Refactoring and start to break up the dependency cycle
parent
e16e73e629
commit
9e4a464577
|
@ -363,7 +363,7 @@ if __name__ == '__main__':
|
|||
print (Colours.END + "")
|
||||
|
||||
# KeyFile = None, CertFile = None, ClientCertCAs = None
|
||||
if os.path.isfile(DB):
|
||||
if os.path.isfile(Database):
|
||||
print ("Using existing database / project" + Colours.GREEN)
|
||||
C2 = get_c2server_all()
|
||||
if (C2[1] == HostnameIP):
|
||||
|
|
|
@ -6,7 +6,7 @@ PORT_NUMBER = 443
|
|||
|
||||
POSHDIR = "/opt/PoshC2_Python/"
|
||||
ROOTDIR = "/opt/PoshC2_Project/"
|
||||
HostnameIP = "https://172.16.0.124"
|
||||
HostnameIP = "https://192.168.233.1"
|
||||
DomainFrontHeader = "" # example df.azureedge.net
|
||||
DefaultSleep = "5"
|
||||
KillDate = "08/06/2019"
|
||||
|
@ -59,7 +59,7 @@ PayloadsDirectory = "%spayloads/" % ROOTDIR
|
|||
ModulesDirectory = "%sModules/" % POSHDIR
|
||||
DownloadsDirectory = "%sdownloads/" % ROOTDIR
|
||||
ReportsDirectory = "%sreports/" % ROOTDIR
|
||||
DB = "%s/PowershellC2.SQLite" % ROOTDIR
|
||||
Database = "%s/PowershellC2.SQLite" % ROOTDIR
|
||||
|
||||
# DO NOT CHANGE #
|
||||
# These rules aren't needed as you'll find them auto-generated within the project folder now.
|
||||
|
|
36
Core.py
36
Core.py
|
@ -1,39 +1,12 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import zlib, argparse, os, re, datetime, time, base64, string, random, codecs
|
||||
from C2Server import *
|
||||
from Config import *
|
||||
from Utils import *
|
||||
|
||||
def default_response():
|
||||
return (random.choice(HTTPResponses)).replace("#RANDOMDATA#",randomuri())
|
||||
|
||||
def formStr(varstr, instr):
|
||||
holder = []
|
||||
str1 = ''
|
||||
str2 = ''
|
||||
str1 = varstr + ' = "' + instr[:56] + '"'
|
||||
for i in xrange(56, len(instr), 48):
|
||||
holder.append('"'+instr[i:i+48])
|
||||
str2 = '"\r\n'.join(holder)
|
||||
|
||||
str2 = str2 + "\""
|
||||
str1 = str1 + "\r\n"+str2
|
||||
return "%s;" % str1
|
||||
|
||||
def formStrMacro(varstr, instr):
|
||||
holder = []
|
||||
str1 = ''
|
||||
str2 = ''
|
||||
str1 = varstr + ' = "' + instr[:54] + '"'
|
||||
for i in xrange(54, len(instr), 48):
|
||||
holder.append(varstr + ' = '+ varstr +' + "'+instr[i:i+48])
|
||||
str2 = '"\r\n'.join(holder)
|
||||
|
||||
str2 = str2 + "\""
|
||||
str1 = str1 + "\r\n"+str2
|
||||
return str1
|
||||
|
||||
|
||||
def load_module(module_name):
|
||||
file = codecs.open(("%sModules/%s" % (POSHDIR,module_name)), 'r', encoding='utf-8-sig')
|
||||
return file.read()
|
||||
|
@ -62,13 +35,6 @@ def get_images():
|
|||
count += 1
|
||||
return images
|
||||
|
||||
def gen_key():
|
||||
key = os.urandom(256/8)
|
||||
return base64.b64encode(key)
|
||||
|
||||
def randomuri(size = 15, chars=string.ascii_letters + string.digits):
|
||||
return ''.join(random.choice(chars) for _ in range(size))
|
||||
|
||||
# Decrypt a string from base64 encoding
|
||||
def get_encryption( key, iv='0123456789ABCDEF' ):
|
||||
from Crypto.Cipher import AES
|
||||
|
|
115
DB.py
115
DB.py
|
@ -3,8 +3,7 @@
|
|||
import datetime, time
|
||||
import sqlite3
|
||||
from sqlite3 import Error
|
||||
from C2Server import DB
|
||||
from ImplantHandler import DB
|
||||
from Config import Database
|
||||
|
||||
def initializedb():
|
||||
create_implants = """CREATE TABLE IF NOT EXISTS Implants (
|
||||
|
@ -93,7 +92,7 @@ def initializedb():
|
|||
ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL UNIQUE,
|
||||
Command TEXT);"""
|
||||
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
|
||||
if conn is not None:
|
||||
|
@ -110,14 +109,14 @@ def initializedb():
|
|||
print("Error! cannot create the database connection.")
|
||||
|
||||
def setupserver(HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO C2Server (HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",(HostnameIP,EncKey,DomainFrontHeader,DefaultSleep,KillDate,HTTPResponse,FolderPath,ServerPort,QuickCommand,DownloadURI,ProxyURL,ProxyUser,ProxyPass,Sounds,APIKEY,MobileNumber,URLS,SocksURLS,Insecure,UserAgent,Referer,APIToken,APIUser,EnableNotifications))
|
||||
conn.commit()
|
||||
|
||||
def get_c2server_all():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM C2Server")
|
||||
|
@ -128,7 +127,7 @@ def get_c2server_all():
|
|||
return None
|
||||
|
||||
def get_implants_all():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants")
|
||||
|
@ -139,7 +138,7 @@ def get_implants_all():
|
|||
return None
|
||||
|
||||
def get_newtasks_all():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM NewTasks")
|
||||
|
@ -150,28 +149,28 @@ def get_newtasks_all():
|
|||
return None
|
||||
|
||||
def new_urldetails( RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO URLs (RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry) VALUES (?, ?, ?, ?, ?, ?, ?)",(RandomID, URL, HostHeader, ProxyURL, ProxyUsername, ProxyPassword, CredentialExpiry))
|
||||
conn.commit()
|
||||
|
||||
def drop_newtasks():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NewTasks ")
|
||||
conn.commit()
|
||||
|
||||
def new_task( task, user, randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO NewTasks (RandomURI, Command, User) VALUES (?, ?, ?)",(randomuri, task, user))
|
||||
conn.commit()
|
||||
|
||||
def get_lastcommand():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM History ORDER BY ID DESC LIMIT 1")
|
||||
|
@ -185,14 +184,14 @@ def get_lastcommand():
|
|||
return None
|
||||
|
||||
def new_commandhistory( command ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO History (Command) VALUES (?)",(command,))
|
||||
conn.commit()
|
||||
|
||||
def get_history_dict():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM History")
|
||||
|
@ -203,7 +202,7 @@ def get_history_dict():
|
|||
return None
|
||||
|
||||
def get_history():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM History")
|
||||
|
@ -218,7 +217,7 @@ def get_history():
|
|||
return None
|
||||
|
||||
def get_implants():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE Alive='Yes'")
|
||||
|
@ -229,7 +228,7 @@ def get_implants():
|
|||
return None
|
||||
|
||||
def get_implanttype( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT Pivot FROM Implants WHERE RandomURI=?",(randomuri,))
|
||||
|
@ -240,7 +239,7 @@ def get_implanttype( randomuri ):
|
|||
return None
|
||||
|
||||
def get_implantdetails( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,))
|
||||
|
@ -251,7 +250,7 @@ def get_implantdetails( randomuri ):
|
|||
return None
|
||||
|
||||
def get_hostdetails( implant_id ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE ImplantID=?",(implant_id,))
|
||||
|
@ -262,7 +261,7 @@ def get_hostdetails( implant_id ):
|
|||
return None
|
||||
|
||||
def get_randomuri( implant_id ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT RandomURI FROM Implants WHERE ImplantID=?",(implant_id,))
|
||||
|
@ -273,7 +272,7 @@ def get_randomuri( implant_id ):
|
|||
return None
|
||||
|
||||
def add_autorun(Task):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
|
@ -281,37 +280,37 @@ def add_autorun(Task):
|
|||
conn.commit()
|
||||
|
||||
def update_sleep( sleep, randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET Sleep=? WHERE RandomURI=?",(sleep, randomuri))
|
||||
conn.commit()
|
||||
|
||||
def update_label( label, randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET Label=? WHERE RandomURI=?",(label, randomuri))
|
||||
conn.commit()
|
||||
|
||||
def update_mods( modules, randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET ModsLoaded=? WHERE RandomURI=?",(modules, randomuri))
|
||||
conn.commit()
|
||||
|
||||
def kill_implant( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET Alive='No' WHERE RandomURI=?",(randomuri,))
|
||||
conn.commit()
|
||||
|
||||
def unhide_implant( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET Alive='Yes' WHERE RandomURI=?",(randomuri,))
|
||||
conn.commit()
|
||||
|
||||
def select_mods( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT ModsLoaded FROM Implants WHERE RandomURI=?", (randomuri,))
|
||||
|
@ -322,7 +321,7 @@ def select_mods( randomuri ):
|
|||
return None
|
||||
|
||||
def select_item(column, table):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT %s FROM %s" % (column, table))
|
||||
|
@ -333,35 +332,35 @@ def select_item(column, table):
|
|||
return None
|
||||
|
||||
def del_newtasks(TaskID):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM NewTasks WHERE TaskID=?", (TaskID,))
|
||||
conn.commit()
|
||||
|
||||
def del_autorun(TaskID):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM AutoRuns WHERE TaskID=?", (TaskID,))
|
||||
conn.commit()
|
||||
|
||||
def del_autoruns():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("DELETE FROM AutoRuns ")
|
||||
conn.commit()
|
||||
|
||||
def update_implant_lastseen(time, randomuri):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("UPDATE Implants SET LastSeen=? WHERE RandomURI=?", (time,randomuri))
|
||||
conn.commit()
|
||||
|
||||
def new_implant(RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("INSERT INTO Implants (RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", (RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen, PID, Proxy, Arch, Domain, Alive, Sleep, ModsLoaded, Pivot, Label))
|
||||
|
@ -370,7 +369,7 @@ def new_implant(RandomURI, User, Hostname, IpAddress, Key, FirstSeen, LastSeen,
|
|||
def insert_task(randomuri, command, user):
|
||||
now = datetime.datetime.now()
|
||||
sent_time = now.strftime("%m/%d/%Y %H:%M:%S")
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
|
@ -383,7 +382,7 @@ def insert_task(randomuri, command, user):
|
|||
def update_task(taskId, output):
|
||||
now = datetime.datetime.now()
|
||||
completedTime = now.strftime("%m/%d/%Y %H:%M:%S")
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.text_factory = str
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
|
@ -392,7 +391,7 @@ def update_task(taskId, output):
|
|||
return c.lastrowid
|
||||
|
||||
def update_item(column, table, value, wherecolumn=None, where=None):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
c = conn.cursor()
|
||||
if wherecolumn is None:
|
||||
c.execute("UPDATE %s SET %s=?" % (table,column), (value,))
|
||||
|
@ -401,7 +400,7 @@ def update_item(column, table, value, wherecolumn=None, where=None):
|
|||
conn.commit()
|
||||
|
||||
def get_implantbyid(id):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE ImplantID=?" , id)
|
||||
|
@ -412,7 +411,7 @@ def get_implantbyid(id):
|
|||
return None
|
||||
|
||||
def get_tasks():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Tasks")
|
||||
|
@ -423,7 +422,7 @@ def get_tasks():
|
|||
return None
|
||||
|
||||
def get_tasksbyid(id):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Tasks WHERE CompletedTaskID=?", id)
|
||||
|
@ -434,7 +433,7 @@ def get_tasksbyid(id):
|
|||
return None
|
||||
|
||||
def get_newtasksbyid(taskid):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM NewTasks WHERE TaskID=?", taskid)
|
||||
|
@ -445,7 +444,7 @@ def get_newtasksbyid(taskid):
|
|||
return None
|
||||
|
||||
def get_seqcount(table):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT seq FROM sqlite_sequence WHERE name=\"?\"", table)
|
||||
|
@ -456,7 +455,7 @@ def get_seqcount(table):
|
|||
return None
|
||||
|
||||
def get_baseenckey():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT EncKey FROM C2Server")
|
||||
|
@ -467,7 +466,7 @@ def get_baseenckey():
|
|||
return None
|
||||
|
||||
def get_dfheader():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT DomainFrontHeader FROM C2Server")
|
||||
|
@ -478,7 +477,7 @@ def get_dfheader():
|
|||
return None
|
||||
|
||||
def get_cmd_from_task_id(taskId):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT Command FROM Tasks WHERE TaskId=?", taskId)
|
||||
|
@ -489,7 +488,7 @@ def get_cmd_from_task_id(taskId):
|
|||
return None
|
||||
|
||||
def get_defaultuseragent():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT UserAgent FROM C2Server")
|
||||
|
@ -500,7 +499,7 @@ def get_defaultuseragent():
|
|||
return None
|
||||
|
||||
def get_defaultbeacon():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT DefaultSleep FROM C2Server")
|
||||
|
@ -511,7 +510,7 @@ def get_defaultbeacon():
|
|||
return None
|
||||
|
||||
def get_killdate():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT KillDate FROM C2Server")
|
||||
|
@ -522,7 +521,7 @@ def get_killdate():
|
|||
return None
|
||||
|
||||
def get_sharpurls():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT SocksURLS FROM C2Server")
|
||||
|
@ -533,7 +532,7 @@ def get_sharpurls():
|
|||
return None
|
||||
|
||||
def get_allurls():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT URLS FROM C2Server")
|
||||
|
@ -547,7 +546,7 @@ def get_allurls():
|
|||
return None
|
||||
|
||||
def get_beaconurl():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT URLS FROM C2Server")
|
||||
|
@ -559,7 +558,7 @@ def get_beaconurl():
|
|||
return None
|
||||
|
||||
def get_otherbeaconurls():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT URLS FROM C2Server")
|
||||
|
@ -570,7 +569,7 @@ def get_otherbeaconurls():
|
|||
return None
|
||||
|
||||
def get_newimplanturl():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT URLS FROM C2Server")
|
||||
|
@ -582,7 +581,7 @@ def get_newimplanturl():
|
|||
return None
|
||||
|
||||
def get_hostinfo(randomuri):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE RandomURI=?", (randomuri,))
|
||||
|
@ -593,7 +592,7 @@ def get_hostinfo(randomuri):
|
|||
return None
|
||||
|
||||
def get_c2urls():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM URLs")
|
||||
|
@ -604,7 +603,7 @@ def get_c2urls():
|
|||
return None
|
||||
|
||||
def get_autoruns():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM AutoRuns")
|
||||
|
@ -615,7 +614,7 @@ def get_autoruns():
|
|||
return None
|
||||
|
||||
def get_autorun():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM AutoRuns")
|
||||
|
@ -629,7 +628,7 @@ def get_autorun():
|
|||
return None
|
||||
|
||||
def get_pid(randomuri):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT PID FROM Implants WHERE RandomURI=?", (randomuri,))
|
||||
|
@ -640,7 +639,7 @@ def get_pid(randomuri):
|
|||
return None
|
||||
|
||||
def get_newtasks(randomuri):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM NewTasks WHERE RandomURI=?", (randomuri,))
|
||||
|
@ -651,7 +650,7 @@ def get_newtasks(randomuri):
|
|||
return None
|
||||
|
||||
def get_keys():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
result = c.execute("SELECT EncKey FROM C2Server")
|
||||
|
|
|
@ -11,7 +11,7 @@ using System.IO;
|
|||
using System.IO.Compression;
|
||||
using System.Collections.Generic;
|
||||
|
||||
//mono-csc /opt/PoshC2_Python_Git/Files/Sharp.cs -out:/tmp/Sharp.dll -target:library
|
||||
//mono-csc /opt/PoshC2_Python_Git/Files/Implant-Core.cs -out:/tmp/Sharp.dll -target:library
|
||||
//cat /tmp/Sharp.dll | base64 -w 0 | xclip
|
||||
|
||||
public class Program
|
6
HTML.py
6
HTML.py
|
@ -60,7 +60,7 @@ digraph "PoshC2" {
|
|||
|
||||
|
||||
def get_implants_all_db():
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants")
|
||||
|
@ -71,7 +71,7 @@ def get_implants_all_db():
|
|||
return None
|
||||
|
||||
def get_htmlimplant( randomuri ):
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
conn.row_factory = sqlite3.Row
|
||||
c = conn.cursor()
|
||||
c.execute("SELECT * FROM Implants WHERE RandomURI=?",(randomuri,))
|
||||
|
@ -366,7 +366,7 @@ __________ .__. _________ ________
|
|||
<input type="text" id="SearchUser" onkeyup="SearchUser()" placeholder="Search for user..">
|
||||
<input type="text" id="SearchURL" onkeyup="SearchURL()" placeholder="Search for URL..">
|
||||
"""
|
||||
conn = sqlite3.connect(DB)
|
||||
conn = sqlite3.connect(Database)
|
||||
pd.set_option('display.max_colwidth', -1)
|
||||
pd.options.mode.chained_assignment = None
|
||||
frame = pd.read_sql_query("SELECT * FROM %s" % table, conn)
|
||||
|
|
|
@ -41,9 +41,9 @@ NEWKEY8839394%s4939388YEKWEN
|
|||
IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDate, self.Sleep, self.Key, self.AllBeaconImages)
|
||||
with open("%spy_dropper.py" % (PayloadsDirectory), 'rb') as f:
|
||||
self.PythonImplant = base64.b64encode(f.read())
|
||||
py_implant_core = open("%s/PyImplant-Core.py" % FilesDirectory, 'r').read()
|
||||
py_implant_core = open("%s/Implant-Core.py" % FilesDirectory, 'r').read()
|
||||
self.PythonCore = py_implant_core % (self.DomainFrontHeader,self.Sleep, self.AllBeaconImages, self.AllBeaconURLs, self.KillDate, self.PythonImplant, self.Key, self.RandomURI, self.UserAgent)
|
||||
ps_implant_core = open("%s/PSImplant-Core.ps1" % FilesDirectory, 'r').read()
|
||||
ps_implant_core = open("%s/Implant-Core.ps1" % FilesDirectory, 'r').read()
|
||||
self.C2Core = ps_implant_core % (self.Key, self.Sleep, self.AllBeaconImages, self.RandomURI, self.RandomURI, self.KillDate, self.AllBeaconURLs)
|
||||
#Add all db elements
|
||||
|
||||
|
@ -101,8 +101,8 @@ IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDa
|
|||
new_implant(self.RandomURI, self.User, self.Hostname, self.IPAddress, self.Key, self.FirstSeen, self.FirstSeen, self.PID, self.Proxy, self.Arch, self.Domain, self.Alive, self.Sleep, self.ModsLoaded, self.Pivot, self.Label)
|
||||
|
||||
def autoruns(self):
|
||||
new_task("loadmodule Core.ps1", "autoruns", self.RandomURI)
|
||||
update_mods("Core.ps1", self.RandomURI)
|
||||
new_task("loadmodule Stage2-Core.ps1", "autoruns", self.RandomURI)
|
||||
update_mods("Stage2-Core.ps1", self.RandomURI)
|
||||
result = get_autoruns()
|
||||
if result:
|
||||
for autorun in result:
|
||||
|
|
|
@ -547,9 +547,9 @@ def runcommand(command, randomuri):
|
|||
|
||||
elif implant_type == "C#":
|
||||
try:
|
||||
check_module_loaded("Core.exe", randomuri, user)
|
||||
check_module_loaded("Stage2-Core.exe", randomuri, user)
|
||||
except Exception as e:
|
||||
print ("Error loading Core.exe: %s" % e)
|
||||
print ("Error loading Stage2-Core.exe: %s" % e)
|
||||
|
||||
# alias mapping
|
||||
for alias in cs_alias:
|
||||
|
@ -734,9 +734,9 @@ def runcommand(command, randomuri):
|
|||
|
||||
else:
|
||||
try:
|
||||
check_module_loaded("Core.ps1", randomuri, user)
|
||||
check_module_loaded("Stage2-Core.ps1", randomuri, user)
|
||||
except Exception as e:
|
||||
print ("Error loading Core.ps1: %s" % e)
|
||||
print ("Error loading Stage2-Core.ps1: %s" % e)
|
||||
|
||||
run_autoloads(command, randomuri, user)
|
||||
|
||||
|
|
14
Payloads.py
14
Payloads.py
|
@ -1,8 +1,8 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
from Core import *
|
||||
from Config import *
|
||||
from Colours import *
|
||||
from Utils import *
|
||||
import StringIO, gzip, io, base64, subprocess, os, hashlib, re
|
||||
|
||||
class Payloads(object):
|
||||
|
@ -171,7 +171,7 @@ class Payloads(object):
|
|||
|
||||
def CreateDlls(self, name=""):
|
||||
# Create Sharp DLL
|
||||
with open("%sSharp.cs" % FilesDirectory, 'rb') as f:
|
||||
with open("%sImplant-Core.cs" % FilesDirectory, 'rb') as f:
|
||||
content = f.read()
|
||||
cs = content.replace("#REPLACEKEY#",self.Key )
|
||||
cs1 = cs.replace("#REPLACEBASEURL#",(self.HostnameIP+":"+self.Serverport))
|
||||
|
@ -184,16 +184,16 @@ class Payloads(object):
|
|||
cs8 = cs7.replace("#REPLACEPROXYUSER#",self.Proxyuser)
|
||||
cs9 = cs8.replace("#REPLACEPROXYPASSWORD#",self.Proxypass)
|
||||
|
||||
self.QuickstartLog( "C# Payload written to: %s%sSharp.cs" % (self.BaseDirectory,name) )
|
||||
filename = "%s%sSharp.cs" % (self.BaseDirectory,name)
|
||||
self.QuickstartLog( "C# Payload written to: %s%sImplant-Core.cs" % (self.BaseDirectory,name) )
|
||||
filename = "%s%sImplant-Core.cs" % (self.BaseDirectory,name)
|
||||
output_file = open(filename, 'w')
|
||||
output_file.write(cs9)
|
||||
output_file.close()
|
||||
if os.name == 'nt':
|
||||
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sSharp.cs -o %s%sSharp.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
|
||||
compile = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\csc.exe %s%sImplant-Core.cs -o %s%sSharp.exe" % (self.BaseDirectory, name, self.BaseDirectory, name)
|
||||
else:
|
||||
compile = "mono-csc %s%sSharp.cs -out:%s%sSharp.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||
compileexe = "mono-csc %s%sSharp.cs -out:%s%sSharp.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||
compile = "mono-csc %s%sImplant-Core.cs -out:%s%sSharp.dll -target:library -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||
compileexe = "mono-csc %s%sImplant-Core.cs -out:%s%sSharp.exe -target:exe -warn:2" % (self.BaseDirectory,name,self.BaseDirectory,name)
|
||||
subprocess.check_output(compile, shell=True)
|
||||
self.QuickstartLog( "C# DLL written to: %s%sSharp.dll" % (self.BaseDirectory,name) )
|
||||
subprocess.check_output(compileexe, shell=True)
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
import os, base64, string, random
|
||||
|
||||
def gen_key():
|
||||
key = os.urandom(256/8)
|
||||
return base64.b64encode(key)
|
||||
|
||||
def formStrMacro(varstr, instr):
|
||||
holder = []
|
||||
str1 = ''
|
||||
str2 = ''
|
||||
str1 = varstr + ' = "' + instr[:54] + '"'
|
||||
for i in xrange(54, len(instr), 48):
|
||||
holder.append(varstr + ' = '+ varstr +' + "'+instr[i:i+48])
|
||||
str2 = '"\r\n'.join(holder)
|
||||
|
||||
str2 = str2 + "\""
|
||||
str1 = str1 + "\r\n"+str2
|
||||
return str1
|
||||
|
||||
def formStr(varstr, instr):
|
||||
holder = []
|
||||
str1 = ''
|
||||
str2 = ''
|
||||
str1 = varstr + ' = "' + instr[:56] + '"'
|
||||
for i in xrange(56, len(instr), 48):
|
||||
holder.append('"'+instr[i:i+48])
|
||||
str2 = '"\r\n'.join(holder)
|
||||
|
||||
str2 = str2 + "\""
|
||||
str1 = str1 + "\r\n"+str2
|
||||
return "%s;" % str1
|
||||
|
||||
def randomuri(size = 15, chars=string.ascii_letters + string.digits):
|
||||
return ''.join(random.choice(chars) for _ in range(size))
|
Loading…
Reference in New Issue