Пример #1
0
def graphviz():
    GV = """
digraph "PoshC2" {

  subgraph proxy {
      node [color=white, fontcolor=red, fontsize=15, shapefile="%s/firewall.png"];
      "POSHSERVER";
  }

  subgraph implant {
      node [color=white, fontcolor=white, fontsize=15, shapefile="%s/implant.png"];
      IMPLANTHOSTS
  }

  subgraph daisy {
      node [color=white, fontcolor=white, fontsize=15, shapefile="%s/implant.png"];
      DAISYHOSTS
  }

}
  """ % (ImagesDirectory, ImagesDirectory, ImagesDirectory)

    ServerTAG = "\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nPoshC2 Server\\n%s" % PayloadCommsHost.replace(
        "\"", "")
    GV = GV.replace("POSHSERVER", ServerTAG)

    implants = get_implants_all()
    hosts = ""
    daisyhosts = ""

    for implant in implants:
        if "Daisy" not in implant.Pivot:
            if implant.Hostname not in hosts:
                domain = implant.Domain.replace("\\", "\\\\")
                hosts += "\"%s\" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (
                    ServerTAG, domain, implant.Hostname)
        else:
            domain = implant.Domain.replace("\\", "\\\\")
            if "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (
                    implant.Pivot.replace('\x00', '').replace(
                        "\\", "\\\\").replace('@', ' \\n '), domain,
                    implant.Hostname) not in daisyhosts:
                daisyhosts += "\"%s\\n\\n\\n\\n \" -> \"%s \\n %s\\n\\n\\n\\n \"; \n" % (
                    implant.Pivot.replace(
                        '\x00', '').replace("\\", "\\\\").replace(
                            '@', ' \\n '), domain, implant.Hostname)

    GV = GV.replace("DAISYHOSTS", daisyhosts)
    GV = GV.replace("IMPLANTHOSTS", hosts)
    output_file = open("%sPoshC2.dot" % ReportsDirectory, 'w')
    output_file.write("%s" % GV)
    output_file.close()
    subprocess.check_output("dot -T png -o %sPoshC2.png %sPoshC2.dot" %
                            (ReportsDirectory, ReportsDirectory),
                            shell=True)
    print("")
    print("GraphViz Generated PoshC2.png")
    time.sleep(1)
Пример #2
0
def do_opsec(user, command):
    implants = get_implants_all()
    comtasks = get_tasks()
    hosts = ""
    uploads = ""
    urls = get_c2urls()
    urlformatted = "ID  Name  URL  HostHeader  ProxyURL  ProxyUsername  ProxyPassword  CredentialExpiry\n"
    for i in urls:
        urlformatted += "%s  %s  %s  %s  %s  %s  %s  %s \n" % (
            i[0], i[1], i[2], i[3], i[4], i[5], i[6], i[7])
    users = ""
    if implants:
        for implant in implants:
            if implant.Hostname not in hosts:
                hosts += "%s \n" % implant.Hostname
    if comtasks:
        for task in comtasks:
            implant = get_implantdetails(task[1])
            command = task[2].lower()
            output = task[3].lower()
            if implant.User not in users:
                users += "%s\\%s @ %s\n" % (implant.Domain, implant.User,
                                            implant.Hostname)
            if "invoke-pbind" in command and "connected" in output:
                tg = re.search("(?<=-target )\\S*", str(command))
                if tg[0] not in hosts:
                    hosts += "%s \n" % tg[0]
            if "uploading file" in command:
                uploadedfile = command
                uploadedfile = uploadedfile.partition(
                    "uploading file: ")[2].strip()
                filehash = uploadedfile.partition(" with md5sum:")[2].strip()
                uploadedfile = uploadedfile.partition(
                    " with md5sum:")[0].strip()
                uploadedfile = uploadedfile.strip('"')
                uploads += "%s\t%s\t%s\n" % (implant.User, filehash,
                                             uploadedfile)
            if "installing persistence" in output:
                line = command.replace('\n', '')
                line = line.replace('\r', '')
                filenameuploaded = line.rstrip().split(":", 1)[1]
                uploads += "%s %s \n" % (implant.User, filenameuploaded)
            if "written scf file" in output:
                uploads += "%s %s \n" % (implant.User, output)
            creds, hashes = parse_creds(get_creds())
        print_good(
            "\nUsers Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s\nCredentials Compromised: \n%s\nHashes Compromised: \n%s"
            % (users, hosts, urlformatted, uploads, creds, hashes))
    print_good("\nOpSec Events:")
    do_get_opsec_events(user, command)