Add files via upload

k8gege · Nov 5, 2023 · 630fc26 · 630fc26
1 parent 1cceb95
commit 630fc26
Show file tree

Hide file tree

Showing 8 changed files with 172 additions and 19 deletions.
diff --git a/Ladon-cn.cna b/Ladon-cn.cna
@@ -1,10 +1,10 @@
-#Ladon 11.6 for Cobalt Strike
+#Ladon 11.9 for Cobalt Strike
 #author:	k8gege
 #blog:		http://k8gege.org/Ladon
 #github:	https://github.com/k8gege
 #teston:	CS 3.x & 4.0
 #moudle:	
-#update: 	20230801
+#update: 	20231105
 
 #一些模块不支持CS(确却的说是CS是不支持)，若需要请使用EXE全功能版。
 #不支持模块1: [NbtScan VncScan MysqlScan OracleScan SSHscan WinrmScan WebDir SubDomain]
@@ -15,7 +15,7 @@
 beacon_command_register(
 "Ladon", 
 "Ladon large network penetration scanner", 
-"\nUsing: Ladon help\nLadon is a multi-threaded plug-in comprehensive scanning artifact for large-scale network penetration, including port scanning, service identification, network assets, password explosion, high-risk vulnerability detection and one click getshell. It supports batch a / B / C segment scanning and cross network segment scanning, as well as URL, host and domain name list scanning. Version 11.6 has built-in 180 function modules and 18 external modules. Through a variety of protocols and methods, it can quickly obtain the IP, computer name, working group, shared resources, network card address, operating system version, website, subdomain name, middleware, open service, router, database and other information of the target network");
+"\nUsing: Ladon help\nLadon is a multi-threaded plug-in comprehensive scanning artifact for large-scale network penetration, including port scanning, service identification, network assets, password explosion, high-risk vulnerability detection and one click getshell. It supports batch a / B / C segment scanning and cross network segment scanning, as well as URL, host and domain name list scanning. Version 11.9 has built-in 180 function modules and 18 external modules. Through a variety of protocols and methods, it can quickly obtain the IP, computer name, working group, shared resources, network card address, operating system version, website, subdomain name, middleware, open service, router, database and other information of the target network");
 
 alias ladon {
 	if (-exists script_resource("Ladon.exe")) {
@@ -31,7 +31,7 @@ menubar("Ladon", "newtab", 1); popup newtab { item("&K8gege", { url_open("http:/
 alias Ladon {
 	if (-exists script_resource("Ladon.exe")) {
 	if ($2 eq "help"){
-	blog2($1, "Ladon 11.6");
+	blog2($1, "Ladon 11.9");
 	blog2($1, "Usage:");
 	#blog2($1, "Ladon 1");
 	#blog2($1, "Ladon ip");
@@ -68,7 +68,7 @@ alias Ladon {
 	 bexecute_assembly!($1, script_resource("res/Ladon40.dat"), $2.' '.$3.' '.$4.' '.$5.' '.$6.' '.$7.' '.$8);
 	 }else if (uc($2) eq "GETIP" || uc($2) eq "WHOAMI" || uc($2) eq "GETID" || uc($2) eq "GETINFO" || uc($2) eq "CMDLINE" || uc($2) eq "GETCMDLINE" || uc($2) eq "ENUMPROCESS" || uc($2) eq "Cmdline" || uc($2) eq "GetCmdline" || uc($2) eq "ALLVER"  || uc($2) eq "VER" || uc($2) eq "NETVER" || uc($2) eq "PSVER" || uc($2) eq "NETVERSION" || uc($2) eq "PSVERSION" || uc($2) eq "CHECKDOOR" || uc($2) eq "AUTORUN" || uc($2) eq "RECENT" || uc($2) eq "RDPLOG" || uc($2) eq "USBLOG" || uc($2) eq "QUERYADMIN" || uc($2) eq "GETPIPE" || uc($2) eq "QUERYPROXY"){
 	 bexecute_assembly!($1, script_resource("res/LadonInfo.dat"), $2.' '.$3.' '.$4.' '.$5.' '.$6.' '.$7.' '.$8);
-     }else if (uc($2) eq "ARPINFO" || uc($2) eq "SMBINFO" || uc($2) eq "NBTINFO" || uc($2) eq "WMIINFO" || uc($2) eq "WINRMINFO" || uc($2) eq "SNMPINFO" || uc($2) eq "RDPINFO" || uc($2) eq "CISCOINFO" || uc($2) eq "SSLINFO" || uc($2) eq "WPINFO" || uc($2) eq "T3INFO" || uc($2) eq "INFOSCAN" || uc($3) eq "ARPINFO" || uc($3) eq "SMBINFO" || uc($3) eq "NBTINFO" || uc($3) eq "WMIINFO" || uc($3) eq "WINRMINFO" || uc($3) eq "SNMPINFO" || uc($3) eq "RDPINFO" || uc($3) eq "CISCOINFO" || uc($3) eq "SSLINFO" || uc($3) eq "WPINFO" || uc($3) eq "T3INFO" || uc($3) eq "INFOSCAN" || uc($4) eq "ARPINFO" || uc($4) eq "SMBINFO" || uc($4) eq "NBTINFO" || uc($4) eq "WMIINFO" || uc($4) eq "WINRMINFO" || uc($4) eq "SNMPINFO" || uc($4) eq "RDPINFO" || uc($4) eq "CISCOINFO" || uc($4) eq "SSLINFO" || uc($4) eq "WPINFO" || uc($4) eq "T3INFO" || uc($4) eq "INFOSCAN"){
+     }else if (uc($2) eq "ARPINFO" || uc($2) eq "SMBINFO" || uc($2) eq "NBTINFO" || uc($2) eq "WMIINFO" || uc($2) eq "WINRMINFO" || uc($2) eq "SNMPINFO" || uc($2) eq "RDPINFO" || uc($2) eq "CISCOINFO" || uc($2) eq "SSLINFO" || uc($2) eq "WPINFO" || uc($2) eq "T3INFO" || uc($2) eq "HTTPINFO" || uc($2) eq "SMTPINFO" || uc($2) eq "INFOSCAN" || uc($3) eq "ARPINFO" || uc($3) eq "SMBINFO" || uc($3) eq "NBTINFO" || uc($3) eq "WMIINFO" || uc($3) eq "WINRMINFO" || uc($3) eq "SNMPINFO" || uc($3) eq "RDPINFO" || uc($3) eq "CISCOINFO" || uc($3) eq "SSLINFO" || uc($3) eq "WPINFO" || uc($3) eq "T3INFO" || uc($3) eq "HTTPINFO" || uc($3) eq "SMTPINFO" || uc($3) eq "INFOSCAN" || uc($4) eq "ARPINFO" || uc($4) eq "SMBINFO" || uc($4) eq "NBTINFO" || uc($4) eq "WMIINFO" || uc($4) eq "WINRMINFO" || uc($4) eq "SNMPINFO" || uc($4) eq "RDPINFO" || uc($4) eq "CISCOINFO" || uc($4) eq "SSLINFO" || uc($4) eq "WPINFO" || uc($4) eq "T3INFO" || uc($4) eq "HTTPINFO" || uc($4) eq "SMTPINFO" || uc($4) eq "INFOSCAN"){
 	 bexecute_assembly!($1, script_resource("res/LadonInfo.dat"), $2.' '.$3.' '.$4.' '.$5.' '.$6.' '.$7.' '.$8);
 	 }else if (uc($2) eq "ICMP" || uc($2) eq "PING" || uc($2) eq "ONLINEIP" || uc($2) eq "ONLINEPC" || uc($3) eq "ICMP" || uc($3) eq "PING" || uc($3) eq "ONLINEIP" || uc($3) eq "ONLINEPC" || uc($4) eq "ONLINEIP" || uc($4) eq "ONLINEPC" || uc($3) eq "ICMP" || uc($3) eq "PING"){
 	 bexecute_assembly!($1, script_resource("res/Ladon48.dat"), $2.' '.$3.' '.$4.' '.$5.' '.$6.' '.$7.' '.$8);
@@ -588,7 +588,7 @@ sub Runas {
 
 popup beacon_bottom {
 menu "神龙拉冬" {
-item("&Ladon 11.6", { url_open("https://k8gege.org/Ladon?cs"); });
+item("&Ladon 11.9", { url_open("https://k8gege.org/Ladon?cs"); });
 separator();
 separator();
 menu "1 网络资产收集" {
@@ -968,6 +968,28 @@ menu "2 系统信息探测" {
 	dbutton_action($dialog, "Scan");
 	dialog_show($dialog);
 	}
+	item "9 Http/S探测系统信息-Web" {
+	$bid = $1;
+	$dialog = dialog("Ladon HttpInfo", %(tar => "",moudle => "HttpInfo",clrver => "35",bid => $bid), &LadonInfo);
+	dialog_description($dialog, "Target: IP or CIDR or URL or Host or Domain");
+	drow_text($dialog, "tar",  "Target:");
+	#drow_combobox($dialog, "moudle", "Moudle:", @("OnlinePC","OnlineIP","OSScan", "WebScan", "WhatCMS","CiscoScan","SameWeb","UrlScan","EnumMssql","EnumShare"));
+	#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
+	drow_checkbox($dialog, 'type', 'noping');
+	dbutton_action($dialog, "Scan");
+	dialog_show($dialog);
+	}
+	item "10 Smtp探测系统信息-25/465/587" {
+	$bid = $1;
+	$dialog = dialog("Ladon SmtpInfo", %(tar => "",moudle => "SmtpInfo",clrver => "35",bid => $bid), &LadonInfo);
+	dialog_description($dialog, "Target: IP or CIDR or URL or Host or Domain");
+	drow_text($dialog, "tar",  "Target:");
+	#drow_combobox($dialog, "moudle", "Moudle:", @("OnlinePC","OnlineIP","OSScan", "WebScan", "WhatCMS","CiscoScan","SameWeb","UrlScan","EnumMssql","EnumShare"));
+	#drow_combobox($dialog, "clrver", "Version", @("35", "40"));
+	drow_checkbox($dialog, 'type', 'noping');
+	dbutton_action($dialog, "Scan");
+	dialog_show($dialog);
+	}
 }
 
 menu "3 远程漏洞检测" {

diff --git a/Ladon.ps1 b/Ladon.ps1
diff --git a/Ladon911.exe b/Ladon911.exe
diff --git a/Ladon911_20231105.ps1 b/Ladon911_20231105.ps1
diff --git a/LadonGUI.exe b/LadonGUI.exe
diff --git a/LadonShell.exe b/LadonShell.exe
diff --git a/LadonStudy.exe b/LadonStudy.exe
diff --git a/update.txt b/update.txt
@@ -1,10 +1,6 @@
 Wiki: http://k8gege.org/Ladon
-[+]新增
-[-]移除
-[u]更新
 
-
-Ladon简介:
+简介:
 Ladon模块化网络渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。10.10版本内置202个功能模块,外部模块18个,网络资产探测模块30个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个包含Cisco、Zimbra、Exchange、DrayTek、MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列、Printer等，密码审计23个含数据库(Mysql、Oracle、MSSQL)、FTP、SSH、VNC、Windows(LDAP、SMB/IPC、NBT、WMI、SmbHash、WmiHash、Winrm)、BasicAuth、Tomcat、Weblogic、Rar等，远程执行命令包含(smbexec/wmiexe/psexec/atexec/sshexec/webshell),Web指纹识别模块可识别135+（Web应用、中间件、脚本类型、页面类型）等，本地提权21+含SweetPotato\BadPotato\EfsPotato\BypassUAC,可高度自定义插件POC支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令，EXP生成器可一键生成漏洞POC快速扩展扫描能力。Ladon支持Cobalt Strike插件化扫描快速拓展内网进行横向移动 内网渗透。
 
 
@@ -26,6 +22,38 @@ LadonShell		连接aspx一句话木马 WebShell内存加载Ladon后渗透 无文
 =========================================================================
 
 
+
+Ladon 11.9  20231105
+[u]LadonStudy		支持bypassEDR
+[u]LadonShell		支持tls 1.2
+[u]RdpInfo 			优化RDP Ntlm探测系统信息
+[u]RdpLog			查看3389连接日志(IP、用户名、CertHash)
+[+]CVE-2023-46604	ActiveMQ CVE-2023-46604 RCE Exploit
+
+
+Ladon 11.8  20231018
+[u]InfoScan			新增SmtpInfo
+[+]SmtpInfo			新增Smtp Ntlm探测系统信息(25、465、587端口)
+[u]InfoScan			新增HttpInfo
+[+]HttpInfo			新增Http/Https Ntlm探测系统信息(SharePoint)
+
+
+Ladon 11.7 20231010
+[u]BadPotato		本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题
+[u]EfsPotato		本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题
+[u]GodPotato		本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题
+[u]SweetPotato		本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题
+[u]McpPotato		本地提权 支持Base64参数 解决Cobalt Strike或LadonShell下双引号等问题
+[+]clsLog			新增清理最近访问文件记录
+
+9.24
+[u] WmiExec2		横向移动 内网渗透 修复b64cmd参数Bug
+[u] WmiExec			横向移动 内网渗透 修复域用户连接Bug
+[+] AtExec			横向移动 内网渗透 Base64统一为Unicode(如whoami编码 dwBoAG8AYQBtAGkA )
+
+9.18
+[u]PostShell			hexupload支持任意文件上传-当前目录
+
 Ladon 11.6 20230911
 [+]MmcExec				Dcom远程执行命令之MMC20(域控或管理员权限、需目标关闭防火墙) 横向移动 内网渗透 支持BASE64命令
 [+]ShellExec			Dcom远程执行命令之ShellWindows(域控或管理员权限、需目标关闭防火墙) 横向移动 内网渗透 支持BASE64命令
@@ -832,7 +860,7 @@ Ladon 8.8 2021.9.11
 
 ==================================================================
 Ladon 8.7 Debug 2021.8.14
-[+]UsbLog USB使用记录查看(USB名称、USB标记、路径信息)
+[+]UsbLog USB使用记录查看USB日志(USB名称、USB标记、路径信息)
 
 Ladon 8.6 2021.7.5
 [+]PrintNightmare (CVE-2021-1675 | CVE-2021-34527)打印机漏洞提权EXP 
@@ -1089,7 +1117,7 @@ GUI 2020.9.24
 [+] WmiScan 记录RCP不可用正确密码
 [+] PowerCat TCP、UDP反弹SHELL
 [+] ReverseTcp MSF、NC反弹SHELL
-[+] recent  查看用户最近访问文件
+[+] recent  查看用户最近访问文件 最近操作文件日志
 [+] sshexec 横向移动 内网渗透 增加上传下载文件功能
 
 6.6.3 20200618