-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathremove-beacon.cna
68 lines (42 loc) · 1.26 KB
/
remove-beacon.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Exits and Removes Beacon from Session Table using commandline.
# Author:
# Mohin Paramasivam / Shad0wQu35t
# (https://github.com/mohinparamasivam)
sub exit {
$bid = $1;
binput($bid, "exit");
bexit($bid);
on beacon_output {
$output = $2;
#Checks whether the beacon has produced output for the exit task and is removed from the Session Table.
if ($output eq "beacon exit.") {
beacon_remove($1);
blog($bid,"beacon removed from display.");
local ('$username $hostname $pid $ip');
$username = binfo($bid,'user');
$hostname = binfo($bid,'computer');
$pid = binfo($bid,'pid');
$ip = binfo($bid,'host');
$operator = mynick();
# Beacon ID is reset to none since there's an unknown bug that loops the output. Output is produced in the Event Log.
$bid = '';
if ($pid !eq ''){
$message = "\c7 $operator killed beacon from \o \c4".$username."@".$ip." (".$hostname.")"."["."PID: $pid"."]\o";
elog($message);
}
}
}
}
alias bye {
global('$bid');
$bid = $1;
prompt_confirm("Are you sure you want to kill the beacon?", "Kill Beacon?", {
exit($bid);
});
}
beacon_command_register(
"bye",
"Exits and Removes Beacon from Display",
"\nDescription : \n\nKill Beacon and Remove from Display"
);