def main(args):
signal.signal(signal.SIGINT, catch_exit)
user = None
autohide = None
if len(args) > 0:
parser = argparse.ArgumentParser(
description='The command line for handling implants in PoshC2')
parser.add_argument('-u', '--user', help='the user for this session')
parser.add_argument(
'-a',
'--autohide',
help='to autohide implants after 30 inactive beacons',
action='store_true')
args = parser.parse_args(args)
user = args.user
autohide = args.autohide
while not user:
print(Colours.GREEN + "A username is required for logging")
user = input("Enter your username: "******"sqlite" and not os.path.isfile(Database):
print(Colours.RED + "The project database has not been created yet")
sys.exit()
database_connect()
new_c2_message("%s logged on." % user)
clear()
implant_handler_command_loop(user, "", autohide)
def do_quit(user, command):
ri = input("Are you sure you want to quit? (Y/n) ")
if ri.lower() == "n":
return
if ri == "" or ri.lower() == "y":
new_c2_message("%s logged off." % user)
sys.exit(0)
def do_message(user, command):
message = command[len("message "):]
new_c2_message("Message from %s - %s" % (user, message))
clear()
def implant_handler_command_loop(user, printhelp="", autohide=None):
while (True):
session = PromptSession(history=FileHistory('%s/.top-history' %
PoshProjectDirectory),
auto_suggest=AutoSuggestFromHistory())
try:
if user is not None:
print("User: "******"%s%s" % (user, Colours.GREEN))
print()
C2 = get_c2server_all()
killdate = datetime.strptime(C2[5], '%d/%m/%Y').date()
datedifference = number_of_days(date.today(), killdate)
if datedifference < 8:
print(Colours.RED +
("\nKill Date is - %s - expires in %s days" %
(C2[5], datedifference)))
print(Colours.END)
print()
implants = get_implants()
if implants:
for implant in implants:
ID = implant[0]
LastSeen = implant[7]
Hostname = implant[3]
Domain = implant[11]
DomainUser = implant[2]
Arch = implant[10]
PID = implant[8]
Pivot = implant[15]
Sleep = implant[13].strip()
Label = implant[16]
Pivot = get_implant_type_prompt_prefix(ID)
LastSeenTime = datetime.strptime(LastSeen,
"%d/%m/%Y %H:%M:%S")
now = datetime.now()
if (Sleep.endswith('s')):
sleep_int = int(Sleep[:-1])
elif (Sleep.endswith('m')):
sleep_int = int(Sleep[:-1]) * 60
elif (Sleep.endswith('h')):
sleep_int = int(Sleep[:-1]) * 60 * 60
else:
print(Colours.RED)
print("Incorrect sleep format: %s" % Sleep)
print(Colours.GREEN)
continue
nowMinus3Beacons = now - timedelta(seconds=(sleep_int * 3))
nowMinus10Beacons = now - timedelta(seconds=(sleep_int *
10))
nowMinus30Beacons = now - timedelta(seconds=(sleep_int *
30))
sID = "[" + str(ID) + "]"
if not Label:
sLabel = ""
else:
Label = Label.strip()
sLabel = Colours.BLUE + "[" + Label + "]" + Colours.GREEN
if nowMinus30Beacons > LastSeenTime and autohide:
pass
elif nowMinus10Beacons > LastSeenTime:
print(
Colours.RED +
"%s: Seen:%s | PID:%s | %s | %s\\%s @ %s (%s) %s %s"
% (sID.ljust(4), LastSeen, PID.ljust(5), Sleep,
Domain, DomainUser, Hostname, Arch, Pivot,
sLabel))
elif nowMinus3Beacons > LastSeenTime:
print(
Colours.YELLOW +
"%s: Seen:%s | PID:%s | %s | %s\\%s @ %s (%s) %s %s"
% (sID.ljust(4), LastSeen, PID.ljust(5), Sleep,
Domain, DomainUser, Hostname, Arch, Pivot,
sLabel))
else:
print(
Colours.GREEN +
"%s: Seen:%s | PID:%s | %s | %s\\%s @ %s (%s) %s %s"
% (sID.ljust(4), LastSeen, PID.ljust(5), Sleep,
Domain, DomainUser, Hostname, Arch, Pivot,
sLabel))
else:
now = datetime.now()
print(Colours.RED + "No Implants as of: %s" %
now.strftime("%d/%m/%Y %H:%M:%S"))
if printhelp:
print(printhelp)
command = session.prompt(
"\nSelect ImplantID or ALL or Comma Separated List (Enter to refresh):: ",
completer=FirstWordFuzzyWordCompleter(PRECOMMANDS, WORD=True))
print("")
command = command.strip()
if (command == "") or (command == "back") or (command == "clear"):
do_back(user, command)
continue
if command.startswith("output-to-html"):
do_output_to_html(user, command)
continue
if command.startswith("generate-reports"):
do_generate_reports(user, command)
continue
if command.startswith("message "):
do_message(user, command)
continue
if command.startswith("show-urls") or command.startswith(
"list-urls"):
do_show_urls(user, command)
continue
if command.startswith("add-autorun"):
do_add_autorun(user, command)
continue
if command.startswith("list-autorun"):
do_list_autoruns(user, command)
continue
if command.startswith("del-autorun"):
do_del_autorun(user, command)
continue
if command.startswith("nuke-autorun"):
do_nuke_autoruns(user, command)
continue
if (command == "automigrate-frompowershell") or (command == "am"):
do_automigrate_frompowershell(user, command)
continue
if command.startswith("show-serverinfo"):
do_show_serverinfo(user, command)
continue
if command.startswith("turnoff-notifications"):
do_turnoff_notifications(user, command)
continue
if command.startswith("turnon-notifications"):
do_turnon_notifications(user, command)
continue
if command.startswith("set-pushover-applicationtoken"):
do_set_pushover_applicationtoken(user, command)
continue
if command.startswith("set-pushover-userkeys"):
do_set_pushover_userkeys(user, command)
continue
if command.startswith("set-killdate"):
do_set_killdate(user, command)
continue
if command.startswith("set-defaultbeacon"):
do_set_defaultbeacon(user, command)
continue
if command.startswith("opsec"):
do_opsec(user, command)
continue
if command.startswith("listmodules"):
do_listmodules(user, command)
continue
if command.startswith('creds ') or command.strip() == "creds":
do_creds(user, command)
input("Press Enter to continue...")
clear()
continue
if (command == "pwnself") or (command == "p"):
do_pwnself(user, command)
continue
if command == "tasks":
do_tasks(user, command)
continue
if command == "cleartasks":
do_cleartasks(user, command)
continue
if command.startswith("quit"):
do_quit(user, command)
continue
if command.startswith("createdaisypayload"):
do_createdaisypayload(user, command)
continue
if command.startswith("createproxypayload"):
do_createproxypayload(user, command)
continue
if command.startswith("createnewpayload"):
do_createnewpayload(user, command)
continue
if command == "help":
do_help(user, command)
continue
if command == "history":
do_history(user, command)
continue
if command.startswith("use "):
do_use(user, command)
implant_command_loop(command, user)
except KeyboardInterrupt:
clear()
continue
except EOFError:
new_c2_message("%s logged off." % user)
sys.exit(0)
except Exception as e:
if 'unable to open database file' not in str(e):
print_bad("Error: %s" % e)
traceback.print_exc()
def implant_command_loop(implant_id, user):
while (True):
try:
style = Style.from_dict({
'': '#80d130',
})
session = PromptSession(history=FileHistory('%s/.implant-history' %
PoshProjectDirectory),
auto_suggest=AutoSuggestFromHistory(),
style=style)
implant_id_orig = implant_id
if ("-" in implant_id) or ("all" in implant_id) or (","
in implant_id):
print(Colours.GREEN)
prompt_commands = COMMANDS
command = session.prompt("%s> " % implant_id,
completer=FirstWordFuzzyWordCompleter(
prompt_commands, WORD=True))
if command == "back" or command == 'clear':
do_back(user, command)
return
else:
hostname = get_hostdetails(implant_id)
if not hostname:
print_bad("Unrecognised implant id or command: %s" %
implant_id)
return
prompt_commands = COMMANDS
if hostname[15] == 'Python':
prompt_commands = UXCOMMANDS
if hostname[15] == 'C#':
prompt_commands = SHARPCOMMANDS
print(Colours.GREEN)
print("%s\\%s @ %s (PID:%s)" %
(hostname[11], hostname[2], hostname[3], hostname[8]))
command = session.prompt(
"%s %s> " %
(get_implant_type_prompt_prefix(implant_id), implant_id),
completer=FirstWordFuzzyWordCompleter(prompt_commands,
WORD=True))
if command == "back" or command == 'clear':
do_back(user, command)
return
# if "all" run through all implants get_implants()
if implant_id == "all":
if command == "back" or command == 'clear':
do_back(user, command)
return
allcommands = command
if "\n" in command:
ri = input(
"Do you want to run commands separately? (Y/n) ")
implants_split = get_implants()
if implants_split:
for implant_details in implants_split:
# if "\n" in command run each command individually or ask the question if that's what they want to do
if "\n" in allcommands:
if ri.lower() == "y" or ri == "":
commands = allcommands.split('\n')
for command in commands:
run_implant_command(
command, implant_details[1],
implant_id_orig, user)
else:
run_implant_command(command,
implant_details[1],
implant_id_orig, user)
else:
run_implant_command(command, implant_details[1],
implant_id_orig, user)
# if "separated list" against single uri
elif "," in implant_id:
allcommands = command
if "\n" in command:
ri = input(
"Do you want to run commands separately? (Y/n) ")
implant_split = implant_id.split(",")
for split_implant_id in implant_split:
implant_randomuri = get_randomuri(split_implant_id)
# if "\n" in command run each command individually or ask the question if that's what they want to do
if "\n" in allcommands:
if ri.lower() == "y" or ri == "":
commands = allcommands.split('\n')
for command in commands:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
# if "range" against single uri
elif "-" in implant_id:
allcommands = command
if "\n" in command:
ri = input(
"Do you want to run commands separately? (Y/n) ")
implant_split = implant_id.split("-")
for range_implant_id in range(int(implant_split[0]),
int(implant_split[1]) + 1):
try:
implant_randomuri = get_randomuri(range_implant_id)
# if "\n" in command run each command individually or ask the question if that's what they want to do
if "\n" in allcommands:
if ri.lower() == "y" or ri == "":
commands = allcommands.split('\n')
for command in commands:
run_implant_command(
command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
except Exception:
print_bad("Unknown ImplantID")
# else run against single uri
else:
allcommands = command
if "\n" in command:
ri = input(
"Do you want to run commands separately? (Y/n) ")
implant_randomuri = get_randomuri(implant_id)
# if "\n" in command run each command individually or ask the question if that's what they want to do
if "\n" in allcommands:
if ri.lower() == "y" or ri == "":
commands = allcommands.split('\n')
for command in commands:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
else:
run_implant_command(command, implant_randomuri,
implant_id_orig, user)
except KeyboardInterrupt:
continue
except EOFError:
new_c2_message("%s logged off." % user)
sys.exit(0)
except Exception as e:
traceback.print_exc()
print_bad(
f"Error running against the selected implant ID, ensure you have typed the correct information: {e}"
)
return