diff --git a/Config.py b/Config.py index 1c624ad..1c54757 100644 --- a/Config.py +++ b/Config.py @@ -18,6 +18,7 @@ QuickCommand = urlConfig.fetchQCUrl() DownloadURI = urlConfig.fetchConnUrl() Sounds = "No" ServerPort = "443" # This the port the payload communicates with +NotificationsProjectName = "PoshC2" EnableNotifications = "No" DefaultMigrationProcess = "C:\\Windows\\system32\\netsh.exe" # Used in the PoshXX_migrate.exe payloads diff --git a/Implant.py b/Implant.py index ae9dbf5..a305eb0 100644 --- a/Implant.py +++ b/Implant.py @@ -2,7 +2,7 @@ from Colours import Colours from Utils import randomuri, gen_key -from Config import PayloadsDirectory, FilesDirectory, Jitter +from Config import PayloadsDirectory, FilesDirectory, Jitter, EnableNotifications, APIKEY, APIToken, APIUser, Sounds, MobileNumber, NotificationsProjectName from DB import select_item, get_defaultbeacon, get_killdate, get_dfheader, get_otherbeaconurls, get_defaultuseragent, new_implant, new_task, update_mods, get_autoruns from Core import get_images @@ -61,8 +61,7 @@ IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDa print "",Colours.END try: - sound = select_item("Sounds","C2Server") - if sound == "Yes": + if Sounds.lower().strip() == "yes": import pyttsx3 engine = pyttsx3.init() rate = engine.getProperty('rate') @@ -74,27 +73,22 @@ IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDa pass try: - apikey = select_item("APIKEY","C2Server") - mobile = select_item("MobileNumber","C2Server") - enotifications = select_item("EnableNotifications","C2Server") - poapitoken = select_item("APIToken","C2Server") - poapiuser = select_item("APIUser","C2Server") - if enotifications == "Yes": + if EnableNotifications.lower().strip() == "yes": import httplib, urllib conn = httplib.HTTPSConnection("api.pushover.net:443") conn.request("POST", "/1/messages.json", urllib.urlencode({ - "token": poapitoken, - "user": poapiuser, - "message": "NewImplant: %s @ %s" % (self.User,self.Hostname), + "token": APIToken, + "user": APIUser, + "message": "[%s] - NewImplant: %s @ %s" % (NotificationsProjectName, self.User,self.Hostname), }), { "Content-type": "application/x-www-form-urlencoded" }) conn.getresponse() - if enotifications == "Yes" and apikey and mobile: - for number in mobile.split(","): + if EnableNotifications.lower().strip() == "yes" and APIKEY and MobileNumber: + for number in MobileNumber.split(","): number = number.replace('"','') - url = "https://api.clockworksms.com/http/send.aspx?key=%s&to=%s&from=PoshC2&content=NewImplant:%s\\%s @ %s" % (apikey, number, self.Domain,self.User,self.Hostname) + url = "https://api.clockworksms.com/http/send.aspx?key=%s&to=%s&from=PoshC2&content=[%s]%%20-%%20NewImplant:%%20%s\\%s @ %s" % (NotificationsProjectName, APIKEY, number, self.Domain,self.User,self.Hostname) url = url.replace(" ","+") urllib2.urlopen(url) except Exception as e: diff --git a/PSHandler.py b/PSHandler.py index 81d36fa..dd7a7a0 100644 --- a/PSHandler.py +++ b/PSHandler.py @@ -396,7 +396,6 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre print ("Now use createdaisypayload") elif "inject-shellcode" in command.lower(): - #elif (command.lower() == "inject-shellcode") or (command.lower() == "inject-shellcode "): params = re.compile("inject-shellcode", re.IGNORECASE) params = params.sub("", command) check_module_loaded("Inject-Shellcode.ps1", randomuri, user) diff --git a/changelog.txt b/changelog.txt index 2929d59..41ca946 100644 --- a/changelog.txt +++ b/changelog.txt @@ -11,6 +11,8 @@ Update BloodHound Pull out unpatched payloads into file for easy management Add base64 encoded versions of the shellcode to the payloads directory Add a configurable jitter to all implants +Update the notifications config if it is changed in the Config.py +Add NotificationsProjectName in Config.py which is displayed in notifications message 4.8 (13/02/19) ==============