Skip to content

Generate an agent

...that will connect to the first listener and then make another request that downloads this as agent.exe

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import requests
import base64
import json

# Configuration
baseUrl = "https://localhost:8443"
username = "---USERNAME---"
password = "---PASSWORD---"
listenerId = 1
payloadTemplateId = "shelldot.payload.windows-x64"
outputFilename = "agent.exe"

# Login & get JWT token
headers = {
    "Authorization":
        "Basic " +
        base64
        .b64encode(
            (username + ":" + password)
            .encode('utf-8')
        )
        .decode('utf-8')
}
response = requests.request("POST", "%s/api/v1/auth/login" % baseUrl, headers=headers, verify=False)
if response.status_code != 200:
    print("Login failed")
    exit()

authToken = response.text
headers = {"Authorization": "Bearer " + authToken}

# Create agent
conf = {
  "payloadTemplateId": "shelldot.payload.windows-x64",
  "configuration": {
    "type": "debug_executable"
  },
  "listenerId": 1,
  "encrypted": True
}
response = requests.post("%s/api/v1/payloads" % (baseUrl), headers=headers, json=conf, verify=False)
if response.status_code != 200:
    print("Creating payload failed")
    print(response.text)
    exit()
payload_data = json.loads(response.text)

# Generate agent
response = requests.get("%s/api/v1/payloads/%d/download" % (baseUrl, payload_data["id"]),
                             headers=headers, verify=False)
if response.status_code != 200:
    print("Could not download agent")
    print(response.text)
    exit()

open(outputFilename, "wb").write(response.content)
print("Agent written to file %s" % outputFilename)