infosecn1nja
/
PoshC2_Python
mirror of https://github.com/infosecn1nja/PoshC2_Python.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactoring and start to break up the dependency cycle

chunking
m0rv4i 2019-02-11 21:00:56 +00:00
parent e16e73e629
commit 9e4a464577
14 changed files with 114 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
C2Server.py
View File

@ -363,7 +363,7 @@ if __name__ == '__main__':
print (Colours.END + "")
# KeyFile = None, CertFile = None, ClientCertCAs = None
if os.path.isfile(DB):
if os.path.isfile(Database):
print ("Using existing database / project" + Colours.GREEN)
C2 = get_c2server_all()
if (C2[1] == HostnameIP):

4
Config.py
View File

@ -6,7 +6,7 @@ PORT_NUMBER = 443
POSHDIR = "/opt/PoshC2_Python/"
ROOTDIR = "/opt/PoshC2_Project/"
HostnameIP = "https://172.16.0.124"
HostnameIP = "https://192.168.233.1"
DomainFrontHeader = "" # example df.azureedge.net
DefaultSleep = "5"
KillDate = "08/06/2019"
@ -59,7 +59,7 @@ PayloadsDirectory = "%spayloads/" % ROOTDIR
ModulesDirectory = "%sModules/" % POSHDIR
DownloadsDirectory = "%sdownloads/" % ROOTDIR
ReportsDirectory = "%sreports/" % ROOTDIR
DB = "%s/PowershellC2.SQLite" % ROOTDIR
Database = "%s/PowershellC2.SQLite" % ROOTDIR
# DO NOT CHANGE #
# These rules aren't needed as you'll find them auto-generated within the project folder now.

36
Core.py
View File

@ -1,39 +1,12 @@
#!/usr/bin/python
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs
from C2Server import *
from Config import *
from Utils import *
def default_response():
return (random.choice(HTTPResponses)).replace("#RANDOMDATA#",randomuri())
def formStr(varstr, instr):
holder = []
str1 = ''
str2 = ''
str1 = varstr + ' = "' + instr[:56] + '"'
for i in xrange(56, len(instr), 48):
holder.append('"'+instr[i:i+48])
str2 = '"\r\n'.join(holder)
str2 = str2 + "\""
str1 = str1 + "\r\n"+str2
return "%s;" % str1
def formStrMacro(varstr, instr):
holder = []
str1 = ''
str2 = ''
str1 = varstr + ' = "' + instr[:54] + '"'
for i in xrange(54, len(instr), 48):
holder.append(varstr + ' = '+ varstr +' + "'+instr[i:i+48])
str2 = '"\r\n'.join(holder)
str2 = str2 + "\""
str1 = str1 + "\r\n"+str2
return str1
def load_module(module_name):
file = codecs.open(("%sModules/%s" % (POSHDIR,module_name)), 'r', encoding='utf-8-sig')
return file.read()
@ -62,13 +35,6 @@ def get_images():
count += 1
return images
def gen_key():
key = os.urandom(256/8)
return base64.b64encode(key)
def randomuri(size = 15, chars=string.ascii_letters + string.digits):
return ''.join(random.choice(chars) for _ in range(size))
# Decrypt a string from base64 encoding
def get_encryption( key, iv='0123456789ABCDEF' ):
from Crypto.Cipher import AES

115
DB.py
View File

@ -3,8 +3,7 @@
import datetime, time
import sqlite3
from sqlite3 import Error
from C2Server import DB
from ImplantHandler import DB
from Config import Database
def initializedb():
create_implants = """CREATE TABLE IF NOT EXISTS Implants (
@ -93,7 +92,7 @@ def initializedb():
ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE,
Command TEXT);"""
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
if conn is not None:
@ -110,14 +109,14 @@ def initializedb():
print("Error! cannot create the database connection.")
def setupserver(HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
c = conn.cursor()
c.execute("INSERT INTO C2Server (HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",(HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications))
conn.commit()
def get_c2server_all():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM C2Server")
@ -128,7 +127,7 @@ def get_c2server_all():
return None
def get_implants_all():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants")
@ -139,7 +138,7 @@ def get_implants_all():
return None
def get_newtasks_all():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM NewTasks")
@ -150,28 +149,28 @@ def get_newtasks_all():
return None
def new_urldetails( RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
c = conn.cursor()
c.execute("INSERT INTO URLs (RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry) VALUES (?, ?, ?, ?, ?, ?, ?)",(RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry))
conn.commit()
def drop_newtasks():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("DELETE FROM NewTasks ")
conn.commit()
def new_task( task, user, randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
c = conn.cursor()
c.execute("INSERT INTO NewTasks (RandomURI, Command, User) VALUES (?, ?, ?)",(randomuri, task, user))
conn.commit()
def get_lastcommand():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
c = conn.cursor()
c.execute("SELECT * FROM History ORDER BY ID DESC LIMIT 1")
@ -185,14 +184,14 @@ def get_lastcommand():
return None
def new_commandhistory( command ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
c = conn.cursor()
c.execute("INSERT INTO History (Command) VALUES (?)",(command,))
conn.commit()
def get_history_dict():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM History")
@ -203,7 +202,7 @@ def get_history_dict():
return None
def get_history():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM History")
@ -218,7 +217,7 @@ def get_history():
return None
def get_implants():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE Alive='Yes'")
@ -229,7 +228,7 @@ def get_implants():
return None
def get_implanttype( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT Pivot FROM Implants WHERE RandomURI=?",(randomuri,))
@ -240,7 +239,7 @@ def get_implanttype( randomuri ):
return None
def get_implantdetails( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,))
@ -251,7 +250,7 @@ def get_implantdetails( randomuri ):
return None
def get_hostdetails( implant_id ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE ImplantID=?",(implant_id,))
@ -262,7 +261,7 @@ def get_hostdetails( implant_id ):
return None
def get_randomuri( implant_id ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT RandomURI FROM Implants WHERE ImplantID=?",(implant_id,))
@ -273,7 +272,7 @@ def get_randomuri( implant_id ):
return None
def add_autorun(Task):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
conn.row_factory = sqlite3.Row
c = conn.cursor()
@ -281,37 +280,37 @@ def add_autorun(Task):
conn.commit()
def update_sleep( sleep, randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
c.execute("UPDATE Implants SET Sleep=? WHERE RandomURI=?",(sleep, randomuri))
conn.commit()
def update_label( label, randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
c.execute("UPDATE Implants SET Label=? WHERE RandomURI=?",(label, randomuri))
conn.commit()
def update_mods( modules, randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
c.execute("UPDATE Implants SET ModsLoaded=? WHERE RandomURI=?",(modules, randomuri))
conn.commit()
def kill_implant( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
c.execute("UPDATE Implants SET Alive='No' WHERE RandomURI=?",(randomuri,))
conn.commit()
def unhide_implant( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
c.execute("UPDATE Implants SET Alive='Yes' WHERE RandomURI=?",(randomuri,))
conn.commit()
def select_mods( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT ModsLoaded FROM Implants WHERE RandomURI=?", (randomuri,))
@ -322,7 +321,7 @@ def select_mods( randomuri ):
return None
def select_item(column, table):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT %s FROM %s" % (column, table))
@ -333,35 +332,35 @@ def select_item(column, table):
return None
def del_newtasks(TaskID):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("DELETE FROM NewTasks WHERE TaskID=?", (TaskID,))
conn.commit()
def del_autorun(TaskID):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("DELETE FROM AutoRuns WHERE TaskID=?", (TaskID,))
conn.commit()
def del_autoruns():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("DELETE FROM AutoRuns ")
conn.commit()
def update_implant_lastseen(time, randomuri):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("UPDATE Implants SET LastSeen=? WHERE RandomURI=?", (time,randomuri))
conn.commit()
def new_implant(RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("INSERT INTO Implants (RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", (RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label))
@ -370,7 +369,7 @@ def new_implant(RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen,
def insert_task(randomuri, command, user):
now = datetime.datetime.now()
sent_time = now.strftime("%m/%d/%Y %H:%M:%S")
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
conn.row_factory = sqlite3.Row
c = conn.cursor()
@ -383,7 +382,7 @@ def insert_task(randomuri, command, user):
def update_task(taskId, output):
now = datetime.datetime.now()
completedTime = now.strftime("%m/%d/%Y %H:%M:%S")
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.text_factory = str
conn.row_factory = sqlite3.Row
c = conn.cursor()
@ -392,7 +391,7 @@ def update_task(taskId, output):
return c.lastrowid
def update_item(column, table, value, wherecolumn=None, where=None):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
c = conn.cursor()
if wherecolumn is None:
c.execute("UPDATE %s SET %s=?" % (table,column), (value,))
@ -401,7 +400,7 @@ def update_item(column, table, value, wherecolumn=None, where=None):
conn.commit()
def get_implantbyid(id):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE ImplantID=?" , id)
@ -412,7 +411,7 @@ def get_implantbyid(id):
return None
def get_tasks():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Tasks")
@ -423,7 +422,7 @@ def get_tasks():
return None
def get_tasksbyid(id):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Tasks WHERE CompletedTaskID=?", id)
@ -434,7 +433,7 @@ def get_tasksbyid(id):
return None
def get_newtasksbyid(taskid):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM NewTasks WHERE TaskID=?", taskid)
@ -445,7 +444,7 @@ def get_newtasksbyid(taskid):
return None
def get_seqcount(table):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT seq FROM sqlite_sequence WHERE name=\"?\"", table)
@ -456,7 +455,7 @@ def get_seqcount(table):
return None
def get_baseenckey():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT EncKey FROM C2Server")
@ -467,7 +466,7 @@ def get_baseenckey():
return None
def get_dfheader():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT DomainFrontHeader FROM C2Server")
@ -478,7 +477,7 @@ def get_dfheader():
return None
def get_cmd_from_task_id(taskId):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT Command FROM Tasks WHERE TaskId=?", taskId)
@ -489,7 +488,7 @@ def get_cmd_from_task_id(taskId):
return None
def get_defaultuseragent():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT UserAgent FROM C2Server")
@ -500,7 +499,7 @@ def get_defaultuseragent():
return None
def get_defaultbeacon():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT DefaultSleep FROM C2Server")
@ -511,7 +510,7 @@ def get_defaultbeacon():
return None
def get_killdate():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT KillDate FROM C2Server")
@ -522,7 +521,7 @@ def get_killdate():
return None
def get_sharpurls():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT SocksURLS FROM C2Server")
@ -533,7 +532,7 @@ def get_sharpurls():
return None
def get_allurls():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT URLS FROM C2Server")
@ -547,7 +546,7 @@ def get_allurls():
return None
def get_beaconurl():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT URLS FROM C2Server")
@ -559,7 +558,7 @@ def get_beaconurl():
return None
def get_otherbeaconurls():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT URLS FROM C2Server")
@ -570,7 +569,7 @@ def get_otherbeaconurls():
return None
def get_newimplanturl():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT URLS FROM C2Server")
@ -582,7 +581,7 @@ def get_newimplanturl():
return None
def get_hostinfo(randomuri):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE RandomURI=?", (randomuri,))
@ -593,7 +592,7 @@ def get_hostinfo(randomuri):
return None
def get_c2urls():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM URLs")
@ -604,7 +603,7 @@ def get_c2urls():
return None
def get_autoruns():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM AutoRuns")
@ -615,7 +614,7 @@ def get_autoruns():
return None
def get_autorun():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM AutoRuns")
@ -629,7 +628,7 @@ def get_autorun():
return None
def get_pid(randomuri):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT PID FROM Implants WHERE RandomURI=?", (randomuri,))
@ -640,7 +639,7 @@ def get_pid(randomuri):
return None
def get_newtasks(randomuri):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM NewTasks WHERE RandomURI=?", (randomuri,))
@ -651,7 +650,7 @@ def get_newtasks(randomuri):
return None
def get_keys():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
result = c.execute("SELECT EncKey FROM C2Server")

2
Files/Sharp.cs → Files/Implant-Core.cs
View File

@ -11,7 +11,7 @@ using System.IO;
using System.IO.Compression;
using System.Collections.Generic;
//mono-csc /opt/PoshC2_Python_Git/Files/Sharp.cs -out:/tmp/Sharp.dll -target:library
//mono-csc /opt/PoshC2_Python_Git/Files/Implant-Core.cs -out:/tmp/Sharp.dll -target:library
//cat /tmp/Sharp.dll | base64 -w 0 | xclip
public class Program

0
Files/PSImplant-Core.ps1 → Files/Implant-Core.ps1
View File

0
Files/PyImplant-Core.py → Files/Implant-Core.py
View File

6
HTML.py
View File

@ -60,7 +60,7 @@ digraph "PoshC2" {
def get_implants_all_db():
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants")
@ -71,7 +71,7 @@ def get_implants_all_db():
return None
def get_htmlimplant( randomuri ):
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,))
@ -366,7 +366,7 @@ __________ .__. _________ ________
<input type="text" id="SearchUser" onkeyup="SearchUser()" placeholder="Search for user..">
<input type="text" id="SearchURL" onkeyup="SearchURL()" placeholder="Search for URL..">
"""
conn = sqlite3.connect(DB)
conn = sqlite3.connect(Database)
pd.set_option('display.max_colwidth', -1)
pd.options.mode.chained_assignment = None
frame = pd.read_sql_query("SELECT * FROM %s" % table, conn)

8
Implant.py
View File

@ -41,9 +41,9 @@ NEWKEY8839394%s4939388YEKWEN
IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDate, self.Sleep, self.Key, self.AllBeaconImages)
with open("%spy_dropper.py" % (PayloadsDirectory), 'rb') as f:
self.PythonImplant = base64.b64encode(f.read())
py_implant_core = open("%s/PyImplant-Core.py" % FilesDirectory, 'r').read()
py_implant_core = open("%s/Implant-Core.py" % FilesDirectory, 'r').read()
self.PythonCore = py_implant_core % (self.DomainFrontHeader,self.Sleep, self.AllBeaconImages, self.AllBeaconURLs, self.KillDate, self.PythonImplant, self.Key, self.RandomURI, self.UserAgent)
ps_implant_core = open("%s/PSImplant-Core.ps1" % FilesDirectory, 'r').read()
ps_implant_core = open("%s/Implant-Core.ps1" % FilesDirectory, 'r').read()
self.C2Core = ps_implant_core % (self.Key, self.Sleep, self.AllBeaconImages, self.RandomURI, self.RandomURI, self.KillDate, self.AllBeaconURLs)
#Add all db elements
@ -101,8 +101,8 @@ IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDa
new_implant(self.RandomURI, self.User, self.Hostname, self.IPAddress, self.Key, self.FirstSeen, self.FirstSeen, self.PID, self.Proxy, self.Arch, self.Domain, self.Alive, self.Sleep, self.ModsLoaded, self.Pivot, self.Label)
def autoruns(self):
new_task("loadmodule Core.ps1", "autoruns", self.RandomURI)
update_mods("Core.ps1", self.RandomURI)
new_task("loadmodule Stage2-Core.ps1", "autoruns", self.RandomURI)
update_mods("Stage2-Core.ps1", self.RandomURI)
result = get_autoruns()
if result:
for autorun in result:

8
ImplantHandler.py
View File

@ -547,9 +547,9 @@ def runcommand(command, randomuri):
elif implant_type == "C#":
try:
check_module_loaded("Core.exe", randomuri, user)
check_module_loaded("Stage2-Core.exe", randomuri, user)
except Exception as e:
print ("Error loading Core.exe: %s" % e)
print ("Error loading Stage2-Core.exe: %s" % e)
# alias mapping
for alias in cs_alias:
@ -734,9 +734,9 @@ def runcommand(command, randomuri):
else:
try:
check_module_loaded("Core.ps1", randomuri, user)
check_module_loaded("Stage2-Core.ps1", randomuri, user)
except Exception as e:
print ("Error loading Core.ps1: %s" % e)
print ("Error loading Stage2-Core.ps1: %s" % e)
run_autoloads(command, randomuri, user)

0
Modules/Core.exe → Modules/Stage2-Core.exe
View File

0
Modules/Core.ps1 → Modules/Stage2-Core.ps1
View File

14
Payloads.py
View File

@ -1,8 +1,8 @@
#!/usr/bin/env python
from Core import *
from Config import *
from Colours import *
from Utils import *
import StringIO, gzip, io, base64, subprocess, os, hashlib, re
class Payloads(object):
@ -171,7 +171,7 @@ class Payloads(object):
def CreateDlls(self, name=""):
# Create Sharp DLL
with open("%sSharp.cs" % FilesDirectory, 'rb') as f:
with open("%sImplant-Core.cs" % FilesDirectory, 'rb') as f:
content = f.read()
cs = content.replace("#REPLACEKEY#",self.Key )
cs1 = cs.replace("#REPLACEBASEURL#",(self.HostnameIP+":"+self.Serverport))
@ -184,16 +184,16 @@ class Payloads(object):
cs8 = cs7.replace("#REPLACEPROXYUSER#",self.Proxyuser)
cs9 = cs8.replace("#REPLACEPROXYPASSWORD#",self.Proxypass)
self.QuickstartLog( "C# Payload written to: %s%sSharp.cs" % (self.BaseDirectory,name) )
filename = "%s%sSharp.cs" % (self.BaseDirectory,name)
self.QuickstartLog( "C# Payload written to: %s%sImplant-Core.cs" % (self.BaseDirectory,name) )
filename = "%s%sImplant-Core.cs" % (self.BaseDirectory,name)
output_file = open(filename, 'w')
output_file.write(cs9)
output_file.close()
if os.name == 'nt':
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sSharp.cs -o %s%sSharp.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sImplant-Core.cs -o %s%sSharp.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
else:
compile = "mono-csc %s%sSharp.cs -out:%s%sSharp.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
compileexe = "mono-csc %s%sSharp.cs -out:%s%sSharp.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
compile = "mono-csc %s%sImplant-Core.cs -out:%s%sSharp.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
compileexe = "mono-csc %s%sImplant-Core.cs -out:%s%sSharp.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
subprocess.check_output(compile, shell=True)
self.QuickstartLog( "C# DLL written to: %s%sSharp.dll" % (self.BaseDirectory,name) )
subprocess.check_output(compileexe, shell=True)

34
Utils.py Normal file
View File

@ -0,0 +1,34 @@
import os, base64, string, random
def gen_key():
key = os.urandom(256/8)
return base64.b64encode(key)
def formStrMacro(varstr, instr):
holder = []
str1 = ''
str2 = ''
str1 = varstr + ' = "' + instr[:54] + '"'
for i in xrange(54, len(instr), 48):
holder.append(varstr + ' = '+ varstr +' + "'+instr[i:i+48])
str2 = '"\r\n'.join(holder)
str2 = str2 + "\""
str1 = str1 + "\r\n"+str2
return str1
def formStr(varstr, instr):
holder = []
str1 = ''
str2 = ''
str1 = varstr + ' = "' + instr[:56] + '"'
for i in xrange(56, len(instr), 48):
holder.append('"'+instr[i:i+48])
str2 = '"\r\n'.join(holder)
str2 = str2 + "\""
str1 = str1 + "\r\n"+str2
return "%s;" % str1
def randomuri(size = 15, chars=string.ascii_letters + string.digits):
return ''.join(random.choice(chars) for _ in range(size))