GreatSCT v1.0: generate application white list bypasses
GreatSCT is a tool designed to generate Metasploit payloads that bypass common anti-virus solutions and application whitelisting solutions.
The first screen you’ll see is this menu.
Select the payload you wish to generate by name or its number,
help for help, and
menu at any time to get back here.
For single payload generation, you will find the following with values pointing to your C&C to fill out.
These can be set using
set variable value syntax
Or by entering
variable name/# itself, which gives more hints about the expected value
help gives more info as well
\n because I hate markdown
Once the correct values have been set
generate to build your payload.
The payload (shellcode.xml in this case) appears in the root directory.
The devs should fix this so you can specify an output folder, but they are lazy.
For network testing purposes use
generateAll from the initial menu
The bottom values are those which are common to multiple payloads. This lets you easily set your C&C values for all the payloads.
When it’s all set
generate and you’ll find your payloads in ./GenerateAll/
A script to automatically execute each payload is pending (eta 2034).
For now, drop the folder onto the representative box, execute payloads one by one, and note which are blocked, which generate alerts, and which make it through undisturbed.