Skip to content

Instantly share code, notes, and snippets.

@rsmudge
Created February 19, 2016 16:24
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save rsmudge/c61683d57e94d04c862c to your computer and use it in GitHub Desktop.
Save rsmudge/c61683d57e94d04c862c to your computer and use it in GitHub Desktop.
Aggressor Script IRC Example
#
# Quick/Dirty IRC Library for use with Aggressor Script
# https://www.cobaltstrike.com/aggressor-script/index.html
#
# irc_close($handle);
sub irc_close {
println($1, "QUIT :Good bye!");
closef($1);
}
# irc_join($handle, "#armitage");
sub irc_join {
println($1, "JOIN $2");
}
# irc_msg($handle, "#armitage", "Hello World");
sub irc_msg {
println($1, "PRIVMSG $2 : $+ $3");
}
# $handle = irc_connect("irc.freenode.net", 6667, "CobaltStrikeBot");
sub irc_connect {
local('$handle');
$handle = connect($1, $2);
fork({
local('$temp');
println($handle, "USER a b c :Cobalt Strike Bot");
println($handle, "NICK $nick");
while $temp (readln($handle)) {
# keep this IRC connection alive
if ("PING*" iswm $temp) {
println($handle, "PONG " . substr($temp, 5));
}
# extract channel messages
else if ($temp ismatch ":(.*?)!.* PRIVMSG (#.*?) :(.*)") {
local('$from $channel $message');
($from $channel, $message) = matched();
fireEvent("irc_public", $handle, $from, $channel, $message);
}
# fire an event for everything else..
else {
fireEvent("irc_other", $handle, "$temp");
}
}
}, \$handle, $nick => $3);
return $handle;
}
#
# example...
#
on irc_public {
local('$handle $from $channel $text');
($handle, $from, $channel, $text) = @_;
#println("< $from $+ : $+ channel $+ > $text");
if ($text eq "!test") {
irc_msg($handle, $channel, "I am responding to !test from $from");
}
else if ($text eq "!quit") {
irc_msg($handle, $channel, "Good bye!");
irc_close($handle);
}
}
on irc_other {
local('$handle $text');
($handle, $text) = @_;
#println($text);
# End of /MOTD command is a good time for an auto-join
if (":* 376 * :*" iswm $text) {
irc_join($handle, "#test_cobalt");
}
}
$handle = irc_connect("irc.freenode.net", 6667, "CobaltStrikeBot");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment