2019-02-03 19:50:40 +00:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
|
|
|
|
|
# Powershell Implant
|
|
|
|
|
ps_alias = [
|
2019-02-16 18:59:42 +00:00
|
|
|
["s","get-screenshot"],
|
|
|
|
|
["whoami","([Security.Principal.WindowsIdentity]::GetCurrent()).name"],
|
2019-02-03 19:50:40 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# Python Implant
|
|
|
|
|
py_alias = [
|
2019-02-16 18:59:42 +00:00
|
|
|
["s","get-screenshot"]
|
2019-02-03 19:50:40 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# C# Implant
|
|
|
|
|
cs_alias = [
|
2019-02-16 18:59:42 +00:00
|
|
|
["s","get-screenshot"],
|
2019-04-30 14:19:25 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# Parts of commands to replace if command starts with the key
|
|
|
|
|
cs_replace = [
|
2019-04-12 15:23:08 +00:00
|
|
|
["safetydump", "run-exe SafetyDump.Program SafetyDump"],
|
2019-04-30 14:19:25 +00:00
|
|
|
["sharpup", "run-exe SharpUp.Program SharpUp"],
|
|
|
|
|
["seatbelt", "run-exe Seatbelt.Program Seatbelt"],
|
|
|
|
|
["rubeus", "run-exe Rubeus.Program Rubeus"],
|
|
|
|
|
["sharpview", "run-exe SharpView.Program SharpView"],
|
|
|
|
|
["sharphound", "run-exe Sharphound2.Sharphound Sharphound"],
|
|
|
|
|
["watson", "run-exe Watson.Program Watson"]
|
2019-02-03 19:50:40 +00:00
|
|
|
]
|
