diff --git a/Implant-Handler.ps1 b/Implant-Handler.ps1 index a4d3f54..3cda642 100644 --- a/Implant-Handler.ps1 +++ b/Implant-Handler.ps1 @@ -324,6 +324,9 @@ $header = ' $TasksArray += $ImplantTask } $TasksArray | ConvertTo-Html -title "Tasks from PoshC2" -Head $head -pre $header -post "

For details, contact X
Created by X

" | Out-File "$FolderPath\reports\ImplantTasks.html" + + $HelpOutput = "Created three reports in $FolderPath\reports\*" + } elseif ($global:implantid -eq "P") { start-process $FolderPath\payloads\payload.bat @@ -412,11 +415,10 @@ $header = ' write-host `n "Implant Features: " -ForegroundColor Green write-host "=====================" -ForegroundColor Red write-host " Beacon 60s / Beacon 10m / Beacon 2h"-ForegroundColor Green - write-host " Turtle 60s / Tutle 30m / Turtle 8h "-ForegroundColor Green + write-host " Turtle 60s / Turtle 30m / Turtle 8h "-ForegroundColor Green write-host " Kill-Implant"-ForegroundColor Green write-host " Hide-Implant"-ForegroundColor Green write-host " Unhide-Implant"-ForegroundColor Green - write-host " Output-To-HTML"-ForegroundColor Green write-host " Invoke-Enum"-ForegroundColor Green write-host " Get-Proxy"-ForegroundColor Green write-host " Get-ComputerInfo"-ForegroundColor Green @@ -555,7 +557,7 @@ $header = ' write-host " Invoke-UserHunter -StopOnSuccess" -ForegroundColor Green write-host " Migrate-x64" -ForegroundColor Green write-host " Migrate-x64 -ProcID 4444" -ForegroundColor Green - write-host " Migrate-x64 -NewProcess C:\Windows\System32\ConHost.exe" -ForegroundColor Green + write-host " Migrate-x64 -NewProcess C:\Windows\System32\netsh.exe" -ForegroundColor Green write-host " Migrate-x86 -ProcName lsass" -ForegroundColor Green write-host " Migrate-Proxypayload-x86 -ProcID 4444" -ForegroundColor Green write-host " Migrate-Proxypayload-x64 -ProcName notepad" -ForegroundColor Green @@ -1932,53 +1934,6 @@ param if ($pscommand -eq 'Unhide-Implant' ) { Invoke-SqliteQuery -DataSource $Database -Query "UPDATE Implants SET Alive='Yes' WHERE RandomURI='$psrandomuri'" | Out-Null } - if ($pscommand -eq 'output-to-html' ) { - $allcreds = Invoke-SqliteQuery -Datasource $Database -Query "SELECT * FROM Creds" -As PSObject - $CredsArray = @() - foreach ($cred in $allcreds) { - $CredLog = New-object PSObject | Select CredsID, Username, Password, Hash - $CredLog.CredsID = $cred.CredsID; - $Credlog.Username = $cred.Username; - $CredLog.Password = $cred.Password; - $CredLog.Hash = $cred.Hash; - $CredsArray += $CredLog - } - $CredsArray | ConvertTo-Html -title "Credential List from PoshC2" -Head $head -pre $header -post "

For details, contact X
Created by X

" | Out-File "$FolderPath\reports\Creds.html" - - $allresults = Invoke-SqliteQuery -DataSource $Database -Query "SELECT * FROM Implants" -As PSObject - $ImplantsArray = @() - foreach ($implantres in $allresults) { - $ImplantLog = New-Object PSObject | Select ImplantID, RandomURI, User, Hostname, IPAddress, FirstSeen, LastSeen, PID, Arch, Domain, Sleep - $ImplantLog.ImplantID = $implantres.ImplantID; - $ImplantLog.RandomURI = $implantres.RandomURI; - $ImplantLog.User = $implantres.User; - $ImplantLog.Hostname = $implantres.Hostname; - $ImplantLog.IPAddress = $implantres.IPAddress; - $ImplantLog.FirstSeen = $implantres.FirstSeen; - $ImplantLog.LastSeen = $implantres.LastSeen; - $ImplantLog.PID = $implantres.PID; - $ImplantLog.Arch = $implantres.Arch; - $ImplantLog.Domain = $implantres.Domain; - $ImplantLog.Sleep = $implantres.Sleep; - $ImplantsArray += $ImplantLog - } - - $ImplantsArray | ConvertTo-Html -title "Implant List from PoshC2" -Head $head -pre $header -post "

For details, contact X
Created by X

" | Out-File "$FolderPath\reports\Implants.html" - - $allresults = Invoke-SqliteQuery -DataSource $Database -Query "SELECT * FROM CompletedTasks" -As PSObject - $TasksArray = @() - foreach ($task in $allresults) { - $ImplantTask = New-Object PSObject | Select TaskID, Timestamp, RandomURI, Command, Output - $ImplantTask.TaskID = $task.CompletedTaskID; - $ImplantTask.Timestamp = $task.TaskID; - $ImplantTask.RandomURI = $task.RandomURI; - $ImplantTask.Command = $task.Command; - $ImplantTask.Output = $task.Output; - $TasksArray += $ImplantTask - } - $TasksArray | ConvertTo-Html -title "Tasks from PoshC2" -Head $head -pre $header -post "

For details, contact X
Created by X

" | Out-File "$FolderPath\reports\ImplantTasks.html" - $pscommand = $null - } $pscommand } # command process loop @@ -2005,6 +1960,10 @@ while($true) { print-help } + elseif ($global:command -eq '?') + { + print-help + } else { $dbresults = Invoke-SqliteQuery -DataSource $Database -Query "SELECT RandomURI FROM Implants WHERE Alive='Yes'" -As SingleValue @@ -2035,6 +1994,10 @@ while($true) { print-help } + elseif ($global:command -eq '?') + { + print-help + } else { $global:implantid.split(",")| foreach { @@ -2064,6 +2027,10 @@ while($true) { print-help } + elseif ($global:command -eq '?') + { + print-help + } else { #write-host $global:command $global:randomuri