Minor changes and fixes
parent
bae6af217e
commit
ae3c5ed3cf
3
Alias.py
3
Alias.py
|
@ -14,5 +14,6 @@ py_alias = [
|
||||||
# C# Implant
|
# C# Implant
|
||||||
cs_alias = [
|
cs_alias = [
|
||||||
["s","get-screenshot"],
|
["s","get-screenshot"],
|
||||||
["safetydump", "run-exe SafetyDump.Program SafetyDump"]
|
["safetydump", "run-exe SafetyDump.Program SafetyDump"],
|
||||||
|
["seatbelt", "run-exe Seatbelt.Program Seatbelt all"]
|
||||||
]
|
]
|
||||||
|
|
|
@ -122,6 +122,7 @@ def run_autoloads(command, randomuri, user):
|
||||||
if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "get-netdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "get-netdomaincontroller" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "get-netforest" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
|
if "find-domainshare" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "get-netforestdomain" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "invoke-mapdomaintrust" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
if "get-wmireglastloggedon" in command.lower(): check_module_loaded("powerview.ps1", randomuri, user)
|
||||||
|
@ -131,4 +132,4 @@ def run_autoloads(command, randomuri, user):
|
||||||
if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
if "remove-wmievent" in command.lower(): check_module_loaded("Invoke-WMIEvent.ps1", randomuri, user)
|
||||||
if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
if "invoke-wmi" in command.lower(): check_module_loaded("Invoke-WMIExec.ps1", randomuri, user)
|
||||||
if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
|
if "get-lapspasswords" in command.lower(): check_module_loaded("Get-LAPSPasswords.ps1", randomuri, user)
|
||||||
|
if command.lower().strip().startswith("seatbelt"): check_module_loaded("Seatbelt.exe", randomuri, user)
|
|
@ -18,7 +18,7 @@ def main():
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite'))
|
conn = sqlite3.connect(os.path.join(args.project, 'PowershellC2.SQLite'))
|
||||||
with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1):
|
with pandas.option_context('display.max_rows', None, 'display.max_columns', None, 'display.max_colwidth', -1):
|
||||||
print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r', '\r').replace('\\n', '\n'))
|
print (str(pandas.read_sql_query("SELECT Command,Output from Tasks where User like '%s' and Command like '%%%s%%' and Output like '%%%s%%'" % (args.user, args.command, args.output), conn)).replace('\\r\\n', '\r\n'))
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
5
Help.py
5
Help.py
|
@ -92,6 +92,7 @@ run-exe SharpUp.Program SharpUp
|
||||||
|
|
||||||
Privilege Escalation:
|
Privilege Escalation:
|
||||||
=======================
|
=======================
|
||||||
|
seatbelt
|
||||||
loadmodule Seatbelt.exe
|
loadmodule Seatbelt.exe
|
||||||
run-exe Seatbelt.Program Seatbelt all
|
run-exe Seatbelt.Program Seatbelt all
|
||||||
run-exe Seatbelt.Program Seatbelt BasicOSInfo
|
run-exe Seatbelt.Program Seatbelt BasicOSInfo
|
||||||
|
@ -449,7 +450,7 @@ COMMANDS = ['loadmodule',"bloodhound","brute-ad","brute-locadmin",
|
||||||
"startanotherimplant","remove-persistence","removeexe-persistence","installexe-persistence","get-hash","get-creds","resolve-ipaddress",
|
"startanotherimplant","remove-persistence","removeexe-persistence","installexe-persistence","get-hash","get-creds","resolve-ipaddress",
|
||||||
"invoke-wmievent","remove-wmievent","get-wmievent","invoke-smbclient","get-keystrokedata","unhidefile","hidefile", "label-implant",
|
"invoke-wmievent","remove-wmievent","get-wmievent","invoke-smbclient","get-keystrokedata","unhidefile","hidefile", "label-implant",
|
||||||
'invoke-psexecpayload','invoke-wmipayload','invoke-dcompayload','invoke-psexecproxypayload','invoke-wmiproxypayload',
|
'invoke-psexecpayload','invoke-wmipayload','invoke-dcompayload','invoke-psexecproxypayload','invoke-wmiproxypayload',
|
||||||
'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords']
|
'invoke-dcomproxypayload','invoke-psexecdaisypayload','invoke-wmidaisypayload', 'invoke-dcomdaisypayload', 'get-lapspasswords', "get-inveigh"]
|
||||||
|
|
||||||
# post help commands python implant
|
# post help commands python implant
|
||||||
UXCOMMANDS = ["label-implant", "unhide-implant","hide-implant","help","searchhelp","python","loadmodule",
|
UXCOMMANDS = ["label-implant", "unhide-implant","hide-implant","help","searchhelp","python","loadmodule",
|
||||||
|
@ -461,4 +462,4 @@ SHARPCOMMANDS = ["get-userinfo","stop-keystrokes","get-keystrokes","delete","mov
|
||||||
"download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential",
|
"download-file","get-content","ls-recurse","turtle","cred-popper","resolveip","resolvednsname","testadcredential",
|
||||||
"testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir",
|
"testlocalcredential","get-screenshot","modulesloaded","get-serviceperms","unhide-implant","arpscan","ls","pwd","dir",
|
||||||
"inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule",
|
"inject-shellcode","start-process","run-exe","run-dll","hide-implant","help","searchhelp","listmodules","loadmodule",
|
||||||
"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump"]
|
"loadmoduleforce","back","ps","beacon","setbeacon","kill-implant","get-screenshotmulti", "safetydump", "seatbelt"]
|
||||||
|
|
|
@ -166,7 +166,7 @@ def startup(user, printhelp = ""):
|
||||||
Arch = i[10]
|
Arch = i[10]
|
||||||
PID = i[8]
|
PID = i[8]
|
||||||
Pivot = i[15]
|
Pivot = i[15]
|
||||||
Sleep = i[13]
|
Sleep = i[13].strip()
|
||||||
Label = i[16]
|
Label = i[16]
|
||||||
if Pivot == "Daisy": Pivot = "D"
|
if Pivot == "Daisy": Pivot = "D"
|
||||||
elif Pivot == "C#": Pivot = "C#"
|
elif Pivot == "C#": Pivot = "C#"
|
||||||
|
|
|
@ -38,11 +38,12 @@ def handle_ps_command(command, user, randomuri, startup, createdaisypayload, cre
|
||||||
command = ""
|
command = ""
|
||||||
if ri.lower() == "y":
|
if ri.lower() == "y":
|
||||||
command = command
|
command = command
|
||||||
|
break
|
||||||
|
|
||||||
if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
if ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||||
new_sleep = command.replace('set-beacon ', '')
|
new_sleep = command.replace('set-beacon ', '')
|
||||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||||
new_sleep = new_sleep.replace('beacon ', '')
|
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||||
if not validate_sleep_time(new_sleep):
|
if not validate_sleep_time(new_sleep):
|
||||||
print(Colours.RED)
|
print(Colours.RED)
|
||||||
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
||||||
|
|
|
@ -18,7 +18,7 @@ def handle_py_command(command, user, randomuri, startup):
|
||||||
if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
if 'beacon' in command.lower() or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||||
new_sleep = command.replace('set-beacon ', '')
|
new_sleep = command.replace('set-beacon ', '')
|
||||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||||
new_sleep = new_sleep.replace('beacon ', '')
|
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||||
if not validate_sleep_time(new_sleep):
|
if not validate_sleep_time(new_sleep):
|
||||||
print(Colours.RED)
|
print(Colours.RED)
|
||||||
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
||||||
|
|
|
@ -185,7 +185,7 @@ def handle_sharp_command(command, user, randomuri, startup):
|
||||||
elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
elif ('beacon' in command.lower() and '-beacon' not in command.lower()) or 'set-beacon' in command.lower() or 'setbeacon' in command.lower():
|
||||||
new_sleep = command.replace('set-beacon ', '')
|
new_sleep = command.replace('set-beacon ', '')
|
||||||
new_sleep = new_sleep.replace('setbeacon ', '')
|
new_sleep = new_sleep.replace('setbeacon ', '')
|
||||||
new_sleep = new_sleep.replace('beacon ', '')
|
new_sleep = new_sleep.replace('beacon ', '').strip()
|
||||||
if not validate_sleep_time(new_sleep):
|
if not validate_sleep_time(new_sleep):
|
||||||
print(Colours.RED)
|
print(Colours.RED)
|
||||||
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
print("Invalid sleep command, please specify a time such as 50s, 10m or 1h")
|
||||||
|
|
Loading…
Reference in New Issue