Inicio Explorar Axuda
Iniciar sesión
zhensolid
/
OperatorsKit
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

small fix

unknown %!s(int64=2) %!d(string=hai) anos
pai
900445ad3d
achega
95f153361a
Modificáronse 6 ficheiros con 6 adicións e 6 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      KIT/BlindEventlog/blindeventlog.cna
  2. 1 1
      KIT/DllEnvHijacking/dllenvhijacking.cna
  3. 1 1
      KIT/FindSysmon/findsysmon.cna
  4. 1 1
      KIT/HideFile/hidefile.cna
  5. 1 1
      KIT/PSremote/psremote.cna
  6. 1 1
      KIT/SilenceSysmon/silencesysmon.cna

+ 1 - 1
KIT/BlindEventlog/blindeventlog.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-    "blindeventlog", "Blind Eventlog by suspending its threads.\n",
 
+    "blindeventlog", "Blind Eventlog by suspending its threads.",
 
     "INFO:\nBlind Eventlog by suspending its threads. This technique requires elevated privileges.\nBe aware that all events, from the period the threads were suspended, will be pushed to Eventlog the moment the threads are resumed.\n\nOPTIONS:\n[suspend]: find and suspend all Eventlog threads and disrupt its functionality\n[resume]: find and resume all Eventlog threads and restore its functionality\n\n" .
 
     "USAGE:\nblindeventlog <suspend | resume>\n\n");

+ 1 - 1
KIT/DllEnvHijacking/dllenvhijacking.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-	"dllenvhijacking", "BOF implementation of DLL environment hijacking.\n",
 
+	"dllenvhijacking", "BOF implementation of DLL environment hijacking.",
 
 	"INFO:\nThis tool will setup a hidden file structure, move an already on disk present malicious proxy DLL to the new system32 folder, hide the proxy DLL, modify the SYSTEMROOT environment variable, run the vulnerable binary as a spoofed process to execute the malicious DLL, and reset the original SYSTEMROOT environment variable so the beacon keeps working as intended.\n\nOPTIONS:\n[<new sysroot dir>]: the new directory name as a path that will be used as the new SYSTEMROOT variable like C:\\Data\\ (make sure the directory path ends with \\).\n[<malicious DLL name>]: the name of the malicious DLL that will be loaded by the vulnerable binary (e.g. mswsock.dll).\n[<path to mal. DLL folder>]: the path on the target system to the folder were the malicious DLL is stored (don't add the DLL name and end the path with a \\).\n[<name of vulnerable binary>]: the name of the vulnerable binary that will be executed and loads the malicious DLL (e.g. hostname.exe).\n[<pid parent proc>]: the process ID of the parent process under which the vulnerable binary will run as a child.\n\n" .
 
 	"USAGE:\ndllenvhijacking <new sysroot dir> <malicious DLL name> <path to mal. DLL folder> <name of vulnerable binary> <pid parent proc>\n\n");

+ 1 - 1
KIT/FindSysmon/findsysmon.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-    "findsysmon", "Verify if Sysmon is running.\n",
 
+    "findsysmon", "Verify if Sysmon is running.",
 
     "INFO:\nVerify if Sysmon is running. This can be done by checking the registry or by enumerating Minifilter drivers and search for one that is associated with Sysmon.\n\nOPTIONS:\n[reg]: search the registry to check if Sysmon is present on the system and return the Sysmon service PID if active.\n[driver]: list all the Minifilter drivers on the system to check manually (requires elevated privileges).\n\n" .
 
     "USAGE:\nfindsysmon <reg | driver>\n\n");

+ 1 - 1
KIT/HideFile/hidefile.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-    "hidefile", "Hide file or directory by setting it's attributes to systemfile + hidden.\n",
 
+    "hidefile", "Hide file or directory by setting it's attributes to systemfile + hidden.",
 
     "INFO:\nHide a directory or file from plain sight by modifying the attributes and set them to systemfile + hidden.\n\nOPTIONS:\n[dir]: set this option if you want to modify the attributes of a directory.\n[file]: set this option if you want to modify the attributes of a file.\n[<path to dir/file>]: path to the directory or file that you want to hide.\n\n" .
 
     "USAGE:\nhidefile <dir | file> <path to dir/file>\n\n");

+ 1 - 1
KIT/PSremote/psremote.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-    "psremote", "List all running processes on a remote host.\n",
 
+    "psremote", "List all running processes on a remote host.",
 
     "INFO:\nGet a list of all processes running on the remote host.\n\n" .
 
     "USAGE:\npsremote <FQDN or IP remote host>\n\n");

+ 1 - 1
KIT/SilenceSysmon/silencesysmon.cna
Ver ficheiro 

@@ -1,7 +1,7 @@
 
 # author REDMED-X
 
 
 beacon_command_register(
 
-    "silencesysmon", "Silence Sysmon by patching its capability to write ETW events to the log.\n",
 
+    "silencesysmon", "Silence Sysmon by patching its capability to write ETW events to the log.",
 
     "INFO:\nSilence the Sysmon service by patching its capability to write ETW events to the log.\nRestarting the Sysmon service or the system itself will clear the patch and Sysmon will resume working normally.\nAltough this will not leave any traces in the log, there will be a time gap between the last and first new event.\n\nOPTIONS:\n[pid]: the process ID of the Sysmon service running on the system.\n\n" .
 
     "USAGE:\nsilencesysmon <sysmon pid>\n\n");