3xpl01tc0d3r

Hello All, In this post we will cover how can we leverage GadgetToJScript for generating payload in various supported format such as HTA, JS, VBS & VBA(macro) which will execute our covenant grunt(Grunt is the implant for  Covenant  C2 framework). Wondering why are we using  GadgetToJScript  tool to generate  Covenant  payload in hta / js format wherein  Covenant  has default launcher to generate hta / js payload ? Covenant  uses  DotNetToJScript  for generating payloads in hta / js format which indeed doesn't work well with Windows 10 environment. We can see the note in the description field. DotNetToJScript  - A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class. GadgetToJScript  - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS based scripts. The gadget being used triggers a call to Assembly.Load when deserialized via jscript/vbsc