def _(mode):
if mode == 'on':
engine.enable_debug()
elif mode == 'off':
engine.disable_debug()
else:
engine.error('python-debug on|off')
def _(source, out, *args):
engine.message('Compiling C# code from: {}'.format(source))
try:
sharpgen.compile_file(source, out=out, additional_options=args)
engine.message('All finished! Output is in: {}'.format(out))
except RuntimeError as e:
engine.error('SharpGen failed. See above for more details')
def alias_callback(*args):
# first argument is bid
bid = int(args[0])
# see above
quote_replacement = quote_replacement_
# check arguments
if not utils.check_args(callback, args):
syntax = '{} {}'.format(name, utils.signature_command(callback, trim=1))
aggressor.berror(bid, "Syntax: " + syntax)
engine.error("Invalid number of arguments passed to alias '{}'. Syntax: {}".format(name, syntax))
return
# handle the quote replacement character
if not quote_replacement:
global _default_quote_replacement
quote_replacement = _default_quote_replacement
if quote_replacement:
args = [arg.replace(quote_replacement, '"') for arg in args]
try:
# run the alias callback
#engine.debug('calling callback for alias {}'.format(name))
callback(*args)
except Exception as e:
# print exception summaries to the beacon log. raise the
# Exception again so the full traceback can get printed to the
# Script Console
aggressor.berror(bid,
"Caught Python exception while executing alias '{}': {}\n See Script Console for more details.".format(name, str(e)))
raise e
def error(self, message):
if self.bid:
# print to beacon console
aggressor.berror(self.bid, message)
else:
# print to script console
engine.error(message)
raise argparse.ArgumentError('exit')
def _(mode):
if mode == 'on':
sharpgen.enable_cache_overwrite()
engine.message('Enabled SharpGen cache overwrite')
elif mode == 'off':
sharpgen.disable_cache_overwrite()
engine.message('Disabled SharpGen cache overwrite')
else:
engine.error('Usage: sharpgen-cache-overwrite on|off')
def _(mode):
if mode == 'on':
sharpgen.set_confuser_protections(config.protections_net35)
engine.message('Enabled SharpGen ConfuserEx protections')
elif mode == 'off':
sharpgen.set_confuser_protections(None)
engine.message('Disabled SharpGen ConfuserEx protections')
else:
engine.error('Usage: sharpgen-confuser on|off')
def _(mode):
if mode == 'on':
engine.message('Enabled custom powerpick')
enable_custom_powerpick()
elif mode == 'off':
engine.message('Disabled custom powerpick')
disable_custom_powerpick()
else:
engine.error('Usage: custom-powerpick on|off')
def _(source, out=None, *sharpgen_flags):
engine.message('Compiling C# code from: {}'.format(source))
try:
out, from_cache = sharpgen.compile_file(
source, out=out, additional_options=sharpgen_flags, cache=cache)
if from_cache:
engine.message(
'Build was found in the cache! Output is in: {}'.format(out))
else:
engine.message(
'Build was successful! Output is in: {}'.format(out))
except RuntimeError as e:
engine.error('SharpGen failed. See above for more details.')
def _(*args):
parser = helpers.ArgumentParser(prog='grep-logs', description='Grep beacon logs for a regex')
parser.add_argument('-o', '--out', help='Output file')
parser.add_argument('-w', '--whole', action='store_true', help='Show whole output')
parser.add_argument('regex', action='append', help='Search for regex')
try: args = parser.parse_args(args)
except: return
for regex in args.regex:
finds = 0
engine.message("Searching beacon logs for '{}'".format(regex))
for frame in aggressor.data_query('beaconlog'):
output_type = frame[0]
bid = frame[1]
if output_type == 'beacon_input':
user = frame[2]
data = frame[3]
time = convert_time(frame[4])
else:
data = frame[2]
time = convert_time(frame[3])
for log in split_output(data):
if re.search(regex, log, re.IGNORECASE):
beacon = '{}@{}'.format(aggressor.beacon_info(bid, 'user'), aggressor.beacon_info(bid, 'computer'))
# -w/--whole
if args.whole:
output = data
else:
output = log
# -o/--out
if args.out:
with open(args.out, 'a+') as fp:
fp.write(output)
else:
engine.message("Found beacon log matching '{}' from {} at {}:\n{}".format(regex, beacon, time, output))
finds += 1
if finds:
if args.out:
engine.message("Wrote {} finds containing '{}' to '{}'".format(finds, regex, args.out))
else:
engine.message("Found {} logs containing '{}'".format(finds, regex))
else:
engine.error("Didn't find any beacon logs containing '{}'".format(regex))
def _(regex):
found = False
engine.message("Searching keystrokes for '{}'".format(regex))
for frame in aggressor.data_query('keystrokes'):
data = frame['data']
bid = frame['bid']
time = convert_time(frame['when'])
beacon = '{}@{}'.format(aggressor.beacon_info(bid, 'user'), aggressor.beacon_info(bid, 'computer'))
for line in data.splitlines():
if re.search(regex, line, re.IGNORECASE):
engine.message("Found keystroke matching '{}' from {} at {}: {}".format(regex, beacon, time, line))
found = True
if not found:
engine.error("Didn't find any keystrokes containing '{}'".format(regex))
def alias_callback(*args):
bid = int(args[0])
if utils.check_args(callback, args):
try:
engine.debug('calling callback for alias {}'.format(name))
callback(*args)
except Exception as e:
aggressor.berror(
bid,
"Caught Python exception while executing alias '{}': {}\n See Script Console for more details."
.format(name, str(e)))
raise e
else:
syntax = '{}{}'.format(name, utils.signature(callback, trim=1))
aggressor.berror(bid, "Syntax: " + syntax)
engine.error(
"Invalid number of arguments passed to alias '{}'. Syntax: {}".
format(name, syntax))
def call(name, args):
"""
Call a function callback by name
:param name: Name of callback
:param args: Arguments to pass to callback (checked by `utils.check_args` first)
"""
global _callbacks
if name in _callbacks:
callback = _callbacks[name]
if utils.check_args(callback, args):
callback(*args)
else:
syntax = '{}{}'.format(name, utils.signature(callback))
engine.error("{} is an invalid number of arguments for callback '{}'. syntax: {}".format(len(args), name, syntax))
else:
engine.debug('unknown callback {}'.format(name))
def command_callback(*args):
# see above
quote_replacement = quote_replacement_
# check arguments
if not utils.check_args(callback, args):
syntax = '{} {}'.format(name, utils.signature_command(callback))
engine.error("Syntax: " + syntax)
return
# handle the quote replacement character
if not quote_replacement:
global _default_quote_replacement
quote_replacement = _default_quote_replacement
if quote_replacement:
args = [arg.replace(quote_replacement, '"') for arg in args]
#engine.debug('calling callback for command {}'.format(name))
callback(*args)