Added searchallhelp

nettitude · Feb 16, 2021 · a119f79 · a119f79
1 parent e494b04
commit a119f79
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 7 deletions.
diff --git a/poshc2/client/Help.py b/poshc2/client/Help.py
@@ -45,6 +45,7 @@
 unhide-implant
 help
 searchhelp persistence
+searchallhelp mimikatz
 searchhistory invoke-mimikatz
 back
 label-implant <newlabel>
@@ -108,6 +109,7 @@
 getpowerstatus
 stoppowerstatus
 searchhelp listmodules
+searchallhelp mimikatz
 searchhistory invoke-mimikatz
 label-implant <newlabel>
 remove-label
@@ -262,6 +264,7 @@
 ps
 invoke-urlcheck -urls https://api.hsbc.com,https://d36xb1r83janbu.cloudfront.net -domainfront d2argm04ypulrn.cloudfront.net,d36xb1r83janbu.cloudfront.net -uri /en-gb/surface/accessories/
 searchhelp mimikatz
+searchallhelp mimikatz
 searchhistory invoke-mimikatz
 label-implant <newlabel>
 remove-label
@@ -508,6 +511,7 @@
 * Implant Handler:
 ====================
 searchhelp payload
+searchallhelp mimikatz
 searchhistory pushover
 back
 quit
@@ -576,7 +580,7 @@
 """
 
 special_characters = "!@#$%^&*()+=."
-
+allhelp = sharp_help.split('\n')+py_help.split('\n')+posh_help.split('\n')+server_help.split('\n')
 
 def build_help(help_string):
     commands = []

diff --git a/poshc2/client/command_handlers/FCommHandler.py b/poshc2/client/command_handlers/FCommHandler.py
@@ -8,7 +8,7 @@
 from poshc2.Colours import Colours
 from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key
 from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp
-from poshc2.client.Help import sharp_help
+from poshc2.client.Help import sharp_help, allhelp
 from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory
 from poshc2.server.Core import print_bad
 from poshc2.client.cli.CommandPromptCompleter import FilePathCompleter
@@ -55,6 +55,12 @@ def handle_fcomm_command(command, user, randomuri, implant_id):
             if searchterm in line.lower():
                 print(Colours.PURPLE + line)
 
+    elif command.startswith("searchallhelp"):
+        searchterm = (command).replace("searchallhelp ", "")
+        for line in allhelp:
+            if searchterm in line.lower():
+                print(Colours.GREEN + line)
+
     elif command.startswith("upload-file"):
         source = ""
         destination = ""

diff --git a/poshc2/client/command_handlers/PSHandler.py b/poshc2/client/command_handlers/PSHandler.py
@@ -8,7 +8,7 @@
 from poshc2.Colours import Colours
 from poshc2.Utils import argp, load_file, gen_key, get_first_url, get_first_dfheader, yes_no_prompt
 from poshc2.server.AutoLoads import check_module_loaded, run_autoloads
-from poshc2.client.Help import posh_help
+from poshc2.client.Help import posh_help, allhelp
 from poshc2.server.Config import PayloadsDirectory, PoshInstallDirectory, PoshProjectDirectory, SocksHost, ModulesDirectory, DomainFrontHeader, PayloadCommsHost
 from poshc2.server.Config import PBindSecret, PBindPipeName
 from poshc2.server.Core import print_bad, creds, print_good
@@ -53,6 +53,9 @@ def handle_ps_command(command, user, randomuri, implant_id):
     elif command.startswith("searchhelp"):
         do_searchhelp(user, command, randomuri)
         return
+    elif command.startswith("searchallhelp"):
+        do_searchallhelp(user, command, randomuri)
+        return
     elif command.startswith("download-files "):
         do_download_files(user, command, randomuri)
         return
@@ -195,6 +198,13 @@ def do_searchhelp(user, command, randomuri):
             print(Colours.GREEN + line)
 
 
+def do_searchallhelp(user, command, randomuri):
+    searchterm = (command).replace("searchallhelp ", "")
+    for line in allhelp:
+        if searchterm in line.lower():
+            print(Colours.GREEN + line)
+
+
 def do_download_files(user, command, randomuri):
     print_bad("Please enter a full path to the directory")
 

diff --git a/poshc2/client/command_handlers/PbindHandler.py b/poshc2/client/command_handlers/PbindHandler.py
@@ -8,7 +8,7 @@
 from poshc2.Colours import Colours
 from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key
 from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp
-from poshc2.client.Help import sharp_help
+from poshc2.client.Help import sharp_help, allhelp
 from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory
 from poshc2.server.Config import PBindPipeName, PBindSecret
 from poshc2.server.Core import print_bad
@@ -55,6 +55,12 @@ def handle_pbind_command(command, user, randomuri, implant_id):
             if searchterm in line.lower():
                 print(Colours.BLUE + line)
 
+    elif command.startswith("searchallhelp"):
+        searchterm = (command).replace("searchallhelp ", "")
+        for line in allhelp:
+            if searchterm in line.lower():
+                print(Colours.GREEN + line)
+
     elif command.startswith("upload-file"):
         source = ""
         destination = ""

diff --git a/poshc2/client/command_handlers/PbindPivotHandler.py b/poshc2/client/command_handlers/PbindPivotHandler.py
@@ -8,7 +8,7 @@
 from poshc2.Colours import Colours
 from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key
 from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp
-from poshc2.client.Help import sharp_help
+from poshc2.client.Help import sharp_help, allhelp
 from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory
 from poshc2.server.Config import PBindPipeName, PBindSecret
 from poshc2.server.Core import print_bad
@@ -55,6 +55,14 @@ def handle_pbind_pivot_command(command, user, randomuri, implant_id):
             if searchterm in line.lower():
                 print(Colours.GREEN + line)
 
+
+    elif command.startswith("searchallhelp"):
+        searchterm = (command).replace("searchallhelp ", "")
+        for line in allhelp:
+            if searchterm in line.lower():
+                print(Colours.GREEN + line)
+
+
     elif command.startswith("upload-file"):
         source = ""
         destination = ""

diff --git a/poshc2/client/command_handlers/PyHandler.py b/poshc2/client/command_handlers/PyHandler.py
@@ -8,7 +8,7 @@
 from poshc2.Colours import Colours
 from poshc2.Utils import argp
 from poshc2.server.AutoLoads import check_module_loaded
-from poshc2.client.Help import py_help
+from poshc2.client.Help import py_help, allhelp
 from poshc2.server.Config import ModulesDirectory, PayloadsDirectory, PoshProjectDirectory
 from poshc2.server.Core import print_bad
 from poshc2.client.cli.CommandPromptCompleter import FilePathCompleter
@@ -27,6 +27,9 @@ def handle_py_command(command, user, randomuri, implant_id):
     if command.startswith("searchhelp"):
         do_searchhelp(user, command, randomuri)
         return
+    elif command.startswith("searchallhelp"):
+        do_searchallhelp(user, command, randomuri)
+        return
     elif command.startswith("searchhistory"):
         do_searchhistory(user, command, randomuri)
         return
@@ -79,6 +82,13 @@ def do_searchhelp(user, command, randomuri):
             print(Colours.GREEN + line)
 
 
+def do_searchallhelp(user, command, randomuri):
+    searchterm = (command).replace("searchallhelp ", "")
+    for line in allhelp:
+        if searchterm in line.lower():
+            print(Colours.GREEN + line)
+
+
 def do_listmodules(user, command, randomuri):
     modules = os.listdir(ModulesDirectory)
     modules = sorted(modules, key=lambda s: s.lower())

diff --git a/poshc2/client/command_handlers/SharpHandler.py b/poshc2/client/command_handlers/SharpHandler.py
@@ -7,7 +7,7 @@
 from poshc2.client.Alias import cs_alias, cs_replace
 from poshc2.Colours import Colours
 from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp
-from poshc2.client.Help import sharp_help
+from poshc2.client.Help import sharp_help, allhelp
 from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory, ModulesDirectory
 from poshc2.server.Config import PayloadCommsHost, DomainFrontHeader, UserAgent, PBindPipeName, PBindSecret, FCommFileName
 from poshc2.Utils import argp, load_file, gen_key, get_first_url, get_first_dfheader
@@ -39,6 +39,9 @@ def handle_sharp_command(command, user, randomuri, implant_id):
     if command.startswith("searchhelp"):
         do_searchhelp(user, command, randomuri)
         return
+    elif command.startswith("searchallhelp"):
+        do_searchallhelp(user, command, randomuri)
+        return
     elif command.startswith("searchhistory"):
         do_searchhistory(user, command, randomuri)
         return
@@ -131,6 +134,13 @@ def do_searchhelp(user, command, randomuri):
             print(Colours.GREEN + line)
 
 
+def do_searchallhelp(user, command, randomuri):
+    searchterm = (command).replace("searchallhelp ", "")
+    for line in allhelp:
+        if searchterm in line.lower():
+            print(Colours.GREEN + line)
+
+
 def do_searchhistory(user, command, randomuri):
     searchterm = (command).replace("searchhistory ", "")
     with open('%s/.implant-history' % PoshProjectDirectory) as hisfile: