backdoorLnkMacroStagerObfuscated | Obfuscated Powershell Empire 2.x stager | Command Line Interface library

 by   G0ldenGunSec Python Version: Current License: No License

kandi X-RAY | backdoorLnkMacroStagerObfuscated Summary

kandi X-RAY | backdoorLnkMacroStagerObfuscated Summary

backdoorLnkMacroStagerObfuscated is a Python library typically used in Utilities, Command Line Interface applications. backdoorLnkMacroStagerObfuscated has no bugs, it has no vulnerabilities and it has low support. However backdoorLnkMacroStagerObfuscated build file is not available. You can download it from GitHub.

Disclaimer: Made for coding experience and to test client security measures as a part of engagements. DO NOT use against any systems / users on which you do not have explicit permission to test against. This is a two-step attack vector, the initial macro that a user runs will configure targeted shortcuts on their desktop to run a powershell stager. The second step occurs when the user clicks on the shortcut, the powershell download stub that runs will first open the target executable, then clean all backdoored shortcuts on the user's desktop, and finally attempt to download & execute empire launcher code from an xml file hosted on a pre-defined web server. This xml contains a full empire launcher, which will be downloaded and ran in memory, in turn giving a full empire shell back. The XML is downloaded using XmlDocument.Load method as it is inherently proxy-aware, and allows for a clean download of the launcher code. On run, the macro will search the user's desktop looking for any .lnk files (shortcuts) that match target executables as defined during generation of the macro. Typical use-cases focus on highly-utilized shortcuts (iexplore, chrome, firefox, etc.). The two-step approach is done to defeat application-aware security measures that flag on launches of powershell from unexpected programs, such as a direct launch from office applications. As the macro is pure VBA and does not leverage powershell or spawn any child processes it is less likely to be detected by these types of tools. Moreover, modifications made by the macro should not require administrative rights on the endpoint. Obfuscation of the macro is done to evade antivirus. The macro is currently configured as an Auto_Close() for some basic sandbox evasion, feel free to change to a different execution method as needed. Usage: Drop backdoorLnkMacroObfuscated.py into rootEmpireFolder/lib/stagers/windows and start empire, the stager should now show up in your stagers list (usestager windows/backdoorLnkMacroObfuscated.py). Upon execution of the stager a macro file and an xml file will be generated, ensure the xml is located on the webserver configured during setup of the stager and that this is a location accessible on the remote system.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              backdoorLnkMacroStagerObfuscated has a low active ecosystem.
              It has 13 star(s) with 8 fork(s). There are 1 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              backdoorLnkMacroStagerObfuscated has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of backdoorLnkMacroStagerObfuscated is current.

            kandi-Quality Quality

              backdoorLnkMacroStagerObfuscated has 0 bugs and 0 code smells.

            kandi-Security Security

              backdoorLnkMacroStagerObfuscated has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              backdoorLnkMacroStagerObfuscated code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              backdoorLnkMacroStagerObfuscated does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              backdoorLnkMacroStagerObfuscated releases are not available. You will need to build from source code and install.
              backdoorLnkMacroStagerObfuscated has no build file. You will be need to create the build yourself to build the component from source.
              It has 163 lines of code, 3 functions and 1 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed backdoorLnkMacroStagerObfuscated and discovered the below as its top functions. This is intended to give you an instant insight into backdoorLnkMacroStagerObfuscated implemented functionality, and help decide if they suit your requirements.
            • generate a random keypair
            • Initialize the Backdoor LnkMacro .
            • Generate a random encoder .
            Get all kandi verified functions for this library.

            backdoorLnkMacroStagerObfuscated Key Features

            No Key Features are available at this moment for backdoorLnkMacroStagerObfuscated.

            backdoorLnkMacroStagerObfuscated Examples and Code Snippets

            No Code Snippets are available at this moment for backdoorLnkMacroStagerObfuscated.

            Community Discussions

            QUESTION

            Argparse outputting help text twice
            Asked 2022-Feb-25 at 21:44

            After an hour googling, I can't find anybody who has had anything resembling this issue besides myself. I created a command line interface with argparse. Originally I had tried to leverage argparse's built in help text behavior. But my boss isn't satisfied with the default help text, so he is having me write up the full usage/help text in a text file and just display the entire file.

            For some reason, in a certain case, its outputting the text twice.

            Here is the basics of how my program is broken down:

            I have a top level parser. I read in my help text file, set it to a string help_text, and then set "usage=help_text" on the parser. Then I create subparsers (4 of them and then a base case) to create subcommands. Only one of those subparsers has any additional arguments (one positional, one optional). Before I reworked the help text, I had help text for each individual subcommand by using "help=" but now those are all blank. Lastly, I have set up a base case to display the help text whenever no subcommands are given.

            Here is the behavior I'm getting:

            When I call the main function with no subcommands and no arguments, my help_text from the text file outputs, and then like 2-3 additional lines of boiler plate I can't seem to get rid of. Also because the word usage appears in my text file, it says "usage: usage"

            When I call the main command and then type --help, the exact same thing happens as above.

            When I call the one subcommand that has a required positional argument and I don't include that argument... it spits out the entire help text twice. Right above the second time it prints, it prints the default usage line for that subcommand.

            Lastly, when I use a different subcommand that has no arguments and give it an argument (one too many) it spits out everything completely correctly without even the extra couple lines at the end.

            I don't know how to make heads or tales about this. Here is the main function of the script (I can verify that this problem occurs only in the main function where argparse is used, not the other functions that the main function calls):

            ...

            ANSWER

            Answered 2022-Feb-25 at 21:44

            With a modification of your main:

            Source https://stackoverflow.com/questions/71270655

            QUESTION

            Solving conda environment stuck
            Asked 2021-Dec-22 at 18:02

            I'm trying to install conda environment using the command:

            ...

            ANSWER

            Answered 2021-Dec-22 at 18:02

            This solves fine (), but is indeed a complex solve mainly due to:

            • underspecification
            • lack of modularization
            Underspecification

            This particular environment specification ends up installing well over 300 packages. And there isn't a single one of those that are constrained by the specification. That is a huge SAT problem to solve and Conda will struggle with this. Mamba will help solve faster, but providing additional constraints can vastly reduce the solution space.

            At minimum, specify a Python version (major.minor), such as python=3.9. This is the single most effective constraint.

            Beyond that, putting minimum requirements on central packages (those that are dependencies of others) can help, such as minimum NumPy.

            Lack of Modularization

            I assume the name "devenv" means this is a development environment. So, I get that one wants all these tools immediately at hand. However, Conda environment activation is so simple, and most IDE tooling these days (Spyder, VSCode, Jupyter) encourages separation of infrastructure and the execution kernel. Being more thoughtful about how environments (emphasis on the plural) are organized and work together, can go a long way in having a sustainable and painless data science workflow.

            The environment at hand has multiple red flags in my book:

            • conda-build should be in base and only in base
            • snakemake should be in a dedicated environment
            • notebook (i.e., Jupyter) should be in a dedicated environment, co-installed with nb_conda_kernels; all kernel environments need are ipykernel

            I'd probably also have the linting/formatting packages separated, but that's less an issue. The real killer though is snakemake - it's just a massive piece of infrastructure and I'd strongly encourage keeping that separated.

            Source https://stackoverflow.com/questions/70451652

            QUESTION

            Mysql Error while piping database to different server
            Asked 2021-Nov-28 at 19:48

            I have a strange error here. The command I am executing is this:

            ...

            ANSWER

            Answered 2021-Nov-28 at 19:48

            By default, when you use mysqldump DB, the output includes table-creation statements, but no CREATE DATABASE statement. It just assumes you have created an empty schema first.

            So you could do this to create the schema first:

            Source https://stackoverflow.com/questions/70146691

            QUESTION

            Shell script to pull row counts from all Hive tables in multiple Hive databases
            Asked 2021-Nov-22 at 07:57

            I am trying to create a shell script that will pull row counts in all tables from multiple databases. All of the databases follow the same naming convention "the_same_databasename_<%>" except the final layer in the name, which varies. I am trying to run the following:

            use ; show tables; select count(*) from ;

            Since I have 40 different databases, I would need to run the first two queries for each database 40 different times, plus the select count query even more depending on how many table in the database (very time consuming). I have my PuTTy configuration settings set to save my PuTTy sessions into a .txt on my local directory, so I can have the row count results displayed right in my command line interface. So far this is what I have but not sure how to include the final commands to get the actual row counts from the tables in each database.

            ...

            ANSWER

            Answered 2021-Nov-22 at 07:57

            You can use nested for-loop:

            Source https://stackoverflow.com/questions/70057982

            QUESTION

            See workspace in MATLAB command line terminal
            Asked 2021-Nov-20 at 09:18

            Is there any command to see all variable names, types and values in command line interface? Similar to Matlab's Workspace? I already know about command whos but it doesn't show the values, It just shows names and types.

            Thanks :)

            ...

            ANSWER

            Answered 2021-Nov-20 at 09:18

            QUESTION

            How can I fix "Failed to compile src/index.js 'firebase' is not defined no-undef"?
            Asked 2021-Nov-12 at 21:59

            I am trying to use a React web app to read and write stuff in a Firebase realtime database. Every time I run "npm run start", I get this error message.

            ...

            ANSWER

            Answered 2021-Nov-12 at 21:59

            Recently, Firebase announced that version 9 of Firebase SDK JS is generally available. This was done to do some optimisations. Try using:

            Source https://stackoverflow.com/questions/68959965

            QUESTION

            Array of structs only takes last value in C
            Asked 2021-Nov-05 at 19:41

            I'm trying to make a simple command line interface, but i'm having a probleme for parsing commands :

            process_t is a structure contient the path of the command with arguments to be stored in the variable argv.

            ...

            ANSWER

            Answered 2021-Nov-05 at 11:12

            You're trying to use the block-local array argv, which is recreated for every command and, what's worse, doesn't even exist any longer after parse_cmd has returned. An array object with sufficient lifetime has to be used; you can do this by changing

            Source https://stackoverflow.com/questions/69844231

            QUESTION

            How to detect if Python is running in Git Bash terminal, or Windows cmd?
            Asked 2021-Oct-17 at 16:37

            I'd like to give my Python scripts the ability to detect whether it was executed in a Git Bash terminal, or the Windows cmd command line interface. For example, I'm trying to write a function to clear the terminal (regardless of which terminal it is), e.g. echoes the clear command if in Git Bash, or cls if in cmd.

            I've tried using sys.platform to detect this, but it returns win32 regardless of which type of terminal it was ran in.

            ...

            ANSWER

            Answered 2021-Oct-17 at 05:23

            I don't believe what you're asking for is possible, but there are several answers here that show all the detections you can do to use the correct type of clear. Usually, it's just best to either make your own window or not clear the screen, sadly.

            Source https://stackoverflow.com/questions/69601508

            QUESTION

            Connecting to MySQL server in a script returns error, but it works fine in a terminal
            Asked 2021-Oct-12 at 15:28

            I'm trying to write a bash script which will install and set up a MySQL server automatically. The problem is that when my script executes the following command:

            ...

            ANSWER

            Answered 2021-Oct-12 at 15:28

            Well, I'm not entirely sure what was wrong, but I think it came down to one process not finishing before another process started. I inserted a sleep 5 in the script - just before the last line where I'm trying to connect to the server, and that worked. I also wrapped the line in a while loop, giving it up to 5 attempts to connect to the server, and if it fails, it will wait a further 5 seconds. Currently this seems to work fairly reliably and I am able to connect to the MySQL server.

            So either way the problem appears to be solved.

            Source https://stackoverflow.com/questions/69538440

            QUESTION

            Python 3 + Click: CLI arguments get butchered when calling one command from another
            Asked 2021-Sep-10 at 16:18

            I am using Python 3.9 and Click to build a small command line interface utility, but I am getting strange errors, specifically when I attempt to call one function decorated as a @click.command() from another function that is also decorated the same way.

            I have distilled my program down to the bare minimum to explain what I mean.

            This is my program

            ...

            ANSWER

            Answered 2021-Sep-10 at 16:18

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install backdoorLnkMacroStagerObfuscated

            You can download it from GitHub.
            You can use backdoorLnkMacroStagerObfuscated like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/G0ldenGunSec/backdoorLnkMacroStagerObfuscated.git

          • CLI

            gh repo clone G0ldenGunSec/backdoorLnkMacroStagerObfuscated

          • sshUrl

            git@github.com:G0ldenGunSec/backdoorLnkMacroStagerObfuscated.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Command Line Interface Libraries

            ohmyzsh

            by ohmyzsh

            terminal

            by microsoft

            thefuck

            by nvbn

            fzf

            by junegunn

            hyper

            by vercel

            Try Top Libraries by G0ldenGunSec

            SharpSecDump

            by G0ldenGunSecC#

            PowerPriv

            by G0ldenGunSecPowerShell

            SharpTransactedLoad

            by G0ldenGunSecC#

            GetWebDAVStatus

            by G0ldenGunSecC

            wmiServSessEnum

            by G0ldenGunSecC#