public ActionResult <WscriptLauncher> PutWscriptLauncher([FromBody] WscriptLauncher wscriptLauncher) { WscriptLauncher launcher = (WscriptLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Wscript); if (launcher == null || launcher.Id != wscriptLauncher.Id) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(L => L.Id == wscriptLauncher.ListenerId); if (listener != null) { launcher.ListenerId = wscriptLauncher.ListenerId; } launcher.Delay = wscriptLauncher.Delay; launcher.Jitter = wscriptLauncher.Jitter; launcher.ConnectAttempts = wscriptLauncher.ConnectAttempts; launcher.ScriptLanguage = wscriptLauncher.ScriptLanguage; launcher.DotNetFrameworkVersion = wscriptLauncher.DotNetFrameworkVersion; launcher.LauncherString = wscriptLauncher.LauncherString; launcher.DiskCode = wscriptLauncher.DiskCode; launcher.StagerCode = wscriptLauncher.StagerCode; _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } menuItem.Refresh(); WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; if (launcher.LauncherString == "") { this.CovenantClient.ApiLaunchersBinaryPost(); menuItem.Refresh(); EliteConsole.PrintFormattedHighlightLine("Generated WscriptLauncher: " + launcher.LauncherString); } string OutputFilePath = Common.EliteDataFolder + String.Concat(commands[1].Split(System.IO.Path.GetInvalidFileNameChars())); System.IO.File.WriteAllText(OutputFilePath, launcher.DiskCode); EliteConsole.PrintFormattedHighlightLine("Wrote WscriptLauncher to: \"" + OutputFilePath + "\""); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Refresh() { try { this.WscriptLauncher = this.CovenantClient.ApiLaunchersWscriptGet(); this.AdditionalOptions.FirstOrDefault(AO => AO.Name == "Set").Parameters .FirstOrDefault(P => P.Name == "Option").Values .FirstOrDefault(V => V.Value == "ListenerName") .NextValueSuggestions = this.CovenantClient.ApiListenersGet() .Where(L => L.Status == ListenerStatus.Active) .Select(L => L.Name) .ToList(); var filevalues = new MenuCommandParameterValuesFromFilePath(Common.EliteDataFolder); this.AdditionalOptions.FirstOrDefault(AO => AO.Name == "Write").Parameters .FirstOrDefault().Values = filevalues; this.SetupMenuAutoComplete(); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public ActionResult <WscriptLauncher> GetWscriptLauncher() { WscriptLauncher launcher = (WscriptLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Wscript); if (launcher == null) { return(NotFound()); } return(Ok(launcher)); }
public override void Refresh() { this.wscriptLauncher = this.CovenantClient.ApiLaunchersWscriptGet(); this.AdditionalOptions.FirstOrDefault(AO => AO.Name.ToLower() == "set").Parameters .FirstOrDefault(P => P.Name.ToLower() == "option").Values .FirstOrDefault(V => V.Value.ToLower() == "listenername") .NextValueSuggestions = this.CovenantClient.ApiListenersGet() .Where(L => L.Status == ListenerStatus.Active) .Select(L => L.Name).ToList(); this.SetupMenuAutoComplete(); }
public override void Command(MenuItem menuItem, string UserInput) { try { this.CovenantClient.ApiLaunchersWscriptPost(); menuItem.Refresh(); WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; EliteConsole.PrintFormattedHighlightLine("Generated WscriptLauncher: " + launcher.LauncherString); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Command(MenuItem menuItem, string UserInput) { WscriptLauncherMenuItem wscriptMenuItem = (WscriptLauncherMenuItem)menuItem; wscriptMenuItem.wscriptLauncher = this.CovenantClient.ApiLaunchersWscriptGet(); WscriptLauncher launcher = wscriptMenuItem.wscriptLauncher; Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Id == wscriptMenuItem.wscriptLauncher.ListenerId); EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "WscriptLauncher"); menu.Rows.Add(new List<string> { "Name:", launcher.Name }); menu.Rows.Add(new List<string> { "Description:", launcher.Description }); menu.Rows.Add(new List<string> { "ListenerName:", listener == null ? "" : listener.Name }); menu.Rows.Add(new List<string> { "ScriptLanguage:", launcher.ScriptLanguage.ToString() }); menu.Rows.Add(new List<string> { "DotNetFramework:", launcher.DotNetFrameworkVersion.ToString() }); menu.Rows.Add(new List<string> { "Delay:", (launcher.Delay ?? default).ToString() });
// GET: /launcher/wscriptdownload public async Task <IActionResult> WscriptDownload() { try { WscriptLauncher wscriptLauncher = await _context.GetWscriptLauncher(); return(File(Common.CovenantEncoding.GetBytes(wscriptLauncher.DiskCode), MediaTypeNames.Text.Plain, "GruntStager.js")); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); return(RedirectToAction(nameof(Create), new { id = "Wscript" })); } }
public async Task <ActionResult <WscriptLauncher> > EditWscriptLauncher([FromBody] WscriptLauncher launcher) { try { return(await _service.EditWscriptLauncher(launcher)); } catch (ControllerNotFoundException e) { return(NotFound(e.Message)); } catch (ControllerBadRequestException e) { return(BadRequest(e.Message)); } }
public override void Command(MenuItem menuItem, string UserInput) { try { menuItem.Refresh(); WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Id == launcher.ListenerId); EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "WscriptLauncher"); menu.Rows.Add(new List <string> { "Name:", launcher.Name }); menu.Rows.Add(new List <string> { "Description:", launcher.Description }); menu.Rows.Add(new List <string> { "ListenerName:", listener == null ? "" : listener.Name }); menu.Rows.Add(new List <string> { "CommType:", launcher.CommType.ToString() }); if (launcher.CommType == CommunicationType.HTTP) { menu.Rows.Add(new List <string> { " ValidateCert:", launcher.ValidateCert.ToString() }); menu.Rows.Add(new List <string> { " UseCertPinning:", launcher.UseCertPinning.ToString() }); } else if (launcher.CommType == CommunicationType.SMB) { menu.Rows.Add(new List <string> { " SMBPipeName:", launcher.SmbPipeName }); } menu.Rows.Add(new List <string> { "DotNetFramework:", launcher.DotNetFrameworkVersion == DotNetVersion.Net35 ? "v3.5" : "v4.0" }); menu.Rows.Add(new List <string> { "ScriptLanguage:", launcher.ScriptLanguage.ToString() }); menu.Rows.Add(new List <string> { "Delay:", (launcher.Delay ?? default).ToString() }); menu.Rows.Add(new List <string> { "JitterPercent:", (launcher.JitterPercent ?? default).ToString() });
public WscriptLauncherMenuItem(CovenantAPI CovenantClient, EventPrinter EventPrinter) : base(CovenantClient, EventPrinter) { this.wscriptLauncher = CovenantClient.ApiLaunchersWscriptGet(); this.MenuTitle = wscriptLauncher.Name; this.MenuDescription = wscriptLauncher.Description; this.AdditionalOptions.Add(new MenuCommandWscriptLauncherShow(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherGenerate(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherCode()); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherHost(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherWriteFile()); var setCommand = new MenuCommandWscriptLauncherSet(CovenantClient); this.AdditionalOptions.Add(setCommand); this.AdditionalOptions.Add(new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values)); this.Refresh(); }
// POST: /launcher/hostwscript public async Task <IActionResult> HostWscript(HostedFile file) { try { WscriptLauncher launcher = await _context.GenerateWscriptLauncher(); HttpListener listener = await _context.GetHttpListener(file.ListenerId); file = await _context.CreateHostedFile(listener.Id, file); launcher = await _context.GenerateWscriptHostedLauncher(file); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); return(RedirectToAction(nameof(Create), new { id = "Wscript" })); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } this.CovenantClient.ApiLaunchersWscriptPost(); menuItem.Refresh(); WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); launcher = this.CovenantClient.ApiLaunchersWscriptHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("WscriptLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedWarningLine("wscript.exe cannot execute remotely hosted files, the payload must first be written to disk"); EliteConsole.PrintFormattedInfoLine("Launcher: " + launcher.LauncherString); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public ActionResult <WscriptLauncher> GenerateWscriptHostedFileLauncher(HostedFile hostedFile) { WscriptLauncher launcher = (WscriptLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Wscript); if (launcher == null) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(S => S.Id == hostedFile.ListenerId); HostedFile savedHostedFile = _context.HostedFiles.FirstOrDefault(HF => HF.Id == hostedFile.Id); if (listener == null || savedHostedFile == null) { return(NotFound()); } string hostedLauncher = launcher.GetHostedLauncher(listener, savedHostedFile); _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public WscriptLauncherMenuItem(CovenantAPI CovenantClient) : base(CovenantClient) { try { this.WscriptLauncher = CovenantClient.ApiLaunchersWscriptGet(); this.MenuTitle = WscriptLauncher.Name; this.MenuDescription = WscriptLauncher.Description; this.AdditionalOptions.Add(new MenuCommandWscriptLauncherShow(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherGenerate(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherCode(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherHost(CovenantClient)); this.AdditionalOptions.Add(new MenuCommandWscriptLauncherWriteFile(CovenantClient)); var setCommand = new MenuCommandWscriptLauncherSet(CovenantClient); this.AdditionalOptions.Add(setCommand); this.AdditionalOptions.Add(new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values)); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public async Task <IActionResult> Wscript(WscriptLauncher launcher) { try { launcher = await _context.EditWscriptLauncher(launcher); launcher = await _context.GenerateWscriptLauncher(); ViewBag.Launcher = launcher; ViewBag.Listeners = await _context.GetListeners(); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ModelState.AddModelError(string.Empty, e.Message); ViewBag.Launcher = launcher; ViewBag.Listeners = await _context.GetListeners(); return(RedirectToAction(nameof(Create), new { id = launcher.Name })); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length < 1 || commands.Length > 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } if (commands.Length == 2 && (!new List <string> { "stager", "gruntstager", "scriptlet" }.Contains(commands[1].ToLower()))) { EliteConsole.PrintFormattedErrorLine("Type must be one of: \"Stager\"\\\"GruntStager\" or \"Scriptlet\""); menuItem.PrintInvalidOptionError(UserInput); return; } WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; if (launcher.LauncherString == "") { this.CovenantClient.ApiLaunchersWscriptPost(); menuItem.Refresh(); EliteConsole.PrintFormattedHighlightLine("Generated WscriptLauncher: " + launcher.LauncherString); } if (commands.Length == 1 || (commands.Length == 2 && commands[1].Equals("gruntstager", StringComparison.OrdinalIgnoreCase))) { EliteConsole.PrintInfoLine(launcher.StagerCode); } else if (commands.Length == 2 && commands[1].Equals("scriptlet", StringComparison.OrdinalIgnoreCase)) { EliteConsole.PrintInfoLine(launcher.DiskCode); } } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public ActionResult <WscriptLauncher> GenerateWscriptLauncher() { WscriptLauncher launcher = (WscriptLauncher)_context.Launchers.FirstOrDefault(S => S.Type == Launcher.LauncherType.Wscript); if (launcher == null) { return(NotFound()); } Listener listener = _context.Listeners.FirstOrDefault(S => S.Id == launcher.ListenerId); if (listener == null) { return(NotFound()); } HttpProfile profile = (HttpProfile)_context.Profiles.FirstOrDefault(P => P.Id == listener.ProfileId); if (profile == null) { return(NotFound()); } Grunt grunt = new Grunt { ListenerId = listener.Id, CovenantIPAddress = listener.BindAddress, Delay = launcher.Delay, Jitter = launcher.Jitter, ConnectAttempts = launcher.ConnectAttempts }; _context.Grunts.Add(grunt); _context.SaveChanges(); launcher.GetLauncher(listener, grunt, profile); _context.Launchers.Update(launcher); _context.SaveChanges(); return(Ok(launcher)); }
public Task <WscriptLauncher> EditWscriptLauncher(WscriptLauncher launcher) { return(_connection.InvokeAsync <WscriptLauncher>("EditWscriptLauncher", launcher)); }
public override async void Command(MenuItem menuItem, string UserInput) { try { List <string> commands = Utilities.ParseParameters(UserInput); if (commands.Count() != 3 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } WscriptLauncher launcher = ((WscriptLauncherMenuItem)menuItem).WscriptLauncher; if (this.Parameters.FirstOrDefault(P => P.Name == "Option").Values.Select(V => V.Value.ToLower()).Contains(commands[1].ToLower())) { if (commands[1].Equals("listenername", StringComparison.OrdinalIgnoreCase)) { Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Name == commands[2]); if (listener == null || listener.Name != commands[2]) { EliteConsole.PrintFormattedErrorLine("Invalid ListenerName: \"" + commands[2] + "\""); menuItem.PrintInvalidOptionError(UserInput); return; } launcher.ListenerId = listener.Id; } else if (commands[1].Equals("dotnetframeworkversion", StringComparison.OrdinalIgnoreCase)) { if (commands[2].Contains("35", StringComparison.OrdinalIgnoreCase) || commands[2].Contains("3.5", StringComparison.OrdinalIgnoreCase)) { launcher.DotNetFrameworkVersion = DotNetVersion.Net35; } else if (commands[2].Contains("40", StringComparison.OrdinalIgnoreCase) || commands[2].Contains("4.0", StringComparison.OrdinalIgnoreCase)) { launcher.DotNetFrameworkVersion = DotNetVersion.Net40; } else { EliteConsole.PrintFormattedErrorLine("Invalid DotNetFrameworkVersion \"" + commands[2] + "\". Valid options are: v3.5, v4.0"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("scriptlanguage", StringComparison.OrdinalIgnoreCase)) { if (commands[2].StartsWith("js", StringComparison.OrdinalIgnoreCase)) { launcher.ScriptLanguage = ScriptingLanguage.JScript; } else if (commands[2].StartsWith("vb", StringComparison.OrdinalIgnoreCase)) { launcher.ScriptLanguage = ScriptingLanguage.VBScript; } else { EliteConsole.PrintFormattedErrorLine("Invalid ScriptLanguage \"" + commands[2] + "\". Valid options are: JScript, VBScript"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("commtype", StringComparison.OrdinalIgnoreCase)) { if (commands[2].Equals("smb", StringComparison.OrdinalIgnoreCase)) { launcher.CommType = CommunicationType.SMB; } else { launcher.CommType = CommunicationType.HTTP; } } else if (commands[1].Equals("validatecert", StringComparison.OrdinalIgnoreCase)) { bool parsed = bool.TryParse(commands[2], out bool validate); if (parsed) { launcher.ValidateCert = validate; } else { menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("usecertpinning", StringComparison.OrdinalIgnoreCase)) { bool parsed = bool.TryParse(commands[2], out bool pin); if (parsed) { launcher.UseCertPinning = pin; } else { menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].Equals("smbpipename", StringComparison.OrdinalIgnoreCase)) { launcher.SmbPipeName = commands[2]; } else if (commands[1].Equals("delay", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.Delay = n; } else if (commands[1].Equals("jitterpercent", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.JitterPercent = n; } else if (commands[1].Equals("connectattempts", StringComparison.OrdinalIgnoreCase)) { int.TryParse(commands[2], out int n); launcher.ConnectAttempts = n; } else if (commands[1].Equals("killdate", StringComparison.OrdinalIgnoreCase)) { DateTime.TryParse(commands[2], out DateTime result); launcher.KillDate = result; } else if (commands[1].Equals("launcherstring", StringComparison.OrdinalIgnoreCase)) { launcher.LauncherString = commands[2]; } await this.CovenantClient.ApiLaunchersWscriptPutAsync(launcher); } else { menuItem.PrintInvalidOptionError(UserInput); } } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Command(MenuItem menuItem, string UserInput) { WscriptLauncher wscriptLauncher = ((WscriptLauncherMenuItem)menuItem).wscriptLauncher; string[] commands = UserInput.Split(" "); if (commands.Length < 3 || commands[0].ToLower() != "set") { menuItem.PrintInvalidOptionError(UserInput); return; } else if (this.Parameters.FirstOrDefault(P => P.Name == "Option").Values.Select(V => V.Value.ToLower()).Contains(commands[1].ToLower())) { if (commands[1].ToLower() == "listenername") { Listener listener = this.CovenantClient.ApiListenersGet().FirstOrDefault(L => L.Name == commands[2]); if (listener == null || listener.Name != commands[2]) { EliteConsole.PrintFormattedErrorLine("Invalid ListenerName: \"" + commands[2] + "\""); menuItem.PrintInvalidOptionError(UserInput); return; } else { wscriptLauncher.ListenerId = listener.Id; } } else if (commands[1].ToLower() == "scriptlanguage") { if (commands[2].ToLower().StartsWith("js")) { wscriptLauncher.ScriptLanguage = ScriptingLanguage.JScript; } else if (commands[2].ToLower().StartsWith("vb")) { wscriptLauncher.ScriptLanguage = ScriptingLanguage.VBScript; } else { EliteConsole.PrintFormattedErrorLine("Invalid ScriptLanguage \"" + commands[2] + "\". Valid options are: JScript, VBScript"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].ToLower() == "dotnetframeworkversion") { if (commands[2].ToLower().Contains("35") || commands[2].ToLower().Contains("3.5")) { wscriptLauncher.DotNetFrameworkVersion = DotNetVersion.Net35; } else if (commands[2].ToLower().Contains("40") || commands[2].ToLower().Contains("4.0")) { wscriptLauncher.DotNetFrameworkVersion = DotNetVersion.Net40; } else { EliteConsole.PrintFormattedErrorLine("Invalid DotNetFrameworkVersion \"" + commands[2] + "\". Valid options are: v3.5, v4.0"); menuItem.PrintInvalidOptionError(UserInput); return; } } else if (commands[1].ToLower() == "delay") { int.TryParse(commands[2], out int n); wscriptLauncher.Delay = n; } else if (commands[1].ToLower() == "jitter") { int.TryParse(commands[2], out int n); wscriptLauncher.Jitter = n; } else if (commands[1].ToLower() == "connectattempts") { int.TryParse(commands[2], out int n); wscriptLauncher.ConnectAttempts = n; } else if (commands[1].ToLower() == "launcherstring") { wscriptLauncher.LauncherString = commands[2]; } CovenantAPIExtensions.ApiLaunchersWscriptPut(this.CovenantClient, wscriptLauncher); } else { menuItem.PrintInvalidOptionError(UserInput); } }