This repository has been archived by the owner on Dec 14, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 85
/
utils.cna
79 lines (58 loc) · 1.48 KB
/
utils.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Utils.cna
# Contains utility functions
#
# Authors: Calvin Hedler (@001SPARTaN) and Vincent Yiu (@vysecurity)
alias bhUserToCS {
bhUserToCS-sub($2);
}
beacon_command_register("bhUserToCS", "Obtains a set of cypher queries for visualisations from current active beacons",
"Synopsis: cypher\n\n" .
"Obtains a set of cypher queries for visualisations from current active beacons\nOutputs to event log");
sub bhUserToDomain-sub {
$user = $1;
$fqdn = split("@", $user)[1];
$domain = split('\.', $fqdn)[0];
return $domain;
}
sub bhUserToCS-sub {
$user = $1;
$user = split("@", $user)[0];
return $user;
}
sub bhComputerToCS-sub{
$computer = $1;
$computer = split('\.', $computer)[0];
return $computer;
}
on heartbeat_5s {
if ($attackActive eq $True){
if ($mimikatz eq $True){
#bpause($currentBid, 5000);
foreach $cred (credentials()){
if (uc($cred["user"]) eq $nextLabel){
# Check if it's the target one we want
$waitFor = uc($nextLabel);
}
}
}
}
}
on event_join {
println("Event Join");
println($1);
}
on beacon_initial {
# Check ID
# $1 is beacon ID that came in
if ($attackActive eq $True){
$bid = $1;
#bpause($currentBid,5000);
$bUser = beacon_info($bid, "user");
$bComputer = beacon_info($bid, "computer");
$machineNo = $machineNo + 1;
bnote($bid, "ANGRYPUPPY" . $randomPuppy . " - " . ($machineNo));
if (uc($bComputer) eq $nextLabel){
$waitFor = uc($nextLabel);
}
}
}