Salsa-tools is a collection of three tools programmed with C# used to take over a windows machine and bypass AV and get a reverse shell without the need for PowerShell on the victim machine. Salsa-Tools combines three different ingredients: – EvilSalsa – EncrypterAssembly – SalseoLoader
Installation
To install the Tool we will need a machine that got VScode installed
1 – Go to Github Repository
2 – If you don’t have VSCode install it from here VScode Download Link
3 – Navigate to Location of the Tool {YOURPATH}\Salsa-tools-master\SalseoLoader\SalseoLoader
3.1 Open Program.cs with VScode
3.2 You will add some code to the file and we will compile it
3.3 The code is here Code
3.4 Create a file in the same directory named args.txt with this code Code Link and save it
3.5 Press Ctrl+Shift+B or Click Terminal "Run Build Test"
A File will be created called SalseoLoader.exe
Usage
N.B: In this usage scenario we will use another tool called Evil Winrar Gen Link Proof Of Concept RCE Winrar CVE-2018-20250
To make the attack more real
After Compiling and creating SalseoLoader.exe
We will now Encrypt System.Management.Automation.dll
Which we will rename in this scenario EvilSalsa.dll
1 – Open Terminal and Visit {YOURPATH}\Salsa-tools-master\EncrypterAssembly\
2 – Execute script with argument {file} {password} {ouputfile} | See Below
3 – Now we will create the Fake Rar File with Evil Winrar Gen ./evilWinrar.py -e SalseoLoader.exe -g picture.jpg
SalseoLoader is the Payload we created in the Installation Section, Picture.jpg can be any picture or a file you want to compress in order to deceive the victim
4 – Now we send the rar file to our victim, Once they extract the RAR the picture attached will be extracted and SalseoLoader.exe we be placed in Startup Folder
5 – Open Terminal and Netcat listen on the port you used in args.txt
6 – Once victim reboots you will get a reverse connection
What Bunny Rating Does it Get?
Pros
– Fully Undetected
– Easy to use
– Silent Mode
Cons
– Requires Winrar 5.70
– Requires C# Knowledge to create payloads
Want To Learn More About Ethical Hacking?
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.