Minor changes and fixes

temp
m0rv4i 2019-04-12 16:23:08 +01:00
parent bae6af217e
commit ae3c5ed3cf
8 changed files with 13 additions and 9 deletions

View File

@ -14,5 +14,6 @@ py_alias = [
# C# Implant # C# Implant
cs_alias = [ cs_alias = [
["s","get-screenshot"], ["s","get-screenshot"],
["safetydump", "run-exe SafetyDump.Program SafetyDump"] ["safetydump", "run-exe SafetyDump.Program SafetyDump"],
["seatbelt", "run-exe Seatbelt.Program Seatbelt all"]
] ]

View File

@ -122,6 +122,7 @@ def run_autoloads(command, randomuri, user):
if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "find-domainshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user) if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
@ -131,4 +132,4 @@ def run_autoloads(command, randomuri, user):
if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user) if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user) if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user) if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
if command.lower().strip().startswith("seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)

View File

@ -18,7 +18,7 @@ def main():
sys.exit(1) sys.exit(1)
conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite')) conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite'))
with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1): with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1):
print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r', '\r').replace('\\n', '\n')) print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r\\n', '\r\n'))
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View File

@ -92,6 +92,7 @@ run-exe SharpUp.Program SharpUp
Privilege Escalation: Privilege Escalation:
======================= =======================
seatbelt
loadmodule Seatbelt.exe loadmodule Seatbelt.exe
run-exe Seatbelt.Program Seatbelt all run-exe Seatbelt.Program Seatbelt all
run-exe Seatbelt.Program Seatbelt BasicOSInfo run-exe Seatbelt.Program Seatbelt BasicOSInfo
@ -449,7 +450,7 @@ COMMANDS = ['loadmodule',"bloodhound","brute-ad","brute-locadmin",
"startanotherimplant","remove-persistence","removeexe-persistence","installexe-persistence","get-hash","get-creds","resolve-ipaddress", "startanotherimplant","remove-persistence","removeexe-persistence","installexe-persistence","get-hash","get-creds","resolve-ipaddress",
"invoke-wmievent","remove-wmievent","get-wmievent","invoke-smbclient","get-keystrokedata","unhidefile","hidefile", "label-implant", "invoke-wmievent","remove-wmievent","get-wmievent","invoke-smbclient","get-keystrokedata","unhidefile","hidefile", "label-implant",
'invoke-psexecpayload','invoke-wmipayload','invoke-dcompayload','invoke-psexecproxypayload','invoke-wmiproxypayload', 'invoke-psexecpayload','invoke-wmipayload','invoke-dcompayload','invoke-psexecproxypayload','invoke-wmiproxypayload',
'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords'] 'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords', "get-inveigh"]
# post help commands python implant # post help commands python implant
UXCOMMANDS = ["label-implant", "unhide-implant","hide-implant","help","searchhelp","python","loadmodule", UXCOMMANDS = ["label-implant", "unhide-implant","hide-implant","help","searchhelp","python","loadmodule",
@ -461,4 +462,4 @@ SHARPCOMMANDS = ["get-userinfo","stop-keystrokes","get-keystrokes","delete","mov
"download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential", "download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential",
"testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir", "testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir",
"inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule", "inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule",
"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump"] "loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump", "seatbelt"]

View File

@ -166,7 +166,7 @@ def startup(user, printhelp = ""):
Arch = i[10] Arch = i[10]
PID = i[8] PID = i[8]
Pivot = i[15] Pivot = i[15]
Sleep = i[13] Sleep = i[13].strip()
Label = i[16] Label = i[16]
if Pivot == "Daisy": Pivot = "D" if Pivot == "Daisy": Pivot = "D"
elif Pivot == "C#": Pivot = "C#" elif Pivot == "C#": Pivot = "C#"

View File

@ -38,11 +38,12 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
command = "" command = ""
if ri.lower() == "y": if ri.lower() == "y":
command = command command = command
break
if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower(): if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
new_sleep = command.replace('set-beacon ', '') new_sleep = command.replace('set-beacon ', '')
new_sleep = new_sleep.replace('setbeacon ', '') new_sleep = new_sleep.replace('setbeacon ', '')
new_sleep = new_sleep.replace('beacon ', '') new_sleep = new_sleep.replace('beacon ', '').strip()
if not validate_sleep_time(new_sleep): if not validate_sleep_time(new_sleep):
print(Colours.RED) print(Colours.RED)
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h") print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")

View File

@ -18,7 +18,7 @@ def handle_py_command(command, user, randomuri, startup):
if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower(): if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
new_sleep = command.replace('set-beacon ', '') new_sleep = command.replace('set-beacon ', '')
new_sleep = new_sleep.replace('setbeacon ', '') new_sleep = new_sleep.replace('setbeacon ', '')
new_sleep = new_sleep.replace('beacon ', '') new_sleep = new_sleep.replace('beacon ', '').strip()
if not validate_sleep_time(new_sleep): if not validate_sleep_time(new_sleep):
print(Colours.RED) print(Colours.RED)
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h") print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")

View File

@ -185,7 +185,7 @@ def handle_sharp_command(command, user, randomuri, startup):
elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower(): elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
new_sleep = command.replace('set-beacon ', '') new_sleep = command.replace('set-beacon ', '')
new_sleep = new_sleep.replace('setbeacon ', '') new_sleep = new_sleep.replace('setbeacon ', '')
new_sleep = new_sleep.replace('beacon ', '') new_sleep = new_sleep.replace('beacon ', '').strip()
if not validate_sleep_time(new_sleep): if not validate_sleep_time(new_sleep):
print(Colours.RED) print(Colours.RED)
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h") print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")