OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises
2023-2-17 19:30:0 Author: www.kitploit.com(查看原文) 阅读量:75 收藏

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the resulting binary and generate a shellcode.

Features

  • Currently only supports C# (.Net Framework) projects
  • Allows to clone public and private (you will need credentials :D) git repositories
  • Allows to work with local folders
  • Randomizes project GUIDs
  • Randomizes application information contained in AssemblyInfo
  • Builds C# projects
  • Obfuscates generated binaries
  • Generates shellcodes from binaries
  • There are 79 tools parameterised in YML templates (not all of them may work :D)
  • New tools can be added using YML templates
  • It should be easy to add new plugins...

What's new in version 2.0

  • Almost complete code rewrite (new bugs?)
  • Cloning from private repositories possible (authentication via GitHub authToken)
  • Possibility to copy a local folder instead of cloning from a remote repository
  • New module to generate shellcodes with Donut
  • New module to randomize GUIDs of applications
  • New module to randomize the AssemblyInfo of each application
  • 60 new tools added

Examples

  • List all tools:
OffensivePipeline.exe list
  • Build all tools:
OffensivePipeline.exe all
  • Build a tool
OffensivePipeline.exe t toolName
  • Clean cloned and build tools

Output example

PS C:\OffensivePipeline> .\OffensivePipeline.exe t rubeus

ooo
.osooooM M
___ __ __ _ ____ _ _ _ +y. M M
/ _ \ / _|/ _| ___ _ __ ___(_)_ _____| _ \(_)_ __ ___| (_)_ __ ___ :h .yoooMoM
| | | | |_| |_ / _ \ '_ \/ __| \ \ / / _ \ |_) | | '_ \ / _ \ | | '_ \ / _ \ oo oo
| |_| | _| _| __/ | | \__ \ |\ V / __/ __/| | |_) | __/ | | | | | __/ oo oo
\___/|_| |_| \___|_| |_|___/_| \_/ \___|_| |_| .__/ \___|_|_|_| |_|\___| oo oo
|_| MoMoooy. h:
M M .y+
M Mooooso.
ooo

@aetsu
v2.0.0

[+] Loading tool: Rubeus
Clonnig repository: Rubeus into C:\OffensivePipeline\Git\Rubeus
Repository Rubeus cloned into C:\OffensivePipeline\Git\Rubeus

[+] Load RandomGuid module
Searching GUIDs...
> C:\OffensivePipeline\Git\Rubeus\Rubeus.sln
> C:\OffensivePipeline\Git\Rubeus\Rubeus\Rubeus.csproj
> C:\OffensivePipeline\Git\Rubeus\Rubeus\Properties\AssemblyInfo.cs
Replacing GUIDs...
File C:\OffensivePipeline\Git\Rubeus\Rubeus.sln:
> Replacing GUID 658C8B7F-3664-4A95-9572-A3E5871DFC06 with 3bd82351-ac9a-4403-b1e7-9660e698d286
> Replacing GUID FAE04EC0-301F-11D3-BF4B-00C04F79EFBC with 619876c2-5a8b-4c48-93c3-f87ca520ac5e
> Replacing GUID 658c8b7f-3664-4a95-9572-a3e5871dfc06 with 11e0084e-937f-46d7-83b5-38a496bf278a
[+] No errors!
File C:\OffensivePipeline\Git\Rubeus\Rubeus\Rubeus.csproj:
> Replacing GUID 658C8B7F-3664-4A95-9572-A3E5871DFC06 with 3bd82351-ac9a-4403-b1e7-9660e698d286
> Replacing GUID FAE04EC0-301F-11D3-BF4B-00C04F79EFBC with 619876c2-5a8b-4c48-93c3-f87ca520ac5e
> Replacing GUID 658c8b7f-3664-4a95-9572-a3e5871dfc06 with 11e0084e-937f-46d7-83b5-38a496bf278a
[+] No errors!
File C:\OffensivePipeline\Git\Rubeus\Rubeus\Properties\AssemblyInfo.cs:
> Replacing GUID 658C8B7F-3664-4A95-9572-A3E5871DFC06 with 3bd82351-ac9a-4403-b1e7-9660e698d286
> Replacing GUID FAE04EC0-301F-11D3-BF4B-00C04F79EFBC with 619876c2-5a8b-4c48-93c3-f87ca520ac5e
> Replacing GUID 658c8b7f-3664-4a95-9572-a3e5871dfc06 with 11e0084e-937f-46d7-83b5-38a496bf278a
[+] No errors!

[+] Load RandomAssemblyInfo module
Replacing strings in C:\OffensivePipeline\Git\Rubeus\Rubeus\Properties\AssemblyInfo.cs
[assembly: AssemblyTitle("Rubeus")] -> [assembly: AssemblyTitle("g4ef3fvphre")]
[assembly: AssemblyDescription("")] -> [assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")] -> [assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")] -> [assembly: AssemblyCompany("")]
[assembly: AssemblyProduc t("Rubeus")] -> [assembly: AssemblyProduct("g4ef3fvphre")]
[assembly: AssemblyCopyright("Copyright © 2018")] -> [assembly: AssemblyCopyright("Copyright © 2018")]
[assembly: AssemblyTrademark("")] -> [assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")] -> [assembly: AssemblyCulture("")]

[+] Load BuildCsharp module
[+] Checking requirements...
[*] Downloading nuget.exe from https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
[+] Download OK - nuget.exe
[+] Path found - C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\Common7\Tools\VsDevCmd.bat
Solving dependences with nuget...
Building solution...
[+] No errors!
[+] Output folder: C:\OffensivePipeline\Output\Rubeus_vh00nc50xud

[+] Load ConfuserEx module
[+] Checking requirements...
[+] Downloading ConfuserEx from https://github.com/mkaring/ConfuserEx/releases/download/v1.6.0/ConfuserEx-CLI.zip
[+] Download OK - ConfuserEx
Confusing...
[+] No errors!

[+] Load Donut module
Generating shellcode...

Payload options:
Domain: RMM6XFC3
Runtime:v4.0.30319

Raw Payload: C:\OffensivePipeline\Output\Rubeus_vh00nc50xud\ConfuserEx\Donut\Rubeus.bin
B64 Payload: C:\OffensivePipeline\Output\Rubeus_vh00nc50xud\ConfuserEx\Donut\Rubeus.bin.b64

[+] No errors!

[+] Generating Sha256 hashes
Output file: C:\OffensivePipeline\Output\Rubeus_vh00nc50xud

-----------------------------------------------------------------
SUMMARY

- Rubeus
- RandomGuid: OK
- RandomAssemblyInfo: OK
- BuildCsharp: OK
- ConfuserEx: OK
- Donut: OK

-----------------------------------------------------------------

Plugins

  • RandomGuid: randomise the GUID in .sln, .csproj and AssemblyInfo.cs files
  • RandomAssemblyInfo: randomise the values defined in AssemblyInfo.cs
  • BuildCsharp: build c# project
  • ConfuserEx: obfuscate c# tools
  • Donut: use Donut to generate shellcodes. The shellcode generated is without parameters, in future releases this may be changed.

Add a tool from a remote git

The scripts for downloading the tools are in the Tools folder in yml format. New tools can be added by creating new yml files with the following format:

  • Rubeus.yml file:
tool:
- name: Rubeus
description: Rubeus is a C# toolset for raw Kerberos interaction and abuses
gitLink: https://github.com/GhostPack/Rubeus
solutionPath: Rubeus\Rubeus.sln
language: c#
plugins: RandomGuid, RandomAssemblyInfo, BuildCsharp, ConfuserEx, Donut
authUser:
authToken:

Where:

  • Name: name of the tool
  • Description: tool description
  • GitLink: link from git to clone
  • SolutionPath: solution (sln file) path
  • Language: language used (currently only c# is supported)
  • Plugins: plugins to use on this tool build process
  • AuthUser: user name from github (not used for public repositories)
  • AuthToken: auth token from github (not used for public repositories)

Add a tool from a private git

tool:
- name: SharpHound3-Custom
description: C# Rewrite of the BloodHound Ingestor
gitLink: https://github.com/aaaaaaa/SharpHound3-Custom
solutionPath: SharpHound3-Custom\SharpHound3.sln
language: c#
plugins: RandomGuid, RandomAssemblyInfo, BuildCsharp, ConfuserEx, Donut
authUser: aaaaaaa
authToken: abcdefghijklmnopqrsthtnf

Where:

  • Name: name of the tool
  • Description: tool description
  • GitLink: link from git to clone
  • SolutionPath: solution (sln file) path
  • Language: language used (currently only c# is supported)
  • Plugins: plugins to user on this tool build process
  • AuthUser: user name from GitHub
  • AuthToken: auth token from GitHub (documented at GitHub: creating a personal access token)

Add a tool from local git folder

tool:
- name: SeatbeltLocal
description: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
gitLink: C:\Users\alpha\Desktop\SeatbeltLocal
solutionPath: SeatbeltLocal\Seatbelt.sln
language: c#
plugins: RandomGuid, RandomAssemblyInfo, BuildCsharp, ConfuserEx, Donut
authUser:
authToken:

Where:

  • Name: name of the tool
  • Description: tool description
  • GitLink: path where the tool is located
  • SolutionPath: solution (sln file) path
  • Language: language used (currently only c# is supported)
  • Plugins: plugins to user on this tool build process
  • AuthUser: user name from github (not used for local repositories)
  • AuthToken: auth token from github (not used for local repositories)

Requirements for the release version (Visual Studio 2019/2022 is not required)

In the OffensivePipeline.dll.config file it's possible to change the version of the build tools used.

  • Build Tools 2019:
<add key="BuildCSharpTools" value="C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\Common7\Tools\VsDevCmd.bat"/>
  • Build Tools 2022:
<add key="BuildCSharpTools" value="C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\Common7\Tools\VsDevCmd.bat"/>

Requirements for build

Credits

Supported tools

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises Reviewed by Zion3R on 8:30 AM Rating: 5


文章来源: http://www.kitploit.com/2023/02/offensivepipeline-allows-you-to.html
如有侵权请联系:admin#unsafe.sh