152 lines
6.8 KiB
Plaintext
152 lines
6.8 KiB
Plaintext
4.8 (13/02/19)
|
|
==============
|
|
Insert tasks when first picked up by the implant with start time
|
|
Update task when response returned with output and completed time
|
|
Log task ID in task sent/received
|
|
Add ability to set username and associate username to tasks issued
|
|
Print user in task information when the username is not empty
|
|
Improved error handling and logging
|
|
Rename CompletedTasks table to Tasks table
|
|
Method name refactoring around above changes
|
|
Pull out implant cores into Implant-Core.py/.cs/.ps1
|
|
Rename 2nd stage cores into Stage2-Core.py/.ps1
|
|
Stage2-Core.ps1 (previously Implant-Core.ps1) is no longer flagged by AMSI
|
|
Use prepared statements in the DB
|
|
Refactoring work to start to break up dependency cycle
|
|
Rename DB to Database in Config.py to avoid name clashes
|
|
Pull some dependency-less functions into Utils.py to aid dependency management
|
|
Fix download-file so that if the same file is downloaded multiple times it gets downloaded to name-1.ext name-2.ext etc
|
|
Adjust user/host printing to always be domain\user @ host in implants & logs
|
|
Fix CreateRawBase payload creation, used in gzip powershell stager and commands like get-system
|
|
Added ImplantID to Tasks table as a foreign key, so it's logged in the Tasks report
|
|
Added Testing.md for testing checklist/methodology
|
|
Fix Get-ScreenshotAllWindows to return correct file extension
|
|
Fix searchhelp for commands with caps
|
|
Implant timeout highlighting is now based on beacon time - yellow if it's not checked in for 3x beacon time and red if not checked in for 10x beacon time
|
|
Setting and viewing beacon time is now consistent across config and implant types - always 50s/10m/1h format
|
|
Added validation for beacon time that it matches the correct format
|
|
Fix StartAnotherImplant command for python implant
|
|
Rename RandomURI column in html output to Context, and print it as domain\username @ hostname
|
|
Move service instructions to readme so that poshc2.service can just be copied to /lib/systemd/system
|
|
Removed C2Viewer.py and added instructions for same functionality to readme just using system commands
|
|
|
|
4.7 (03/02/19)
|
|
==============
|
|
Added Opsec.py to allow users to state various command that they DO NOT want to run
|
|
Added Alias.py to allow users to have their own alias for various commands
|
|
Fixed HTML output to sort formatting once again
|
|
|
|
4.6 (26/12/18)
|
|
==============
|
|
Updated quickcommand on restart with new IP address
|
|
re-print quickstart when restarting C2Server.py
|
|
Updated migrate command in implant handler & added Escape for HTML output
|
|
Major refector of the portscanner by rolen
|
|
Fixed proxy payloads for powershell implant
|
|
Updated tasks command
|
|
Fixed linuxprivchecker to work through a proxy
|
|
Fixed config output for Apache rewrite rules by console
|
|
Added ability to load and execute LinuxPrivChecker in memory on *nix by pwndexter
|
|
Updated Core DLL for Sharp implant
|
|
Updated kill-implant options on Sharp implant
|
|
Added Sharp Implant and corresponding DLLs/Shellcode
|
|
|
|
4.5 (19/11/18)
|
|
==============
|
|
Removed Invoke-Enum
|
|
Merged Get-TokenElevationType.ps1 by jmhickman
|
|
Added TLS Config to Python Server
|
|
Updated README
|
|
Updated Get-IPAddress
|
|
Merged OfflineReportGenerator.py by skahwah
|
|
Updated to latest PowerUp.ps1
|
|
Updated INSTALL notes
|
|
Updated to work with FIPSAlgorithmPolicy
|
|
Updated to latest Invoke-Kerberoast & Invoke-Mimikatz
|
|
Removed process start for Netsh.exe on non migrate executable
|
|
|
|
4.4 (10/11/18)
|
|
==============
|
|
Inject Shellcode 32bit to 6bit using https://github.com/Coder666/Invoke-CreateRemoteThread64
|
|
Added simple Get-IPConfig cmdlet
|
|
Updated to include most recent commits
|
|
Updated to add option to upload file that is not Hidden & System
|
|
Identify if SSL inspection is enabled for web traffic
|
|
Obtain a user hash using the methods from 'Internal-Monologue'
|
|
Updated to handle accents on hostnames or users
|
|
Updated Get-Processfull & Get-Processlist to handle errors on GetOwner()
|
|
Updated syntax error in WMIEvent module
|
|
Updated Shellcode/DLL to support scriptblock / transcript bypass
|
|
Updated default ps command - Now uses Get-ProcessList not Get-ProcessFull
|
|
Updated opsec command to add users compromised
|
|
Removed sleep as beacon command - set-beacon, beacon or setbeacon
|
|
Updated Unhook-AMSI (https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html)
|
|
Removed html and replaced with cgi requirement for HTML encoding on output-to-html
|
|
Updated print statements in C2Server,ImplantHandler & AutoLoads in preperation for Python3
|
|
Updated output-to-html to escape HTML characters
|
|
|
|
4.3 (27/10/18)
|
|
==============
|
|
Updated HTML Output for Implants.html
|
|
Updated OPSEC command for persistence
|
|
Updated Implant Naming Convention to use [Security.Principal.WindowsIdentity]::GetCurrent()).name
|
|
Updated ImplantHandler new User Idenfication for Primary Token Use
|
|
Updated Invoke-RunAs under SYSTEM with CreateProcessAsUser
|
|
Updated Implant-Core process list to use get-processlist function (pinvoke - CreateToolhelp32Snapshot)
|
|
Updated autoloads for cmdlets which were missing
|
|
Added standalone msbuild.xml output format to payloads.py
|
|
Update Msbuild.xml to work with Windows10 64bit (replaced mem.copy to WriteProcessMemory)
|
|
Updated Inject-Shellcode to remove processpath and leave procpath
|
|
Added Get-ProcessList Module which uses winapi to do ps list (pinvoke - CreateToolhelp32Snapshot)
|
|
Added QueueUserAPC to Inject-Shellcode (migrate -Suspended -QueueUserAPC)
|
|
Merge pull request #6 from m0rv4i/update-script
|
|
Updated Inject-Shellcode base directory to /proj/payloads
|
|
Updated output-to-html to Encode HTML Chars
|
|
Updated show-serverinfo
|
|
Added CSC output format to payloads.py
|
|
Added List-URLs Command to DB
|
|
Updated CredPopper puts default username and has minimum password limit
|
|
Minor changes to documentation
|
|
|
|
4.2
|
|
====
|
|
m0rv4i modified update.sh to stash git changes
|
|
m0rv4i added laps command from ImplantHandler to autoload
|
|
m0rv4i added Get-LAPSPasswords.ps1
|
|
|
|
4.1
|
|
====
|
|
Updated Python Implant to Work with createnewpayload
|
|
Removed Error on Time
|
|
Added WMIEvents and Incorporated Invoke-SMBClient
|
|
Added MSBuild Files to PoshC2
|
|
Updated to Include Pushover API
|
|
Added KillDate to Python Implant
|
|
Updated Get-Keystrokes
|
|
Added Hide-Implant Mac
|
|
Added Hash Verification on Python Downloader
|
|
Added Loadodule and Python execution to Mac
|
|
Update get-keystrokes
|
|
Added get-keystrokes for Mac
|
|
Added Error Handling Mac
|
|
Updated Opsec for Persistence Files
|
|
Updated Persistence Comment
|
|
Updated Persistence Status
|
|
Added Crontab Persistence and Download-File for Mac
|
|
Updated SMBExec/WMIExec Password Options not to use Add-Type
|
|
Added Python Downloader
|
|
Updated startanotherimplant
|
|
Updated Kill Implant OSx
|
|
Updated Pbind
|
|
Updated OSX for StartAnotherImplant
|
|
Updated Help for OSX
|
|
Added Domain Fronting for OSx Implant
|
|
Updated Posh EXE Downloader
|
|
Updated InstallEXE-Persistence
|
|
Added Screenshot Mac OSX
|
|
Updated to remove requirement for pycrypto for Python implants
|
|
Updated Brute-AD to Add Domain Flag
|
|
Updated Brute-AD Module
|
|
Updated to include AMSI Bypass
|
|
Updated PoshC2 to have the AMSI bypass by default in the Shellcode
|