nettitude / poshc2_old Goto Github PK
View Code? Open in Web Editor NEWPowershell C2 Server and Implants
License: BSD 3-Clause "New" or "Revised" License
Powershell C2 Server and Implants
License: BSD 3-Clause "New" or "Revised" License
When using shellcode or reflective DLL, domain fronting doesnt work in CLR v2
Hola! @davehardy20 has created a ZenHub account for the nettitude organization. ZenHub is the only project management tool integrated natively in GitHub – created specifically for fast-moving, software-driven teams.
To get set up with ZenHub, all you have to do is download the browser extension and log in with your GitHub account. Once you do, you’ll get access to ZenHub’s complete feature-set immediately.
ZenHub adds a series of enhancements directly inside the GitHub UI:
Still curious? See more ZenHub features or read user reviews. This issue was written by your friendly ZenHub bot, posted by request from @davehardy20.
Create an advanced options menu that allows you to configure various pre-set environment detection checks before the code executes.
This will be implemented as an advanced feature.
Currently when updating if you get an error its because github.com now enforces tls1.2 and this is not setup by default.
Try re-installing as this has the update
(Disclaimer: I may be messing up here)
I was testing SharpSocks and I seem to have run into issues and I'd like a little clarity on what I am doing wrong.
I am testing Posh on amazon. I am testing against an internal Windows 10 machine.
I am using http transport.
The implant works fine when connecting to http://ec2-*.amazonaws.com
I rewrote the apache conf as follows
Here is a sample of my apache.conf
RewriteEngine On
Define PoshC2 ec2-*.compute.amazonaws.com
Define SharpSocks 172.*.*.*:8080 #this is the local IP of the amazon instance
RewriteRule ^/connect(.*) http://${PoshC2}/connect$1 [NC,P]
RewriteRule ^/images/static/content/(.*) http://${PoshC2}/images/static/content/$1 [NC,P]
RewriteRule ^/news/(.*) http://${PoshC2}/news/$1 [NC,P]
RewriteRule ^/webapp/static/(.*) http://${PoshC2}/webapp/static/$1 [NC,P]
RewriteRule ^/images/prints/(.*) http://${PoshC2}/images/prints/$1 [NC,P]
RewriteRule ^/wordpress/site/(.*) http://${PoshC2}/wordpress/site/$1 [NC,P]
RewriteRule ^/true/images/77/(.*) http://${PoshC2}/true/images/77/$1 [NC,P]
RewriteRule ^/holdings/office/images/(.*) http://${PoshC2}/holdings/office/images/$1 [NC,P]
RewriteRule ^/steam(.*) http://${PoshC2}/steam$1 [NC,P]
RewriteRule ^/sitemap/api/push(.*) http://${SharpSocks}/sitemap/api/push$1 [NC,P]
RewriteRule ^/visitors/upload/map(.*) http://${SharpSocks}/visitors/upload/map$1 [NC,P]
RewriteRule ^/printing/images/bin/logo(.*) http://${SharpSocks}/printing/images/bin/logo$1 [NC,P]
RewriteRule ^/update/latest/traffic(.*) http://${SharpSocks}/update/latest/traffic$1 [NC,P]
RewriteRule ^/saml/stats/update/push(.*) http://${SharpSocks}/saml/stats/update/push$1 [NC,P]
SharpSocks -Uri http://ec2-*.compute.amazonaws.com -Beacon 5000 -Insecure
Local IP Address to bind to, e.g. http://172.16.0.1:80: http://172.*.*.*:8080
The above didn't work. I have tried a few other options but they all didn't work.
Please let me know what I am doing wrong. Would be great to have some insight into how to set this up for testing in the cloud.
Thank you.
I was testing PoshC2 against various proxies and one of them had a bug that prevented webclient requests through the proxy.
After some internet searches , I discovered and tested that the issue could be solved by setting a registry key. But this required administrator privileges.
However, using IE Com objects is much easier and managed to hack together a script that calls PoshC2 with IE com objects. As long as IE can reach the internet, proxy becomes a non-issue. I also find it to be a useful evasion technique.
I would love to contribute a PoC in the coming weeks if that is ok with you.
Would like to get your thoughts on this.
Thank you.
Create a CScript variant on DotNetToJS.
There is currently a posh.js that just needs to be hosted.
When using payloads from a non-domain joined machine, proxy authentication will fail because:
Proxy settings are unavailable in IE and registry
DefaultNetworkCredentials will not authenticate to the proxy
At the time of server setup, it might be a good idea to ask:
"Are you using the payload from a non-domain joined machine?"
And proceed to obtain the proxy url , port , username and password from the user at the time of setting up the server.
The current way to navigate this issue is decode the payload and manually add the proxy parameters. The placeholders for proxy parameters already exist in the payload but they cannot be activated until you have an existing active implant.
Thank you.
"[Shift]","14/10/2018:17:42:25:26","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:25:33","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:25:44","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:25:52","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:25:82","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:25:89","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:26:01","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:26:07","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:26:21","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:26:27","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:26:41","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:26:48","@pedro paulo - Discord"
"[Shift]","14/10/2018:17:42:26:58","@pedro paulo - Discord"
"[Shift][Shift]","14/10/2018:17:42:26:65","@pedro paulo - Discord"
"[0]","14/10/2018:17:42:27:40","@pedro paulo - Discord"
"[c]","14/10/2018:17:42:28:05","@pedro paulo - Discord"
"[4]","14/10/2018:17:42:28:18","@pedro paulo - Discord"
"[5]","14/10/2018:17:42:28:38","@pedro paulo - Discord"
"[2]","14/10/2018:17:42:28:59","@pedro paulo - Discord"
"[f]","14/10/2018:17:42:28:75","@pedro paulo - Discord"
"[0]","14/10/2018:17:42:28:86","@pedro paulo - Discord"
Rigth before '0' it's supost to be a 'B' (Shift+b) char.
Hello, thank you very much for your great tool. I have a few questions for you if If may.
-- Is it posisble de connect to differents engagement at the same time with PoshC2?
-- Is it possible to restrict each engagement agents to allowed team collaborator? In this way we wouldn't have an unauthorized team collaborator on an engagement?
Sorry if the question has already bee asked or if there's already an answer about it, or if you can't merely figure out what I mean.
Regards!
Hi everyone,
Is a feature like port forwarding (local & remote) available?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.