3 | 3 |
|
4 | 4 |
Last-Update: 2020-11-30
|
5 | 5 |
---
|
6 | |
empire | 21 ++++++++++++++++++---
|
7 | |
lib/common/__init__.py | 4 +++-
|
|
6 |
empire | 20 +++++++++++++++++++-
|
|
7 |
lib/common/__init__.py | 2 +-
|
8 | 8 |
lib/common/agents.py | 21 +++++++++++----------
|
9 | |
lib/common/empire.py | 9 +++++----
|
|
9 |
lib/common/empire.py | 8 ++++----
|
10 | 10 |
lib/common/helpers.py | 6 +++---
|
11 | |
setup/reset.sh | 20 ++++++++++----------
|
|
11 |
setup/reset.sh | 12 ++++++------
|
12 | 12 |
setup/setup_database.py | 2 +-
|
13 | |
7 files changed, 51 insertions(+), 32 deletions(-)
|
|
13 |
7 files changed, 45 insertions(+), 26 deletions(-)
|
14 | 14 |
|
15 | 15 |
diff --git a/empire b/empire
|
16 | |
index c8cb21e..5eed7db 100755
|
|
16 |
index c8cb21e..a909e4f 100755
|
17 | 17 |
--- a/empire
|
18 | 18 |
+++ b/empire
|
19 | |
@@ -24,8 +24,23 @@ from time import sleep
|
20 | |
|
21 | |
from flask import Flask, request, jsonify, make_response, abort, url_for, g
|
|
19 |
@@ -26,6 +26,24 @@ from flask import Flask, request, jsonify, make_response, abort, url_for, g
|
22 | 20 |
from flask.json import JSONEncoder
|
23 | |
-from flask_socketio import SocketIO, emit, join_room, leave_room, \
|
24 | |
- close_room, rooms, disconnect
|
25 | |
+from flask_socketio import SocketIO, emit
|
|
21 |
from flask_socketio import SocketIO, emit, join_room, leave_room, \
|
|
22 |
close_room, rooms, disconnect
|
26 | 23 |
+import shutil
|
27 | 24 |
+
|
28 | 25 |
+# database old path
|
29 | 26 |
+DB_OLD_PATH = "/usr/share/powershell-empire/data"
|
30 | 27 |
+# database new path
|
31 | |
+DB_PATH = os.path.expanduser("~/.local/powershell-empire")
|
|
28 |
+DB_PATH = "/var/lib/powershell-empire"
|
|
29 |
+
|
|
30 |
+if os.getuid() != 0:
|
|
31 |
+ print("Please run powershell-empire with sudo:")
|
|
32 |
+ print("'sudo powershell-empire'")
|
|
33 |
+ sys.exit()
|
|
34 |
+
|
32 | 35 |
+# Handle database creation / switch before import lib.common
|
33 | 36 |
+if not os.path.isfile(os.path.join(DB_PATH, "empire.db")):
|
34 | |
+ os.makedirs(DB_PATH, exist_ok=True)
|
35 | 37 |
+ if os.path.exists(os.path.join(DB_OLD_PATH, "empire.db")):
|
36 | |
+ if os.getuid() == 0:
|
37 | |
+ shutil.move((os.path.join(DB_OLD_PATH, "empire.db")), os.path.join(DB_PATH, "empire.db"))
|
38 | |
+ else:
|
39 | |
+ subprocess.run(["setup/setup_database.py"])
|
|
38 |
+ shutil.move((os.path.join(DB_OLD_PATH, "empire.db")), os.path.join(DB_PATH, "empire.db"))
|
40 | 39 |
+ else:
|
41 | 40 |
+ subprocess.run(["setup/setup_database.py"])
|
42 | 41 |
|
43 | 42 |
# Empire imports
|
44 | 43 |
from lib.common import empire, helpers, users
|
45 | |
@@ -91,7 +106,7 @@ def database_connect():
|
|
44 |
@@ -91,7 +109,7 @@ def database_connect():
|
46 | 45 |
sqlite3.register_adapter(datetime, adapt_datetime)
|
47 | 46 |
sqlite3.register_converter("timestamp", convert_timestamp)
|
48 | 47 |
# set the database connectiont to autocommit w/ isolation level
|
|
52 | 51 |
conn.isolation_level = None
|
53 | 52 |
return conn
|
54 | 53 |
diff --git a/lib/common/__init__.py b/lib/common/__init__.py
|
55 | |
index 6fe1ea5..c5638f2 100644
|
|
54 |
index 6fe1ea5..c303440 100644
|
56 | 55 |
--- a/lib/common/__init__.py
|
57 | 56 |
+++ b/lib/common/__init__.py
|
58 | |
@@ -6,6 +6,7 @@ from __future__ import absolute_import
|
59 | |
|
60 | |
import sys
|
61 | |
import sqlite3
|
62 | |
+import os
|
63 | |
|
64 | |
from . import helpers
|
65 | |
|
66 | |
@@ -13,7 +14,8 @@ from . import helpers
|
|
57 |
@@ -13,7 +13,7 @@ from . import helpers
|
67 | 58 |
def connect_to_db():
|
68 | 59 |
try:
|
69 | 60 |
# set the database connectiont to autocommit w/ isolation level
|
70 | 61 |
- conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
|
71 | |
+ conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'),
|
72 | |
+ check_same_thread=False)
|
|
62 |
+ conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
|
73 | 63 |
conn.text_factory = str
|
74 | 64 |
conn.isolation_level = None
|
75 | 65 |
return conn
|
76 | 66 |
diff --git a/lib/common/agents.py b/lib/common/agents.py
|
77 | |
index 9dd24c0..7b80c1e 100644
|
|
67 |
index 9dd24c0..f01a493 100644
|
78 | 68 |
--- a/lib/common/agents.py
|
79 | 69 |
+++ b/lib/common/agents.py
|
80 | 70 |
@@ -89,6 +89,7 @@ class Agents(object):
|
81 | 71 |
# pull out the controller objects
|
82 | 72 |
self.mainMenu = MainMenu
|
83 | 73 |
self.installPath = self.mainMenu.installPath
|
84 | |
+ self.localPath = os.path.expanduser('~/.local/powershell-empire/')
|
|
74 |
+ self.localPath = '/var/lib/powershell-empire/'
|
85 | 75 |
self.args = args
|
86 | 76 |
|
87 | 77 |
# internal agent dictionary for the client's session key, funcions, and URI sets
|
|
160 | 150 |
message = "[!] WARNING: agent {} attempted skywalker exploit!".format(self.sessionID)
|
161 | 151 |
signal = json.dumps({
|
162 | 152 |
diff --git a/lib/common/empire.py b/lib/common/empire.py
|
163 | |
index 2c7cac9..8bcde38 100755
|
|
153 |
index 2c7cac9..69a6b16 100755
|
164 | 154 |
--- a/lib/common/empire.py
|
165 | 155 |
+++ b/lib/common/empire.py
|
166 | 156 |
@@ -191,7 +191,7 @@ class MainMenu(cmd.Cmd):
|
|
168 | 158 |
# if --debug X is passed, log out all dispatcher signals
|
169 | 159 |
if self.args.debug:
|
170 | 160 |
- with open('empire.debug', 'a') as debug_file:
|
171 | |
+ with open(os.path.expanduser("~/.local/powershell-empire/empire.debug"), 'a') as debug_file:
|
|
161 |
+ with open("/var/lib/powershell-empire/empire.debug", 'a') as debug_file:
|
172 | 162 |
debug_file.write("%s %s : %s\n" % (helpers.get_datetime(), sender, signal))
|
173 | 163 |
|
174 | 164 |
if self.args.debug == '2':
|
175 | |
@@ -346,11 +346,12 @@ class MainMenu(cmd.Cmd):
|
|
165 |
@@ -346,11 +346,11 @@ class MainMenu(cmd.Cmd):
|
176 | 166 |
|
177 | 167 |
def database_connect(self):
|
178 | 168 |
"""
|
179 | 169 |
- Connect to the default database at ./data/empire.db.
|
180 | |
+ Connect to the default database at ~/.local/powershell-empire/empire.db.
|
|
170 |
+ Connect to the default database at /var/lib/powershell-empire/empire.db.
|
181 | 171 |
"""
|
182 | 172 |
try:
|
183 | 173 |
- # set the database connection to autocommit w/ isolation level
|
184 | 174 |
- self.conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
|
185 | 175 |
+ # set the database connectiont to autocommit w/ isolation level
|
186 | |
+ self.conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'),
|
187 | |
+ check_same_thread=False)
|
|
176 |
+ self.conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
|
188 | 177 |
self.conn.text_factory = str
|
189 | 178 |
self.conn.isolation_level = None
|
190 | 179 |
return self.conn
|
191 | 180 |
diff --git a/lib/common/helpers.py b/lib/common/helpers.py
|
192 | |
index 7b5fd6d..81429ed 100644
|
|
181 |
index 7b5fd6d..053d034 100644
|
193 | 182 |
--- a/lib/common/helpers.py
|
194 | 183 |
+++ b/lib/common/helpers.py
|
195 | 184 |
@@ -273,7 +273,7 @@ def strip_powershell_comments(data):
|
|
197 | 186 |
|
198 | 187 |
def keyword_obfuscation(data):
|
199 | 188 |
- conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
|
200 | |
+ conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
|
|
189 |
+ conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
|
201 | 190 |
conn.isolation_level = None
|
202 | 191 |
conn.row_factory = None
|
203 | 192 |
cur = conn.cursor()
|
|
206 | 195 |
"""
|
207 | 196 |
|
208 | 197 |
- conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
|
209 | |
+ conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
|
|
198 |
+ conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
|
210 | 199 |
conn.isolation_level = None
|
211 | 200 |
|
212 | 201 |
cur = conn.cursor()
|
|
215 | 204 |
"""
|
216 | 205 |
try:
|
217 | 206 |
- conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
|
218 | |
+ conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
|
|
207 |
+ conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
|
219 | 208 |
conn.isolation_level = None
|
220 | 209 |
conn.row_factory = dict_factory
|
221 | 210 |
cur = conn.cursor()
|
222 | 211 |
diff --git a/setup/reset.sh b/setup/reset.sh
|
223 | |
index 5e291d8..dd48b94 100755
|
|
212 |
index 5e291d8..7fcfa89 100755
|
224 | 213 |
--- a/setup/reset.sh
|
225 | 214 |
+++ b/setup/reset.sh
|
226 | |
@@ -1,9 +1,9 @@
|
227 | |
#!/bin/bash
|
228 | |
|
229 | |
-if [[ $EUID -ne 0 ]]; then
|
230 | |
- echo " [!]This script must be run as root" 1>&2
|
231 | |
- exit 1
|
232 | |
-fi
|
233 | |
+#if [[ $EUID -ne 0 ]]; then
|
234 | |
+# echo " [!]This script must be run as root" 1>&2
|
235 | |
+# exit 1
|
236 | |
+#fi
|
237 | |
|
238 | |
IFS='/' read -a array <<< pwd
|
239 | |
|
240 | 215 |
@@ -13,22 +13,22 @@ then
|
241 | 216 |
fi
|
242 | 217 |
|
243 | 218 |
# reset the database
|
244 | 219 |
-if [ -e ../data/empire.db ]
|
245 | |
+if [ -e ~/.local/powershell-empire/empire.db ]
|
|
220 |
+if [ -e /var/lib/powershell-empire/empire.db ]
|
246 | 221 |
then
|
247 | 222 |
- rm ../data/empire.db
|
248 | |
+ rm ~/.local/powershell-empire/empire.db
|
|
223 |
+ rm /var/lib/powershell-empire/empire.db
|
249 | 224 |
fi
|
250 | 225 |
|
251 | 226 |
python3 ./setup_database.py
|
|
253 | 228 |
|
254 | 229 |
# remove the debug file if it exists
|
255 | 230 |
-if [ -e empire.debug ]
|
256 | |
+if [ -e ~/.local/powershell-empire/empire.debug ]
|
|
231 |
+if [ -e /var/lib/powershell-empire/empire.debug ]
|
257 | 232 |
then
|
258 | 233 |
- rm empire.debug
|
259 | |
+ rm ~/.local/powershell-empire/empire.debug
|
|
234 |
+ rm /var/lib/powershell-empire/empire.debug
|
260 | 235 |
fi
|
261 | 236 |
|
262 | 237 |
# remove the download folders
|
263 | 238 |
-if [ -d ./downloads/ ]
|
264 | |
+if [ -d ~/.local/powershell-empire/downloads/ ]
|
|
239 |
+if [ -d /var/lib/powershell-empire/downloads/ ]
|
265 | 240 |
then
|
266 | 241 |
- rm -rf ./downloads/
|
267 | |
+ rm -rf ~/.local/powershell-empire/downloads/
|
|
242 |
+ rm -rf /var/lib/powershell-empire/downloads/
|
268 | 243 |
fi
|
269 | 244 |
diff --git a/setup/setup_database.py b/setup/setup_database.py
|
270 | |
index ec88437..cb6151a 100755
|
|
245 |
index ec88437..8b2e622 100755
|
271 | 246 |
--- a/setup/setup_database.py
|
272 | 247 |
+++ b/setup/setup_database.py
|
273 | 248 |
@@ -65,7 +65,7 @@ OBFUSCATE_COMMAND = r'Token\All\1'
|
|
275 | 250 |
###################################################
|
276 | 251 |
|
277 | 252 |
-conn = sqlite3.connect('%s/data/empire.db' % INSTALL_PATH)
|
278 | |
+conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'))
|
|
253 |
+conn = sqlite3.connect('/var/lib/powershell-empire/empire.db')
|
279 | 254 |
|
280 | 255 |
c = conn.cursor()
|
281 | 256 |
|