Codebase list powershell-empire / 62c4774
Update patches to use sudo Sophie Brun 3 years ago
5 changed file(s) with 46 addition(s) and 68 deletion(s). Raw diff Collapse all Expand all
+41
-66
debian/patches/change-database-location.patch less more
33
44 Last-Update: 2020-11-30
55 ---
6 empire | 21 ++++++++++++++++++---
7 lib/common/__init__.py | 4 +++-
6 empire | 20 +++++++++++++++++++-
7 lib/common/__init__.py | 2 +-
88 lib/common/agents.py | 21 +++++++++++----------
9 lib/common/empire.py | 9 +++++----
9 lib/common/empire.py | 8 ++++----
1010 lib/common/helpers.py | 6 +++---
11 setup/reset.sh | 20 ++++++++++----------
11 setup/reset.sh | 12 ++++++------
1212 setup/setup_database.py | 2 +-
13 7 files changed, 51 insertions(+), 32 deletions(-)
13 7 files changed, 45 insertions(+), 26 deletions(-)
1414
1515 diff --git a/empire b/empire
16 index c8cb21e..5eed7db 100755
16 index c8cb21e..a909e4f 100755
1717 --- a/empire
1818 +++ b/empire
19 @@ -24,8 +24,23 @@ from time import sleep
20
21 from flask import Flask, request, jsonify, make_response, abort, url_for, g
19 @@ -26,6 +26,24 @@ from flask import Flask, request, jsonify, make_response, abort, url_for, g
2220 from flask.json import JSONEncoder
23 -from flask_socketio import SocketIO, emit, join_room, leave_room, \
24 - close_room, rooms, disconnect
25 +from flask_socketio import SocketIO, emit
21 from flask_socketio import SocketIO, emit, join_room, leave_room, \
22 close_room, rooms, disconnect
2623 +import shutil
2724 +
2825 +# database old path
2926 +DB_OLD_PATH = "/usr/share/powershell-empire/data"
3027 +# database new path
31 +DB_PATH = os.path.expanduser("~/.local/powershell-empire")
28 +DB_PATH = "/var/lib/powershell-empire"
29 +
30 +if os.getuid() != 0:
31 + print("Please run powershell-empire with sudo:")
32 + print("'sudo powershell-empire'")
33 + sys.exit()
34 +
3235 +# Handle database creation / switch before import lib.common
3336 +if not os.path.isfile(os.path.join(DB_PATH, "empire.db")):
34 + os.makedirs(DB_PATH, exist_ok=True)
3537 + if os.path.exists(os.path.join(DB_OLD_PATH, "empire.db")):
36 + if os.getuid() == 0:
37 + shutil.move((os.path.join(DB_OLD_PATH, "empire.db")), os.path.join(DB_PATH, "empire.db"))
38 + else:
39 + subprocess.run(["setup/setup_database.py"])
38 + shutil.move((os.path.join(DB_OLD_PATH, "empire.db")), os.path.join(DB_PATH, "empire.db"))
4039 + else:
4140 + subprocess.run(["setup/setup_database.py"])
4241
4342 # Empire imports
4443 from lib.common import empire, helpers, users
45 @@ -91,7 +106,7 @@ def database_connect():
44 @@ -91,7 +109,7 @@ def database_connect():
4645 sqlite3.register_adapter(datetime, adapt_datetime)
4746 sqlite3.register_converter("timestamp", convert_timestamp)
4847 # set the database connectiont to autocommit w/ isolation level
5251 conn.isolation_level = None
5352 return conn
5453 diff --git a/lib/common/__init__.py b/lib/common/__init__.py
55 index 6fe1ea5..c5638f2 100644
54 index 6fe1ea5..c303440 100644
5655 --- a/lib/common/__init__.py
5756 +++ b/lib/common/__init__.py
58 @@ -6,6 +6,7 @@ from __future__ import absolute_import
59
60 import sys
61 import sqlite3
62 +import os
63
64 from . import helpers
65
66 @@ -13,7 +14,8 @@ from . import helpers
57 @@ -13,7 +13,7 @@ from . import helpers
6758 def connect_to_db():
6859 try:
6960 # set the database connectiont to autocommit w/ isolation level
7061 - conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
71 + conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'),
72 + check_same_thread=False)
62 + conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
7363 conn.text_factory = str
7464 conn.isolation_level = None
7565 return conn
7666 diff --git a/lib/common/agents.py b/lib/common/agents.py
77 index 9dd24c0..7b80c1e 100644
67 index 9dd24c0..f01a493 100644
7868 --- a/lib/common/agents.py
7969 +++ b/lib/common/agents.py
8070 @@ -89,6 +89,7 @@ class Agents(object):
8171 # pull out the controller objects
8272 self.mainMenu = MainMenu
8373 self.installPath = self.mainMenu.installPath
84 + self.localPath = os.path.expanduser('~/.local/powershell-empire/')
74 + self.localPath = '/var/lib/powershell-empire/'
8575 self.args = args
8676
8777 # internal agent dictionary for the client's session key, funcions, and URI sets
160150 message = "[!] WARNING: agent {} attempted skywalker exploit!".format(self.sessionID)
161151 signal = json.dumps({
162152 diff --git a/lib/common/empire.py b/lib/common/empire.py
163 index 2c7cac9..8bcde38 100755
153 index 2c7cac9..69a6b16 100755
164154 --- a/lib/common/empire.py
165155 +++ b/lib/common/empire.py
166156 @@ -191,7 +191,7 @@ class MainMenu(cmd.Cmd):
168158 # if --debug X is passed, log out all dispatcher signals
169159 if self.args.debug:
170160 - with open('empire.debug', 'a') as debug_file:
171 + with open(os.path.expanduser("~/.local/powershell-empire/empire.debug"), 'a') as debug_file:
161 + with open("/var/lib/powershell-empire/empire.debug", 'a') as debug_file:
172162 debug_file.write("%s %s : %s\n" % (helpers.get_datetime(), sender, signal))
173163
174164 if self.args.debug == '2':
175 @@ -346,11 +346,12 @@ class MainMenu(cmd.Cmd):
165 @@ -346,11 +346,11 @@ class MainMenu(cmd.Cmd):
176166
177167 def database_connect(self):
178168 """
179169 - Connect to the default database at ./data/empire.db.
180 + Connect to the default database at ~/.local/powershell-empire/empire.db.
170 + Connect to the default database at /var/lib/powershell-empire/empire.db.
181171 """
182172 try:
183173 - # set the database connection to autocommit w/ isolation level
184174 - self.conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
185175 + # set the database connectiont to autocommit w/ isolation level
186 + self.conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'),
187 + check_same_thread=False)
176 + self.conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
188177 self.conn.text_factory = str
189178 self.conn.isolation_level = None
190179 return self.conn
191180 diff --git a/lib/common/helpers.py b/lib/common/helpers.py
192 index 7b5fd6d..81429ed 100644
181 index 7b5fd6d..053d034 100644
193182 --- a/lib/common/helpers.py
194183 +++ b/lib/common/helpers.py
195184 @@ -273,7 +273,7 @@ def strip_powershell_comments(data):
197186
198187 def keyword_obfuscation(data):
199188 - conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
200 + conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
189 + conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
201190 conn.isolation_level = None
202191 conn.row_factory = None
203192 cur = conn.cursor()
206195 """
207196
208197 - conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
209 + conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
198 + conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
210199 conn.isolation_level = None
211200
212201 cur = conn.cursor()
215204 """
216205 try:
217206 - conn = sqlite3.connect('./data/empire.db', check_same_thread=False)
218 + conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'), check_same_thread=False)
207 + conn = sqlite3.connect('/var/lib/powershell-empire/empire.db', check_same_thread=False)
219208 conn.isolation_level = None
220209 conn.row_factory = dict_factory
221210 cur = conn.cursor()
222211 diff --git a/setup/reset.sh b/setup/reset.sh
223 index 5e291d8..dd48b94 100755
212 index 5e291d8..7fcfa89 100755
224213 --- a/setup/reset.sh
225214 +++ b/setup/reset.sh
226 @@ -1,9 +1,9 @@
227 #!/bin/bash
228
229 -if [[ $EUID -ne 0 ]]; then
230 - echo " [!]This script must be run as root" 1>&2
231 - exit 1
232 -fi
233 +#if [[ $EUID -ne 0 ]]; then
234 +# echo " [!]This script must be run as root" 1>&2
235 +# exit 1
236 +#fi
237
238 IFS='/' read -a array <<< pwd
239
240215 @@ -13,22 +13,22 @@ then
241216 fi
242217
243218 # reset the database
244219 -if [ -e ../data/empire.db ]
245 +if [ -e ~/.local/powershell-empire/empire.db ]
220 +if [ -e /var/lib/powershell-empire/empire.db ]
246221 then
247222 - rm ../data/empire.db
248 + rm ~/.local/powershell-empire/empire.db
223 + rm /var/lib/powershell-empire/empire.db
249224 fi
250225
251226 python3 ./setup_database.py
253228
254229 # remove the debug file if it exists
255230 -if [ -e empire.debug ]
256 +if [ -e ~/.local/powershell-empire/empire.debug ]
231 +if [ -e /var/lib/powershell-empire/empire.debug ]
257232 then
258233 - rm empire.debug
259 + rm ~/.local/powershell-empire/empire.debug
234 + rm /var/lib/powershell-empire/empire.debug
260235 fi
261236
262237 # remove the download folders
263238 -if [ -d ./downloads/ ]
264 +if [ -d ~/.local/powershell-empire/downloads/ ]
239 +if [ -d /var/lib/powershell-empire/downloads/ ]
265240 then
266241 - rm -rf ./downloads/
267 + rm -rf ~/.local/powershell-empire/downloads/
242 + rm -rf /var/lib/powershell-empire/downloads/
268243 fi
269244 diff --git a/setup/setup_database.py b/setup/setup_database.py
270 index ec88437..cb6151a 100755
245 index ec88437..8b2e622 100755
271246 --- a/setup/setup_database.py
272247 +++ b/setup/setup_database.py
273248 @@ -65,7 +65,7 @@ OBFUSCATE_COMMAND = r'Token\All\1'
275250 ###################################################
276251
277252 -conn = sqlite3.connect('%s/data/empire.db' % INSTALL_PATH)
278 +conn = sqlite3.connect(os.path.expanduser('~/.local/powershell-empire/empire.db'))
253 +conn = sqlite3.connect('/var/lib/powershell-empire/empire.db')
279254
280255 c = conn.cursor()
281256
+1
-1
debian/patches/series less more
00 rename-jinja2-templates.patch
1 change-database-location.patch
21 update-shebang-for-python3.patch
32 use-cryptodome.patch
3 change-database-location.patch
+1
-0
debian/powershell-empire.dirs less more
0 var/lib/powershell-empire
+2
-1
debian/powershell-empire.links less more
0 usr/share/powershell-empire usr/share/windows-resources/powershell-empire
0 usr/share/powershell-empire usr/share/windows-resources/powershell-empire
1 var/lib/powershell-empire/data/obfuscated_module_source usr/share/powershell-empire/data/obfuscated_module_source
+1
-0
debian/rules less more
88 # don't install the script install.sh and the file
99 # requirements.txt
1010 dh_install -Xinstall.sh -Xrequirements.txt -Xgitignore -XLICENSE
11 find data/obfuscated_module_source -type d -exec mkdir -p $(CURDIR)/debian/powershell-empire/var/lib/powershell-empire/'{}' \;
1112
1213 override_dh_fixperms:
1314 dh_fixperms