def recurse_ls(bid, directory, callback, depth=9999):
"""
Recursively list files. Call callback(path) for each file.
:param bid: Beacon to list files on
:param directory: Directory to list
:param callback: Callback to call for each file
:param depth: Max depth to recurse
"""
if not depth:
# max depth reached
return
def ls_callback(bid, directory, content):
files = parse_ls(content)
for f in files:
path = r'{}\{}'.format(directory, f['name'])
if f['type'] == 'D':
# recurse
recurse_ls(bid, path, callback, depth=depth - 1)
else:
callback(path)
aggressor.bls(bid, directory, ls_callback)
def _(bid, *dirs):
# default dir is .
if not dirs:
dirs = ['.']
for d in dirs:
aggressor.bls(bid, d)
def _(bid, *users):
if users:
aggressor.btask(
bid, 'Tasked beacon to list files in user profiles for: {}'.format(
', '.join(users)))
for user in users:
aggressor.bls(bid, r'C:\Users\{}'.format(user), silent=True)
else:
aggressor.btask(bid,
'Tasked beacon to list files in each user profile')
aggressor.bpowerpick(bid,
r'ls C:\Users | ForEach-Object { ls $_; }',
silent=True)
def _(bid):
drivers_dir = r'C:\Windows\System32\drivers'
def ls_callback(bid, folder, content):
edrs = edr_list()
files = helpers.parse_ls(content)
finds = set()
for f in files:
name = f['name'].lower()
if name in edrs:
finds.add(edrs[name])
if finds:
for find in finds:
aggressor.blog2(bid, 'Found EDR product: {}'.format(find))
else:
aggressor.blog2(bid, 'No EDR products found')
aggressor.btask(bid, 'Tasking beacon to find EDR products')
aggressor.bls(bid, drivers_dir, ls_callback)
def _(bid):
home = helpers.guess_home(bid)
aggressor.bcd(bid, home)
aggressor.bls(bid)
aggressor.bpwd(bid, silent=True)
def _(bid, *args):
directory = ' '.join(args)
aggressor.bcd(bid, directory)
aggressor.bls(bid)
aggressor.bpwd(bid, silent=True)
def _(bid):
aggressor.btask(bid, 'Tasked beacon to show user profiles')
aggressor.bls(bid, r'C:\Users')