chore: clean unused plugin

Author: h3zh1

community-common/modules/common_bof.lua

@@ -1,225 +1,4 @@
-local parent_command = "common"
-local function bof_path(bof_name, arch)
-    return "common/bof/" .. bof_name .. "." .. arch .. ".o"
-end
-local function command_register(command_name, command_function, help_string, ttp)
-    command(parent_command .. ":" .. command_name, command_function,
-            help_string, ttp)
-end
-
--- netUserAdd
-
-local function run_netuseradd_bof(cmd)
-    local username = cmd:Flags():GetString("username")
-    local password = cmd:Flags():GetString("password")
-    if username == "" then error("username is required") end
-    if password == "" then error("password is required") end
-    local pack_args = bof_pack("ZZ", username, password)
-    local session = active()
-    local arch = session.Os.Arch
-    if not isadmin(session) then
-        error("You need to be an admin to run this command")
-    end
-    local bof_file = bof_path("NetUserAdd", arch)
-    return bof(session, script_resource(bof_file), pack_args, true)
-end
-
-local netuseradd_bof_command = command("common:netuseradd_bof",
-                                                run_netuseradd_bof,
-                                                "netuseradd_by_bof <username> <password>",
-                                                "")
-netuseradd_bof_command:Flags():String("username", "", "the username to add")
-netuseradd_bof_command:Flags():String("password", "", "the password to set")
-
--- curl
-local function parse_curl_bof(args)
-    local size = #args
-    if size < 1 then error(">=1 arguments are allowed") end
-    local host = args[1]
-    local port = "80"
-    local method = "GET"
-    local header = "Accept: */*"
-    local userAgent =
-        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36"
-    local body = ""
-
-    if size >= 2 then port = args[2] end
-    local valid_methods = {
-        GET = true,
-        POST = true,
-        PUT = true,
-        PATCH = true,
-        DELETE = true
-    }
-    if size >= 3 then
-        method = args[3]
-        if not valid_methods[method] then
-            error("HTTP method " .. method .. " isn't valid.")
-        end
-    end
-    local output = 1
-    if args[4] == "--disable-output" then output = 0 end
-    proxy = 1
-    if args[4] == "--noproxy" then proxy = 0 end
-    if size >= 5 then userAgent = args[5] end
-    if size >= 6 then header = args[6] end
-    if size >= 7 then body = args[7] end
-    return bof_pack("zizizzzi", host, port, method, output, userAgent, header,
-                    body, proxy)
-end
-
-local function run_curl_bof(args)
-    args = parse_curl_bof(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("curl", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("curl_bof", run_curl_bof,
-                 "curl <host> [port] [method] [--show|--noproxy] [userAgent] [header] [body]",
-                 "")
--- readfile
-
-local function run_readfile_bof(args)
-    if args[1] == nil then error(">=1 arguments are allowed") end
-    local file_path = args[1]
-    local packed_args = bof_pack("z", file_path)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("readfile", arch)
-    return bof(session, script_resource(bof_file), packed_args, true)
-end
-command_register("readfile_bof", run_readfile_bof, "readfile_bof <file_path>",
-                 "")
-
--- kill_defender
-local function parse_kill_defender_bof(args)
-    local size = #args
-    if size < 1 then error(">=1 arguments are allowed") end
-    local action = args[1]
-    if action == "kill" or action == "check" then
-        local username = session.Os.Username
-    end
-    return bof_pack("z", args[1])
-end
-local function run_kill_defender_bof(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("kill_defender", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("kill_defender_bof", run_kill_defender_bof,
-                 "kill_defender_bof <action>", "")
--- clipboard
-local function run_clipboard_bof(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("clipboard", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
--- dump clipboard
-local function run_dump_clipboard(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("dump_clipboard", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("dump_clipboard_bof", run_dump_clipboard, "dump_clipboard_bof",
-                 "")
--- wifidump
-local function parse_wifidump_bof(args)
-    local size = #args
-    if size < 1 then error(">=1 arguments are allowed") end
-    print(args[1])
-    local interface = args[1]
-    return bof_pack("Z", interface)
-end
-local function run_wifidump_bof(args)
-    args = parse_wifidump_bof(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("wifidump", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("wifidump_bof", run_wifidump_bof, "wifidump_bof <profilename>",
-                 "")
-
--- wifienum
-local function run_wifienum_bof(args)
-    if #args > 0 then error("no arguments are allowed") end
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("wifienum", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("wifienum_bof", run_wifienum_bof, "wifienum_bof", "")
-
--- memory info
-local function run_read_memory_bof()
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("memory", arch)
-    return bof(session, script_resource(bof_file), {}, true)
-end
-command_register("meminfo_bof", run_read_memory_bof, "meminfo_bof", "")
-
--- memory reader
--- Usage : memreader <target-pid> <pattern> <output-size>
-local function parse_memory_reader_bof(args)
-    local size = #args
-    if size < 2 then error(">=2 arguments are allowed") end
-    local target_pid = args[1]
-    local pattern = args[2]
-    local output_size = 10
-    if size == 3 then output_size = args[3] end
-    return bof_pack("izi", target_pid, pattern, output_size)
-end
-
-local function run_memory_reader_bof(args)
-    args = parse_memory_reader_bof(args)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("memreader", arch)
-    return bof(session, script_resource(bof_file), args, true)
-end
-command_register("mem_reader_bof", run_memory_reader_bof,
-                 "common mem_reader_bof <target-pid> <pattern> <output-size>",
-                 "")
-
--- regdump
-local function run_regdump_bof(args)
-    local session = active()
-    if not isadmin(session) then
-        error("You need to be an admin to run this command")
-    end
-    local location = args[1] or ""
-    local packed_args = bof_pack("z", location)
-
-    local arch = session.Os.Arch
-    local bof_file = bof_path("regdump", arch)
-    return bof(session, script_resource(bof_file), packed_args, true)
-end
-command_register("regdump_bof", run_regdump_bof, "regdump_bof <location>", "")
-
--- screenshot
-local function run_screenshot(args)
-    local filename
-    if #args == 1 then
-        filename = args[1]
-    else
-        filename = "screenshot.jpg"
-    end
-    local packed_args = bof_pack("z", filename)
-    local session = active()
-    local arch = session.Os.Arch
-    local bof_file = bof_path("screenshot", arch)
-    local result = bof(session, script_resource(bof_file), packed_args, true)
-    return result
-end
-command_register("screenshot_bof", run_screenshot,
-                 "Command: situational screenshot <filename>", "T1113")
-
---- common sharp 
+--- common sharp
 local function run_SharpWebServer(args)
     local session = active()
     local arch = session.Os.Arch

community-common/modules/operatorskit.lua

@@ -1,27 +1,6 @@
 -- Master Lua Script to load all Beacon Object Files from the 
 local bof_dir = "OperatorsKit/"
 
--- Addexclusion
-local function parse_addexclusion(args)
-    if #args < 2 then
-        error("Please specify one of the following exclusion types: path | process | extension.")
-    end
-    local excltype = args[1]
-    local excldata = args[2]
-
-    if excltype ~= "path" and excltype ~= "process" and excltype ~= "extension" then
-        error("This exclusion type isn't supported.")
-    end
-    return bof_pack("zZ", excltype, excldata)
-end
-local function run_addexclusion(args)
-    local session = active()
-    args = parse_addexclusion(args)
-    local bof_path = bof_dir .. "AddExclusion/addexclusion" .. ".o"
-    return bof(session, script_resource(bof_path), args, true)
-end
-command("operatorskit:addexclusion", run_addexclusion, "Command: operatorskit addexclusion <exclusion type> <exclusion data>", "T1562.001")
-
 --- Start Addfirewallrule
 local function parse_addfirewallrule(args)
     if #args < 3 then
@@ -154,23 +133,6 @@ local function run_credprompt(args)
 end
 command("operatorskit:credprompt", run_credprompt, 'Command: operatorskit credprompt "<title>" "<message>" [timeout]', "T1056.004")
 
--- Delexclusion
-local function parse_delexclusion(args)
-    if #args < 2 then
-        error("Please provide exclusion type and data.")
-    end
-    local excltype = args[1]
-    local excldata = args[2]
-    return bof_pack("zZ", excltype, excldata)
-end
-local function run_delexclusion(args)
-    local session = active()
-    args = parse_delexclusion(args)
-    local bof_path = bof_dir .. "DelExclusion/delexclusion" .. ".o"
-    return bof(session, script_resource(bof_path), args, true)
-end
-command("operatorskit:delexclusion", run_delexclusion, 'Command: operatorskit delexclusion <exclusion type> <exclusion data>', "T1562.001")
-
 -- Delfirewallrule
 local function parse_delfirewallrule(args)
     if #args < 1 then
@@ -242,22 +204,6 @@ local function run_dllenvhijacking(args)
 end
 command("operatorskit:dllenvhijacking", run_dllenvhijacking, 'Command: operatorskit dllenvhijacking <sysroot> <proxy DLL> <path to DLL> <vulnerable binary> <parent PID>', "T1574.001")
 
--- Enumlocalcert
-local function parse_enumlocalcert(args)
-    if #args < 1 then
-        error("Please specify a valid certificate store name.")
-    end
-    local store = args[1]
-    return bof_pack("Z", store)
-end
-local function run_enumlocalcert(args)
-    local session = active()
-    args = parse_enumlocalcert(args)
-    local bof_path = bof_dir .. "EnumLocalCert/enumlocalcert" .. ".o"
-    return bof(session, script_resource(bof_path), args, true)
-end
-command("operatorskit:enumlocalcert", run_enumlocalcert, 'Command: operatorskit enumlocalcert <store name>', "T1553.003")
-
 -- Enumsecproducts
 local function parse_enumsecproducts(args)
     local remotehost = args[1] or ""
@@ -317,40 +263,6 @@ local function run_enumwsc(args)
 end
 command("operatorskit:enumwsc", run_enumwsc, 'Command: operatorskit enumwsc <option>', "T1518.001")
 
--- Enumdotnet
-local function run_enumdotnet()
-    local session = active()
-    local bof_path = bof_dir .. "EnumDotnet/enumdotnet" .. ".o"
-    return bof(session, script_resource(bof_path), {}, true)
-end
-command("operatorskit:enumdotnet", run_enumdotnet, "Command: operatorskit enumdotnet", "T1033")
-
--- Enumexclusions
-local function run_enumexclusions()
-    local session = active()
-    local bof_path = bof_dir .. "EnumExclusions/enumexclusions" .. ".o"
-    return bof(session, script_resource(bof_path),{}, true)
-end
-command("operatorskit:enumexclusions", run_enumexclusions, "Command: operatorskit enumexclusions", "T1518.001")
-
--- Enumfiles
-local function parse_enumfiles(args)
-    if #args < 2 then
-        error("Please provide the directory path and search pattern.")
-    end
-    local lpDirectory = args[1]
-    local lpSearchPattern = args[2]
-    local keyword = args[3] or ""
-    return bof_pack("zzz", lpDirectory, lpSearchPattern, keyword)
-end
-local function run_enumfiles(args)
-    local session = active()
-    args = parse_enumfiles(args)
-    local bof_path = bof_dir .. "EnumFiles/enumfiles" .. ".o"
-    return bof(session, script_resource(bof_path), args, true)
-end
-command("operatorskit:enumfiles", run_enumfiles, 'Command: operatorskit enumfiles <directory> <search pattern> [keyword]', "T1083")
-
 -- Enumhandles
 local function parse_enumhandles(args)
     if #args < 2 then
@@ -535,14 +447,6 @@ local function run_silencesysmon(args)
 end
 command("operatorskit:silencesysmon", run_silencesysmon, 'Command: operatorskit silencesysmon <PID>', "T1562.002")
 
--- Systeminfo
-local function run_systeminfo()
-    local session = active()
-    local bof_path = bof_dir .. "SystemInfo/systeminfo" .. ".o"
-    return bof(session, script_resource(bof_path), {}, true)
-end
-command("operatorskit:systeminfo", run_systeminfo, "Command: operatorskit systeminfo", "T1082")
-
 -- Dllcomhijacking
 local function parse_dllcomhijacking(args)
     if #args < 2 then
@@ -588,14 +492,6 @@ local function run_injectpoolparty(args)
 end
 command("operatorskit:injectpoolparty", run_injectpoolparty, 'Command: operatorskit injectpoolparty <variant> <PID> <listener>', "T1055.012")
 
--- Enumdrives
-local function run_enumdrives(args)
-    local session = active()
-    local bof_path = bof_dir .. "EnumDrives/enumdrives" .. ".o"
-    return bof(session, script_resource(bof_path), args, true)
-end
-command("operatorskit:enumdrives", run_enumdrives, 'Command: operatorskit enumdrives', "T1135")
-
 -- Passwordspray
 local function parse_passwordspray(args)
     if #args < 3 then