public override void Command(MenuItem menuItem, string UserInput)
{
MSBuildLauncherMenuItem msbuildMenuItem = (MSBuildLauncherMenuItem)menuItem;
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || commands[0].ToLower() != "host")
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
msbuildMenuItem.msbuildLauncher = this.CovenantClient.ApiLaunchersMsbuildPost();
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(msbuildMenuItem.msbuildLauncher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(msbuildMenuItem.msbuildLauncher.DiskCode))
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
msbuildMenuItem.msbuildLauncher = this.CovenantClient.ApiLaunchersMsbuildHostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("MSBuildLauncher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedWarningLine("msbuild.exe cannot execute remotely hosted files, the payload must first be written to disk");
EliteConsole.PrintFormattedInfoLine("Launcher: " + msbuildMenuItem.msbuildLauncher.LauncherString);
}
public override void Command(MenuItem menuItem, string UserInput)
{
Regsvr32LauncherMenuItem regsvr32MenuItem = (Regsvr32LauncherMenuItem)menuItem;
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || commands[0].ToLower() != "host")
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
regsvr32MenuItem.regsvr32Launcher = this.CovenantClient.ApiLaunchersRegsvr32Post();
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(regsvr32MenuItem.regsvr32Launcher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(regsvr32MenuItem.regsvr32Launcher.DiskCode))
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
regsvr32MenuItem.regsvr32Launcher = this.CovenantClient.ApiLaunchersRegsvr32HostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("Regsvr32Launcher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedInfoLine("Launcher: " + regsvr32MenuItem.regsvr32Launcher.LauncherString);
}
public override void Command(MenuItem menuItem, string UserInput)
{
InstallUtilLauncherMenuItem installutilMenuItem = (InstallUtilLauncherMenuItem)menuItem;
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || commands[0].ToLower() != "host")
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
installutilMenuItem.installutilLauncher = this.CovenantClient.ApiLaunchersInstallutilPost();
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(installutilMenuItem.installutilLauncher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = installutilMenuItem.installutilLauncher.DiskCode
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
installutilMenuItem.installutilLauncher = this.CovenantClient.ApiLaunchersInstallutilHostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("InstallUtilLauncher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedWarningLine("installutil.exe cannot execute remotely hosted files, the payload must first be written to disk");
EliteConsole.PrintFormattedInfoLine("Launcher: " + installutilMenuItem.installutilLauncher.LauncherString);
}
public override void Command(MenuItem menuItem, string UserInput)
{
try
{
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase))
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
this.CovenantClient.ApiLaunchersMshtaPost();
WmicLauncher launcher = ((WmicLauncherMenuItem)menuItem).WmicLauncher;
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
if (!commands[1].EndsWith(".xsl", StringComparison.Ordinal))
{
EliteConsole.PrintFormattedErrorLine("WmicLaunchers must end with the extension: .xsl");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode))
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
launcher = this.CovenantClient.ApiLaunchersWmicHostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("WmicLauncher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedInfoLine("Launcher (cmd.exe): " + launcher.LauncherString);
EliteConsole.PrintFormattedInfoLine("Launcher (powershell.exe): " + launcher.LauncherString.Replace("\"", "`\""));
}
catch (HttpOperationException e)
{
EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content);
}
}
public override void Command(MenuItem menuItem, string UserInput)
{
WmicLauncherMenuItem wmicMenuItem = (WmicLauncherMenuItem)menuItem;
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || commands[0].ToLower() != "host")
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
wmicMenuItem.wmicLauncher = this.CovenantClient.ApiLaunchersWmicPost();
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(wmicMenuItem.wmicLauncher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
if (!commands[1].EndsWith(".xsl"))
{
EliteConsole.PrintFormattedErrorLine("WmicLaunchers must end with the extension: .xsl");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(wmicMenuItem.wmicLauncher.DiskCode))
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
wmicMenuItem.wmicLauncher = this.CovenantClient.ApiLaunchersWmicHostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("WmicLauncher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedInfoLine("Launcher (cmd.exe): " + wmicMenuItem.wmicLauncher.LauncherString);
EliteConsole.PrintFormattedInfoLine("Launcher (powershell.exe): " + wmicMenuItem.wmicLauncher.LauncherString.Replace("\"", "`\""));
}
public override void Command(MenuItem menuItem, string UserInput)
{
CredentialsMenuItem credentialsMenuItem = (CredentialsMenuItem)menuItem;
List <string> commands = Utilities.ParseParameters(UserInput);
if (commands.Count() != 2)
{
EliteConsole.PrintFormattedErrorLine("Invalid Ticket command. Usage is: Ticket <ticket_id>");
EliteConsole.PrintFormattedErrorLine("Valid Ticket IDs are: " + String.Join(", ", credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString())));
}
else if (!credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString()).Contains(commands[1]))
{
EliteConsole.PrintFormattedErrorLine("Invalid Ticket command. Usage is: Ticket <ticket_id>");
EliteConsole.PrintFormattedErrorLine("Valid Ticket IDs are: " + String.Join(", ", credentialsMenuItem.TicketCredentials.Select(T => T.Id.ToString())));
}
else
{
EliteConsole.PrintFormattedInfoLine($"Ticket ID: {commands[1]} Base64EncodedTicket:");
EliteConsole.PrintInfoLine(credentialsMenuItem.TicketCredentials.FirstOrDefault(T => T.Id.ToString().Equals(commands[1], StringComparison.OrdinalIgnoreCase)).Ticket);
}
}
public override void Command(MenuItem menuItem, string UserInput)
{
try
{
string[] commands = UserInput.Split(" ");
if (commands.Length != 2 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase))
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
this.CovenantClient.ApiLaunchersMsbuildPost();
menuItem.Refresh();
MSBuildLauncher launcher = ((MSBuildLauncherMenuItem)menuItem).MSBuildLauncher;
HttpListener listener = this.CovenantClient.ApiListenersHttpByIdGet(launcher.ListenerId ?? default);
if (listener == null)
{
EliteConsole.PrintFormattedErrorLine("Can only host a file on a valid HttpListener.");
menuItem.PrintInvalidOptionError(UserInput);
return;
}
HostedFile fileToHost = new HostedFile
{
ListenerId = listener.Id,
Path = commands[1],
Content = Convert.ToBase64String(Common.CovenantEncoding.GetBytes(launcher.DiskCode))
};
fileToHost = this.CovenantClient.ApiListenersByIdHostedfilesPost(listener.Id ?? default, fileToHost);
launcher = this.CovenantClient.ApiLaunchersMsbuildHostedPost(fileToHost);
Uri hostedLocation = new Uri(listener.Url + fileToHost.Path);
EliteConsole.PrintFormattedHighlightLine("MSBuildLauncher hosted at: " + hostedLocation);
EliteConsole.PrintFormattedWarningLine("msbuild.exe cannot execute remotely hosted files, the payload must first be written to disk");
EliteConsole.PrintFormattedInfoLine("Launcher: " + launcher.LauncherString);
}
catch (HttpOperationException e)
{
EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content);
}
}
public override void Command(MenuItem menuItem, string UserInput)
{
HTTPListenerMenuItem httpListenerMenuItem = (HTTPListenerMenuItem)menuItem;
// TODO: error if http lsitener already on this port
if ((httpListenerMenuItem.httpListener.UseSSL ?? default) && (httpListenerMenuItem.httpListener.SslCertHash == "" || httpListenerMenuItem.httpListener.SslCertificate == ""))
{
EliteConsole.PrintWarning("No SSLCertificate specified. Would you like to generate and use a self-signed certificate? [y/N] ");
string input = EliteConsole.Read();
if (input.ToLower().StartsWith("y"))
{
X509Certificate2 certificate = Utilities.CreateSelfSignedCertificate(httpListenerMenuItem.httpListener.BindAddress);
string autopath = "httplistener-" + httpListenerMenuItem.httpListener.Id + "-certificate.pfx";
File.WriteAllBytes(Path.Combine(Common.EliteDataFolder, autopath),
certificate.Export(X509ContentType.Pfx, httpListenerMenuItem.httpListener.SslCertificatePassword));
EliteConsole.PrintFormattedInfoLine("Certificate written to: " + autopath);
httpListenerMenuItem.AdditionalOptions.FirstOrDefault(O => O.Name == "Set").Command(httpListenerMenuItem, "Set SSLCertPath " + autopath);
}
else
{
EliteConsole.PrintFormattedErrorLine("Must specify an SSLCertfiicate to Start an HTTP Listener with SSL.");
return;
}
}
httpListenerMenuItem.Refresh();
httpListenerMenuItem.httpListener.Status = ListenerStatus.Active;
httpListenerMenuItem.httpListener = this.CovenantClient.ApiListenersHttpPut(httpListenerMenuItem.httpListener);
EventModel eventModel = new EventModel {
Message = "Started HTTP Listener: " + httpListenerMenuItem.httpListener.Name + " at: " + httpListenerMenuItem.httpListener.Url,
Level = EventLevel.Highlight,
Context = "*"
};
eventModel = this.CovenantClient.ApiEventsPost(eventModel);
this.EventPrinter.PrintEvent(eventModel);
httpListenerMenuItem.RefreshHTTPTemplate();
httpListenerMenuItem.Refresh();
}
