public override void Command(MenuItem menuItem, string UserInput) { MshtaLauncherMenuItem mshtaMenuItem = (MshtaLauncherMenuItem)menuItem; mshtaMenuItem.mshtaLauncher = this.CovenantClient.ApiLaunchersMshtaGet(); MshtaLauncher launcher = mshtaMenuItem.mshtaLauncher; Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Id == mshtaMenuItem.mshtaLauncher.ListenerId); EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "MshtaLauncher"); menu.Rows.Add(new List <string> { "Name:", launcher.Name }); menu.Rows.Add(new List <string> { "Description:", launcher.Description }); menu.Rows.Add(new List <string> { "ListenerName:", listener == null ? "" : listener.Name }); menu.Rows.Add(new List <string> { "ScriptLanguage:", launcher.ScriptLanguage.ToString() }); menu.Rows.Add(new List <string> { "DotNetFramework:", launcher.DotNetFrameworkVersion.ToString() }); menu.Rows.Add(new List <string> { "Delay:", (launcher.Delay ?? default).ToString() });
public override void Refresh() { try { this.MshtaLauncher = this.CovenantClient.ApiLaunchersMshtaGet(); this.AdditionalOptions.FirstOrDefault(AO => AO.Name == "Set").Parameters .FirstOrDefault(P => P.Name == "Option").Values .FirstOrDefault(V => V.Value == "ListenerName") .NextValueSuggestions = this.CovenantClient.ApiListenersGet() .Where(L => L.Status == ListenerStatus.Active) .Select(L => L.Name) .ToList(); var filevalues = new MenuCommandParameterValuesFromFilePath(Common.EliteDataFolder); this.AdditionalOptions.FirstOrDefault(AO => AO.Name == "Write").Parameters .FirstOrDefault().Values = filevalues; this.SetupMenuAutoComplete(); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } menuItem.Refresh(); MshtaLauncher launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; if (launcher.LauncherString == "") { this.CovenantClient.ApiLaunchersBinaryPost(); menuItem.Refresh(); EliteConsole.PrintFormattedHighlightLine("Generated MshtaLauncher: " + launcher.LauncherString); } string OutputFilePath = Common.EliteDataFolder + String.Concat(commands[1].Split(System.IO.Path.GetInvalidFileNameChars())); System.IO.File.WriteAllText(OutputFilePath, launcher.DiskCode); EliteConsole.PrintFormattedHighlightLine("Wrote MshtaLauncher hta to: \"" + OutputFilePath + "\""); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public ActionResult <MshtaLauncher> PutMshtaLauncher([FromBody] MshtaLauncher mshtaLauncher) { MshtaLauncher launcher = (MshtaLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Mshta); if (launcher == null || launcher.Id != mshtaLauncher.Id) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(L => L.Id == mshtaLauncher.ListenerId); if (listener != null) { launcher.ListenerId = mshtaLauncher.ListenerId; } launcher.Delay = mshtaLauncher.Delay; launcher.Jitter = mshtaLauncher.Jitter; launcher.ConnectAttempts = mshtaLauncher.ConnectAttempts; launcher.ScriptLanguage = mshtaLauncher.ScriptLanguage; launcher.DotNetFrameworkVersion = mshtaLauncher.DotNetFrameworkVersion; launcher.LauncherString = mshtaLauncher.LauncherString; launcher.DiskCode = mshtaLauncher.DiskCode; launcher.StagerCode = mshtaLauncher.StagerCode; _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public ActionResult <MshtaLauncher> GetMshtaLauncher() { MshtaLauncher launcher = (MshtaLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Mshta); if (launcher == null) { return(NotFound()); } return(Ok(launcher)); }
public override void Refresh() { this.mshtaLauncher = this.CovenantClient.ApiLaunchersMshtaGet(); this.AdditionalOptions.FirstOrDefault(AO => AO.Name.ToLower() == "set").Parameters .FirstOrDefault(P => P.Name.ToLower() == "option").Values .FirstOrDefault(V => V.Value.ToLower() == "listenername") .NextValueSuggestions = this.CovenantClient.ApiListenersGet() .Where(L => L.Status == ListenerStatus.Active) .Select(L => L.Name).ToList(); this.SetupMenuAutoComplete(); }
// GET: /launcher/mshtadownload public async Task <IActionResult> MshtaDownload() { try { MshtaLauncher mshtaLauncher = await _context.GetMshtaLauncher(); return(File(Common.CovenantEncoding.GetBytes(mshtaLauncher.DiskCode), MediaTypeNames.Text.Plain, "GruntStager.hta")); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); return(RedirectToAction(nameof(Create), new { id = "Mshta" })); } }
public async Task <ActionResult <MshtaLauncher> > EditMshtaLauncher([FromBody] MshtaLauncher launcher) { try { return(await _service.EditMshtaLauncher(launcher)); } catch (ControllerNotFoundException e) { return(NotFound(e.Message)); } catch (ControllerBadRequestException e) { return(BadRequest(e.Message)); } }
public override void Command(MenuItem menuItem, string UserInput) { try { menuItem.Refresh(); MshtaLauncher launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Id == launcher.ListenerId); EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "MshtaLauncher"); menu.Rows.Add(new List <string> { "Name:", launcher.Name }); menu.Rows.Add(new List <string> { "Description:", launcher.Description }); menu.Rows.Add(new List <string> { "ListenerName:", listener == null ? "" : listener.Name }); menu.Rows.Add(new List <string> { "CommType:", launcher.CommType.ToString() }); if (launcher.CommType == CommunicationType.HTTP) { menu.Rows.Add(new List <string> { " ValidateCert:", launcher.ValidateCert.ToString() }); menu.Rows.Add(new List <string> { " UseCertPinning:", launcher.UseCertPinning.ToString() }); } else if (launcher.CommType == CommunicationType.SMB) { menu.Rows.Add(new List <string> { " SMBPipeName:", launcher.SmbPipeName }); } menu.Rows.Add(new List <string> { "DotNetFramework:", launcher.DotNetFrameworkVersion == DotNetVersion.Net35 ? "v3.5" : "v4.0" }); menu.Rows.Add(new List <string> { "ScriptLanguage:", launcher.ScriptLanguage.ToString() }); menu.Rows.Add(new List <string> { "Delay:", (launcher.Delay ?? default).ToString() }); menu.Rows.Add(new List <string> { "JitterPercent:", (launcher.JitterPercent ?? default).ToString() });
public MshtaLauncherMenuItem(CovenantAPI CovenantClient, EventPrinter EventPrinter) : base(CovenantClient, EventPrinter) { this.mshtaLauncher = CovenantClient.ApiLaunchersMshtaGet(); this.MenuTitle = mshtaLauncher.Name; this.MenuDescription = mshtaLauncher.Description; this.AdditionalOptions.Add(new MenuCommandMshtaLauncherShow(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherGenerate(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherCode()); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherHost(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherWriteFile()); var setCommand = new MenuCommandMshtaLauncherSet(CovenantClient); this.AdditionalOptions.Add(setCommand); this.AdditionalOptions.Add(new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values)); this.Refresh(); }
// POST: /launcher/hostmshta public async Task <IActionResult> HostMshta(HostedFile file) { try { MshtaLauncher launcher = await _context.GenerateMshtaLauncher(); HttpListener listener = await _context.GetHttpListener(file.ListenerId); file = await _context.CreateHostedFile(listener.Id, file); launcher = await _context.GenerateMshtaHostedLauncher(file); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); return(RedirectToAction(nameof(Create), new { id = "Mshta" })); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length < 1 || commands.Length > 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } if (commands.Length == 2 && (!new List <string> { "gruntstager", "scriptlet" }.Contains(commands[1], StringComparer.OrdinalIgnoreCase))) { EliteConsole.PrintFormattedErrorLine("Type must be one of: \"GruntStager\" or \"Scriptlet\""); menuItem.PrintInvalidOptionError(UserInput); return; } MshtaLauncher launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; if (launcher.LauncherString == "") { this.CovenantClient.ApiLaunchersMshtaPost(); menuItem.Refresh(); launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; EliteConsole.PrintFormattedHighlightLine("Generated MshtaLauncher: " + launcher.LauncherString); } if (commands.Length == 1 || (commands.Length == 2 && commands[1].Equals("gruntstager", StringComparison.OrdinalIgnoreCase))) { EliteConsole.PrintInfoLine(launcher.StagerCode); } else if (commands.Length == 2 && commands[1].Equals("scriptlet", StringComparison.OrdinalIgnoreCase)) { EliteConsole.PrintInfoLine(launcher.DiskCode); } } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public MshtaLauncherMenuItem(CovenantAPI CovenantClient) : base(CovenantClient) { try { this.MshtaLauncher = CovenantClient.ApiLaunchersMshtaGet(); this.MenuTitle = MshtaLauncher.Name; this.MenuDescription = MshtaLauncher.Description; this.AdditionalOptions.Add(new MenuCommandMshtaLauncherShow(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherGenerate(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherCode(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherHost(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandMshtaLauncherWriteFile(CovenantClient)); var setCommand = new MenuCommandMshtaLauncherSet(CovenantClient); this.AdditionalOptions.Add(setCommand); this.AdditionalOptions.Add(new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values)); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public async Task <IActionResult> Mshta(MshtaLauncher launcher) { try { launcher = await _context.EditMshtaLauncher(launcher); launcher = await _context.GenerateMshtaLauncher(); ViewBag.Launcher = launcher; ViewBag.Listeners = await _context.GetListeners(); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); ViewBag.Launcher = launcher; ViewBag.Listeners = await _context.GetListeners(); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } this.CovenantClient.ApiLaunchersMshtaPost(); menuItem.Refresh(); MshtaLauncher launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); launcher = this.CovenantClient.ApiLaunchersMshtaHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("MshtaLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedInfoLine("Launcher: " + launcher.LauncherString); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public ActionResult <MshtaLauncher> GenerateMshtaHostedFileLauncher(HostedFile hostedFile) { MshtaLauncher launcher = (MshtaLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Mshta); if (launcher == null) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(S => S.Id == hostedFile.ListenerId); HostedFile savedHostedFile = _context.HostedFiles.FirstOrDefault(HF => HF.Id == hostedFile.Id); if (listener == null || savedHostedFile == null) { return(NotFound()); } string hostedLauncher = launcher.GetHostedLauncher(listener, savedHostedFile); _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public ActionResult <MshtaLauncher> GenerateMshtaLauncher() { MshtaLauncher launcher = (MshtaLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Mshta); if (launcher == null) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(S => S.Id == launcher.ListenerId); if (listener == null) { return(NotFound()); } HttpProfile profile = (HttpProfile)_context.Profiles.FirstOrDefault(P => P.Id == listener.ProfileId); if (profile == null) { return(NotFound()); } Grunt grunt = new Grunt { ListenerId = listener.Id, CovenantIPAddress = listener.BindAddress, Delay = launcher.Delay, Jitter = launcher.Jitter, ConnectAttempts = launcher.ConnectAttempts }; _context.Grunts.Add(grunt); _context.SaveChanges(); launcher.GetLauncher(listener, grunt, profile); _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public override void Command(MenuItem menuItem, string UserInput) { MshtaLauncher mshtaLauncher = ((MshtaLauncherMenuItem)menuItem).mshtaLauncher; string[] commands = UserInput.Split(" "); if (commands.Length < 3 || commands[0].ToLower() != "set") { menuItem.PrintInvalidOptionError(UserInput); return; } else if (this.Parameters.FirstOrDefault(P => P.Name == "Option").Values.Select(V => V.Value.ToLower()).Contains(commands[1].ToLower())) { if (commands[1].ToLower() == "listenername") { Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Name == commands[2]); if (listener == null || listener.Name != commands[2]) { EliteConsole.PrintFormattedErrorLine("Invalid ListenerName: \"" + commands[2] + "\""); menuItem.PrintInvalidOptionError(UserInput); return; } else { mshtaLauncher.ListenerId = listener.Id; } } else if (commands[1].ToLower() == "dotnetframeworkversion") { if (commands[2].ToLower().Contains("35") || commands[2].ToLower().Contains("3.5")) { mshtaLauncher.DotNetFrameworkVersion = DotNetVersion.Net35; } else if (commands[2].ToLower().Contains("40") || commands[2].ToLower().Contains("4.0")) { mshtaLauncher.DotNetFrameworkVersion = DotNetVersion.Net40; } else { EliteConsole.PrintFormattedErrorLine("Invalid DotNetFrameworkVersion \"" + commands[2] + "\". Valid options are: v3.5, v4.0"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].ToLower() == "scriptlanguage") { if (commands[2].ToLower().StartsWith("js")) { mshtaLauncher.ScriptLanguage = ScriptingLanguage.JScript; } else if (commands[2].ToLower().StartsWith("vb")) { mshtaLauncher.ScriptLanguage = ScriptingLanguage.VBScript; } else { EliteConsole.PrintFormattedErrorLine("Invalid ScriptLanguage \"" + commands[2] + "\". Valid options are: JScript, VBScript"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].ToLower() == "delay") { int.TryParse(commands[2], out int n); mshtaLauncher.Delay = n; } else if (commands[1].ToLower() == "jitter") { int.TryParse(commands[2], out int n); mshtaLauncher.Jitter = n; } else if (commands[1].ToLower() == "connectattempts") { int.TryParse(commands[2], out int n); mshtaLauncher.ConnectAttempts = n; } else if (commands[1].ToLower() == "launcherstring") { mshtaLauncher.LauncherString = commands[2]; } CovenantAPIExtensions.ApiLaunchersMshtaPut(this.CovenantClient, mshtaLauncher); } else { menuItem.PrintInvalidOptionError(UserInput); } }
public override async void Command(MenuItem menuItem, string UserInput) { try { List <string> commands = Utilities.ParseParameters(UserInput); if (commands.Count() != 3 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } MshtaLauncher launcher = ((MshtaLauncherMenuItem)menuItem).MshtaLauncher; if (this.Parameters.FirstOrDefault(P => P.Name == "Option").Values.Select(V => V.Value).Contains(commands[1], StringComparer.OrdinalIgnoreCase)) { if (commands[1].Equals("listenername", StringComparison.OrdinalIgnoreCase)) { Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Name == commands[2]); if (listener == null || listener.Name != commands[2]) { EliteConsole.PrintFormattedErrorLine("Invalid ListenerName: \"" + commands[2] + "\""); menuItem.PrintInvalidOptionError(UserInput); return; } launcher.ListenerId = listener.Id; } else if (commands[1].Equals("dotnetframeworkversion", StringComparison.OrdinalIgnoreCase)) { if (commands[2].Contains("35", StringComparison.OrdinalIgnoreCase) || commands[2].Contains("3.5", StringComparison.OrdinalIgnoreCase)) { launcher.DotNetFrameworkVersion = DotNetVersion.Net35; } else if (commands[2].Contains("40", StringComparison.OrdinalIgnoreCase) || commands[2].Contains("4.0", StringComparison.OrdinalIgnoreCase)) { launcher.DotNetFrameworkVersion = DotNetVersion.Net40; } else { EliteConsole.PrintFormattedErrorLine("Invalid DotNetFrameworkVersion \"" + commands[2] + "\". Valid options are: v3.5, v4.0"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("commtype", StringComparison.OrdinalIgnoreCase)) { if (commands[2].Equals("smb", StringComparison.OrdinalIgnoreCase)) { launcher.CommType = CommunicationType.SMB; } else { launcher.CommType = CommunicationType.HTTP; } } else if (commands[1].Equals("validatecert", StringComparison.OrdinalIgnoreCase)) { bool parsed = bool.TryParse(commands[2], out bool validate); if (parsed) { launcher.ValidateCert = validate; } else { menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("usecertpinning", StringComparison.OrdinalIgnoreCase)) { bool parsed = bool.TryParse(commands[2], out bool pin); if (parsed) { launcher.UseCertPinning = pin; } else { menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("smbpipename", StringComparison.OrdinalIgnoreCase)) { launcher.SmbPipeName = commands[2]; } else if (commands[1].Equals("scriptlanguage", StringComparison.OrdinalIgnoreCase)) { if (commands[2].StartsWith("js", StringComparison.OrdinalIgnoreCase)) { launcher.ScriptLanguage = ScriptingLanguage.JScript; } else if (commands[2].StartsWith("vb", StringComparison.OrdinalIgnoreCase)) { launcher.ScriptLanguage = ScriptingLanguage.VBScript; } else { EliteConsole.PrintFormattedErrorLine("Invalid ScriptLanguage \"" + commands[2] + "\". Valid options are: JScript, VBScript"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("delay", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.Delay = n; } else if (commands[1].Equals("jitterpercent", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.JitterPercent = n; } else if (commands[1].Equals("connectattempts", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.ConnectAttempts = n; } else if (commands[1].Equals("killdate", StringComparison.OrdinalIgnoreCase)) { DateTime.TryParse(commands[2], out DateTime result); launcher.KillDate = result; } else if (commands[1].Equals("launcherstring", StringComparison.OrdinalIgnoreCase)) { launcher.LauncherString = commands[2]; } await this.CovenantClient.ApiLaunchersMshtaPutAsync(launcher); } else { menuItem.PrintInvalidOptionError(UserInput); } } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public Task <MshtaLauncher> EditMshtaLauncher(MshtaLauncher launcher) { return(_connection.InvokeAsync <MshtaLauncher>("EditMshtaLauncher", launcher)); }