This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: 2897b095-3356-456f-876c-3103f91352ab | |
| metadata: | |
| version: 1 | |
| authors: | |
| - khyberspache | |
| tags: | |
| - thinktank | |
| name: Capture clipboard using a module | |
| description: | | |
| Installs a user-land clipboard capture binary and collects the clipboard every 30 seconds for 10 minutes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| platforms: | |
| windows: | |
| keyword: | |
| command: api.ps |
khyberspache
/ commands_windows_example.go
Created
September 3, 2021 18:39
Example CallNativeAPI implementation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package commands | |
| import ( | |
| "encoding/json" | |
| "log" | |
| "os" | |
| "syscall" | |
| "unsafe" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function run(argv) { | |
| beacon = new Beacon((argv.length > 0) ? (argv[0] || argv) : 'http://localhost:3391', (argv.length > 1) ? argv[1] : 'http'); | |
| while (true) { | |
| try { | |
| let tasks = runModule('c2', beacon.contact, {beacon: beacon}); | |
| beacon.Links = tasks.map(task => executeTask(Object.assign(new Instruction(), task, {Pid: beacon.pid}))); | |
| } catch (e) { | |
| console.log(`Beacon failed. ${e}`) | |
| } | |
| console.log(`Sleeping for ${beacon.Sleep} seconds`); |
khyberspache
/ hush_handle_api_task.js
Created
September 3, 2021 19:12
Example of hush handling an API task
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (task[0] === 'api') { | |
| if (task[2]) { | |
| try { | |
| task[2] = JSON.parse(task[2]); | |
| } catch (e) { | |
| throw new Error("Could not parse module params: "+e.toString()); | |
| } | |
| } | |
| return runModule(task[0], task[1], task[2] || null); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:AuthorizeSecurityGroupIngress", | |
| "ec2:DescribeAddresses", | |
| "ec2:DescribeImages", | |
| "ec2:DescribeInstances", |
khyberspache
/ AzureInitialAccess.html
Created
September 9, 2022 15:17
Deploy payloads onto Azure VMs :)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <div id="plugin-header" class="profile-heading-container"> | |
| <div class="body"> | |
| <strong class="profile-heading">Initial access on Azure resources</strong> | |
| <p> | |
| Use Operator to get initial access on your Azure deployed resources. This will allow you deploy Pneuma (or PneumaEX for professional license holders) onto | |
| virtual machines running in Resource Groups on Microsoft Azure. | |
| </p> | |
| </div> | |
| </div> |
OlderNewer