Minor changes and fixes

Alias.py

@@ -14,5 +14,6 @@ py_alias = [
 # C# Implant
 cs_alias = [
     ["s","get-screenshot"],
-    ["safetydump", "run-exe SafetyDump.Program SafetyDump"]
+    ["safetydump", "run-exe SafetyDump.Program SafetyDump"],
+    ["seatbelt", "run-exe Seatbelt.Program Seatbelt all"]
 ]

AutoLoads.py

@@ -122,6 +122,7 @@ def run_autoloads(command, randomuri, user):
   if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
   if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
   if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
+  if "find-domainshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
   if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
   if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
   if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
@@ -131,4 +132,4 @@ def run_autoloads(command, randomuri, user):
   if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
   if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
   if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
-  
+  if command.lower().strip().startswith("seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)

Files/fpc.py

@@ -18,7 +18,7 @@ def main():
 		sys.exit(1)
 	conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite'))
 	with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1):
-		print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r', '\r').replace('\\n', '\n'))
+		print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r\\n', '\r\n'))
 
 if __name__ == '__main__':
 	main()

Help.py

@@ -92,6 +92,7 @@ run-exe SharpUp.Program SharpUp
 
 Privilege Escalation:
 =======================
+seatbelt
 loadmodule Seatbelt.exe
 run-exe Seatbelt.Program Seatbelt all
 run-exe Seatbelt.Program Seatbelt BasicOSInfo
@@ -449,7 +450,7 @@ COMMANDS = ['loadmodule',"bloodhound","brute-ad","brute-locadmin",
 "startanotherimplant","remove-persistence","removeexe-persistence","installexe-persistence","get-hash","get-creds","resolve-ipaddress",
 "invoke-wmievent","remove-wmievent","get-wmievent","invoke-smbclient","get-keystrokedata","unhidefile","hidefile", "label-implant",
 'invoke-psexecpayload','invoke-wmipayload','invoke-dcompayload','invoke-psexecproxypayload','invoke-wmiproxypayload',
-'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords']
+'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords', "get-inveigh"]
 
 # post help commands python implant
 UXCOMMANDS = ["label-implant", "unhide-implant","hide-implant","help","searchhelp","python","loadmodule",
@@ -461,4 +462,4 @@ SHARPCOMMANDS = ["get-userinfo","stop-keystrokes","get-keystrokes","delete","mov
 "download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential",
 "testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir",
 "inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule",
-"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump"]
+"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump", "seatbelt"]

ImplantHandler.py

@@ -166,7 +166,7 @@ def startup(user, printhelp = ""):
         Arch = i[10]
         PID = i[8]
         Pivot = i[15]
-        Sleep = i[13]
+        Sleep = i[13].strip()
         Label = i[16]
         if Pivot == "Daisy": Pivot = "D"
         elif Pivot == "C#": Pivot = "C#"

PSHandler.py

@@ -38,11 +38,12 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
           command = ""
         if ri.lower() == "y":
           command = command
+        break
 
     if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
       new_sleep = command.replace('set-beacon ', '')
       new_sleep = new_sleep.replace('setbeacon ', '')
-      new_sleep = new_sleep.replace('beacon ', '')
+      new_sleep = new_sleep.replace('beacon ', '').strip()
       if not validate_sleep_time(new_sleep):
         print(Colours.RED)
         print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")

PyHandler.py

@@ -18,7 +18,7 @@ def handle_py_command(command, user, randomuri, startup):
     if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
       new_sleep = command.replace('set-beacon ', '')
       new_sleep = new_sleep.replace('setbeacon ', '')
-      new_sleep = new_sleep.replace('beacon ', '')
+      new_sleep = new_sleep.replace('beacon ', '').strip()
       if not validate_sleep_time(new_sleep):
         print(Colours.RED)
         print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")

SharpHandler.py

@@ -185,7 +185,7 @@ def handle_sharp_command(command, user, randomuri, startup):
     elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
         new_sleep = command.replace('set-beacon ', '')
         new_sleep = new_sleep.replace('setbeacon ', '')
-        new_sleep = new_sleep.replace('beacon ', '')
+        new_sleep = new_sleep.replace('beacon ', '').strip()
         if not validate_sleep_time(new_sleep):
           print(Colours.RED)
           print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")