diff --git a/poshc2/client/Help.py b/poshc2/client/Help.py index 5bdda4c5..96b2548f 100644 --- a/poshc2/client/Help.py +++ b/poshc2/client/Help.py @@ -45,6 +45,7 @@ unhide-implant help searchhelp persistence +searchallhelp mimikatz searchhistory invoke-mimikatz back label-implant @@ -108,6 +109,7 @@ getpowerstatus stoppowerstatus searchhelp listmodules +searchallhelp mimikatz searchhistory invoke-mimikatz label-implant remove-label @@ -262,6 +264,7 @@ ps invoke-urlcheck -urls https://api.hsbc.com,https://d36xb1r83janbu.cloudfront.net -domainfront d2argm04ypulrn.cloudfront.net,d36xb1r83janbu.cloudfront.net -uri /en-gb/surface/accessories/ searchhelp mimikatz +searchallhelp mimikatz searchhistory invoke-mimikatz label-implant remove-label @@ -508,6 +511,7 @@ * Implant Handler: ==================== searchhelp payload +searchallhelp mimikatz searchhistory pushover back quit @@ -576,7 +580,7 @@ """ special_characters = "!@#$%^&*()+=." - +allhelp = sharp_help.split('\n')+py_help.split('\n')+posh_help.split('\n')+server_help.split('\n') def build_help(help_string): commands = [] diff --git a/poshc2/client/command_handlers/FCommHandler.py b/poshc2/client/command_handlers/FCommHandler.py index 1e2d495b..93b935aa 100644 --- a/poshc2/client/command_handlers/FCommHandler.py +++ b/poshc2/client/command_handlers/FCommHandler.py @@ -8,7 +8,7 @@ from poshc2.Colours import Colours from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp -from poshc2.client.Help import sharp_help +from poshc2.client.Help import sharp_help, allhelp from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory from poshc2.server.Core import print_bad from poshc2.client.cli.CommandPromptCompleter import FilePathCompleter @@ -55,6 +55,12 @@ def handle_fcomm_command(command, user, randomuri, implant_id): if searchterm in line.lower(): print(Colours.PURPLE + line) + elif command.startswith("searchallhelp"): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + elif command.startswith("upload-file"): source = "" destination = "" diff --git a/poshc2/client/command_handlers/PSHandler.py b/poshc2/client/command_handlers/PSHandler.py index 22be537d..80c75986 100644 --- a/poshc2/client/command_handlers/PSHandler.py +++ b/poshc2/client/command_handlers/PSHandler.py @@ -8,7 +8,7 @@ from poshc2.Colours import Colours from poshc2.Utils import argp, load_file, gen_key, get_first_url, get_first_dfheader, yes_no_prompt from poshc2.server.AutoLoads import check_module_loaded, run_autoloads -from poshc2.client.Help import posh_help +from poshc2.client.Help import posh_help, allhelp from poshc2.server.Config import PayloadsDirectory, PoshInstallDirectory, PoshProjectDirectory, SocksHost, ModulesDirectory, DomainFrontHeader, PayloadCommsHost from poshc2.server.Config import PBindSecret, PBindPipeName from poshc2.server.Core import print_bad, creds, print_good @@ -53,6 +53,9 @@ def handle_ps_command(command, user, randomuri, implant_id): elif command.startswith("searchhelp"): do_searchhelp(user, command, randomuri) return + elif command.startswith("searchallhelp"): + do_searchallhelp(user, command, randomuri) + return elif command.startswith("download-files "): do_download_files(user, command, randomuri) return @@ -195,6 +198,13 @@ def do_searchhelp(user, command, randomuri): print(Colours.GREEN + line) +def do_searchallhelp(user, command, randomuri): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + + def do_download_files(user, command, randomuri): print_bad("Please enter a full path to the directory") diff --git a/poshc2/client/command_handlers/PbindHandler.py b/poshc2/client/command_handlers/PbindHandler.py index 5ffe55f2..7d153ce1 100644 --- a/poshc2/client/command_handlers/PbindHandler.py +++ b/poshc2/client/command_handlers/PbindHandler.py @@ -8,7 +8,7 @@ from poshc2.Colours import Colours from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp -from poshc2.client.Help import sharp_help +from poshc2.client.Help import sharp_help, allhelp from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory from poshc2.server.Config import PBindPipeName, PBindSecret from poshc2.server.Core import print_bad @@ -55,6 +55,12 @@ def handle_pbind_command(command, user, randomuri, implant_id): if searchterm in line.lower(): print(Colours.BLUE + line) + elif command.startswith("searchallhelp"): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + elif command.startswith("upload-file"): source = "" destination = "" diff --git a/poshc2/client/command_handlers/PbindPivotHandler.py b/poshc2/client/command_handlers/PbindPivotHandler.py index 814e5eed..6f30a4e4 100644 --- a/poshc2/client/command_handlers/PbindPivotHandler.py +++ b/poshc2/client/command_handlers/PbindPivotHandler.py @@ -8,7 +8,7 @@ from poshc2.Colours import Colours from poshc2.Utils import validate_sleep_time, argp, load_file, gen_key from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp -from poshc2.client.Help import sharp_help +from poshc2.client.Help import sharp_help, allhelp from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory from poshc2.server.Config import PBindPipeName, PBindSecret from poshc2.server.Core import print_bad @@ -55,6 +55,14 @@ def handle_pbind_pivot_command(command, user, randomuri, implant_id): if searchterm in line.lower(): print(Colours.GREEN + line) + + elif command.startswith("searchallhelp"): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + + elif command.startswith("upload-file"): source = "" destination = "" diff --git a/poshc2/client/command_handlers/PyHandler.py b/poshc2/client/command_handlers/PyHandler.py index 5c728cfa..0336cf66 100644 --- a/poshc2/client/command_handlers/PyHandler.py +++ b/poshc2/client/command_handlers/PyHandler.py @@ -8,7 +8,7 @@ from poshc2.Colours import Colours from poshc2.Utils import argp from poshc2.server.AutoLoads import check_module_loaded -from poshc2.client.Help import py_help +from poshc2.client.Help import py_help, allhelp from poshc2.server.Config import ModulesDirectory, PayloadsDirectory, PoshProjectDirectory from poshc2.server.Core import print_bad from poshc2.client.cli.CommandPromptCompleter import FilePathCompleter @@ -27,6 +27,9 @@ def handle_py_command(command, user, randomuri, implant_id): if command.startswith("searchhelp"): do_searchhelp(user, command, randomuri) return + elif command.startswith("searchallhelp"): + do_searchallhelp(user, command, randomuri) + return elif command.startswith("searchhistory"): do_searchhistory(user, command, randomuri) return @@ -79,6 +82,13 @@ def do_searchhelp(user, command, randomuri): print(Colours.GREEN + line) +def do_searchallhelp(user, command, randomuri): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + + def do_listmodules(user, command, randomuri): modules = os.listdir(ModulesDirectory) modules = sorted(modules, key=lambda s: s.lower()) diff --git a/poshc2/client/command_handlers/SharpHandler.py b/poshc2/client/command_handlers/SharpHandler.py index 731faa13..d6960d02 100644 --- a/poshc2/client/command_handlers/SharpHandler.py +++ b/poshc2/client/command_handlers/SharpHandler.py @@ -7,7 +7,7 @@ from poshc2.client.Alias import cs_alias, cs_replace from poshc2.Colours import Colours from poshc2.server.AutoLoads import check_module_loaded, run_autoloads_sharp -from poshc2.client.Help import sharp_help +from poshc2.client.Help import sharp_help, allhelp from poshc2.server.Config import PoshInstallDirectory, PoshProjectDirectory, SocksHost, PayloadsDirectory, ModulesDirectory from poshc2.server.Config import PayloadCommsHost, DomainFrontHeader, UserAgent, PBindPipeName, PBindSecret, FCommFileName from poshc2.Utils import argp, load_file, gen_key, get_first_url, get_first_dfheader @@ -39,6 +39,9 @@ def handle_sharp_command(command, user, randomuri, implant_id): if command.startswith("searchhelp"): do_searchhelp(user, command, randomuri) return + elif command.startswith("searchallhelp"): + do_searchallhelp(user, command, randomuri) + return elif command.startswith("searchhistory"): do_searchhistory(user, command, randomuri) return @@ -131,6 +134,13 @@ def do_searchhelp(user, command, randomuri): print(Colours.GREEN + line) +def do_searchallhelp(user, command, randomuri): + searchterm = (command).replace("searchallhelp ", "") + for line in allhelp: + if searchterm in line.lower(): + print(Colours.GREEN + line) + + def do_searchhistory(user, command, randomuri): searchterm = (command).replace("searchhistory ", "") with open('%s/.implant-history' % PoshProjectDirectory) as hisfile: