pushover.cna

# This script adds basic pushover functionality to Cobalt Strike
# Ensure that you configure the pushover users in pushover-cs, ensure it is executeable
# @Und3rf10w
# Modded by @vysecurity

$location = "https://<DOMAIN NAME>";
$uri = "/URI";
$token = "<PUSHOVER TOKEN>";
$user = "<PUSHOVER USER>";

import java.net.URLEncoder;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;

sub sendpost{

    $url = $2;
    $body = $3 . "\r\n";

    $USER_AGENT = "Mozilla/5.0";


    $urlobj = [new URL: $url];
    
    $con = [$urlobj openConnection];

    [$con setRequestProperty: "User-Agent", $USER_AGENT];

    [$con setRequestMethod: "POST"];

    [$con setDoOutput: false];

    [$con setRequestMethod: $method];
    
    [$con setDoOutput: true];

    [$con connect];

    $wr = [new DataOutputStream: [$con getOutputStream]];
    [$wr writeBytes: $body];
    [$wr flush];
    [$wr close];
    
    $responseCode = [$con getResponseCode];

    
    $in = [new BufferedReader: [new InputStreamReader: [$con getInputStream]]];

    $inputLine = "";

    $response = "";

    $inputLine = [$in readLine];
    $response = $response . $inputLine . "\r\n";

    while ($inputLine ne ""){
        $inputLine = [$in readLine];
        $response = $response . $inputLine . "\r\n";
    }

    [$in close];

    #elog($method . ": " . $url . ": " . $responseCode);
    #elog($response);

    return $response;


}

sub sendget{
    
    $method = $1;

    $url = $2;

    $USER_AGENT = "Mozilla/5.0";


    $urlobj = [new URL: $url];
    
    $con = [$urlobj openConnection];

    [$con setRequestProperty: "User-Agent", $USER_AGENT];

    [$con setRequestMethod: "GET"];

    $responseCode = [$con getResponseCode];
    
    $in = [new BufferedReader: [new InputStreamReader: [$con getInputStream]]];

    $inputLine = "";

    $response = "";

    $inputLine = [$in readLine];
    $response = $response . $inputLine . "\r\n";

    while ($inputLine ne ""){
        $inputLine = [$in readLine];
        $response = $response . $inputLine . "\r\n";
    }

    [$in close];

    #elog($method . ": " . $url . ": " . $responseCode);
    #elog($response);

    return $response;


}

on ready {
    elog("Pushover notifications are now configured");
}

#on event_notify {
#    $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z");
#    pushover("CS:System_Event","$time $+ : $1");
#}

on event_join {
    $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z");
    pushover("CS:User_Joined","$time $+ : $1 has joined");
}

on event_action {
    $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z");
    pushover("CS:Action_Performed","$time $+ : < $+ $3 $+ >: $1 ");
}

on event_public {
    $time = formatDate($3, "yyyy.MM.dd 'at' HH:mm:ss z");
    pushover("CS:New_Message","$time $+ : < $+ $1 $+ >: $2 ");
}

on event_quit {
    $time = formatDate($2, "yyyy.MM.dd 'at' HH:mm:ss z");
    pushover("CS:User_Left","$time $+ : $1 has quit");
}

on ssh_initial {
        pushover("CS:New_SSH", "New SSH Session Received - ID: $1 | Hostname " . binfo($1, "computer"));
}

on profiler_hit {
        pushover("CS:Profiler_Hit","Profiler Hit Received - External: $1 | Internal: $2 | UA: $3 | Email: " . tokenToEmail($5));
}

on web_hit {
#   elog($1);
    if ($1 == "POST" && $5 == "404 Not Found"){
        $time = formatDate($9, "yyyy.MM.dd 'at' HH:mm:ss z");
        $vuri = $2;
        $eval = strrep($vuri, $uri, "");
        # eval contains final bid number to exit
        bexit($eval);
            
    }
}

on beacon_initial {
    if (-isadmin $1){
        pushover2("CS:New_Beacon","New Beacon Received - ID: $1 | User: " . binfo($1, "user") . " | Hostname: " . binfo($1, "computer") . " | PID: " . binfo($1,"pid") . " | HOST: " . binfo($1,"host") . " | ADMIN BEACON", $1);
        $elog = "New Beacon Received - ID: $1 | User: " . binfo($1, "user") . " | Hostname: " . binfo($1, "computer") . " | PID: " . binfo($1,"pid") . " | HOST: " . binfo($1,"host") . " | ADMIN BEACON";
    }
    else {
        pushover2("CS:New_Beacon","New Beacon Received - ID: $1 | User: " . binfo($1, "user") . " | Hostname: " . binfo($1, "computer") . " | PID: " . binfo($1,"pid") . " | HOST: " . binfo($1,"host"), $1);
        $elog = "New Beacon Received - ID: $1 | User: " . binfo($1, "user") . " | Hostname: " . binfo($1, "computer") . " | PID: " . binfo($1,"pid") . " | HOST: " . binfo($1,"host");
    }
    elog("\x039".$elog);

    $org = getorg(binfo($1, "external"));

    bnote($1, $org);
}

sub pushover {
    $title = $1;
    $message = $2;

    $body = "token=" . $token . "&user=" . $user . "&title=" . $title . "&message=" . $message;
#	elog($body);

    sendpost("https://api.pushover.net/1/messages.json", $body);

}

sub pushover2 {
    $title = $1;
    $message = $2;
    $b = $3;

    $body = "callback=" . $location . $uri . $b . "&priority=2&retry=10800&expire=10800&token=" . $token . "&user=" . $user . "&title=" . $title . "&message=" . $message;
    elog($body);

    sendpost("https://api.pushover.net/1/messages.json", $body);

}


sub getorg{
    $ip = $1; 
    $url = "http://api.hackertarget.com/aslookup/?q=" . $ip;
    $res = sendget("GET", $url);
    elog("RES: ". $res);
    ($ip, $asn, $range, $org) = split(',', $res);

    $ip = strrep($ip, "\"", "");

    $asn = strrep($asn, "\"", "");

    $range = strrep($range, "\"", "");

    $org = strrep($org, "\"", "");

    elog("IP: " . $ip);
    elog("ASN: " . $asn);
    elog("RANGE: " . $range);
    elog("ORG: " . $org);

    return $org;


}