : HTTP Server Serving Obfuscated Power shell Scripts/Payloads

LightMe is a Simple HTTP Server serving Power shell Scripts/Payloads after Obfuscate them and run obfuscation as a service in background in order to keep obfuscate the payloads which giving almost new obfuscated payload on each HTTP request.

Main Features

  • Obfuscate all power shell files within a specific directory
  • HTTP Server to serve the obfuscated Power shell Files
  • Background Obfuscator
  • Almost new Payload on each request , (depending on Background obfuscation interval)
  • Powered by Invoke-Obfuscation

Install

git clone –recurse-submodules https://github.com/WazeHell/LightMe
cd LightMe/
# install powershell
sudo apt-get install powershell

Using

python3 lightme.py –help

Running As Services

#install supervisor
sudo apt-get install supervisor
sudo vim /etc/supervisor/conf.d/lightme.conf
#edit the config
[program:lightme_server]
directory=/lightme_path/
command=/usr/bin/python3 lightme.py -path /PowerSploitOrWhatever/
numprocs=1
user=yourusername
autostart=true
autorestart=true
stdout_logfile=/lightme_path/lightme_std.log
stderr_logfile=/lightme_path/lightme_stderr.log
redirect_stderr=true
priority=999
stdout_logfile_maxbytes=5MB
stderr_logfile_maxbytes=5MB
environment=LANG=en_US.UTF-8,LC_ALL=en_US.UTF-8
#Run
sudo service supervisor restart
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl restart all

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

11 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

11 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

11 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

11 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

11 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

14 hours ago