Codebase list powershell-empire / 8fe69e6
New upstream version 3.0.6 Sophie Brun 4 years ago
10 changed file(s) with 50 addition(s) and 35 deletion(s). Raw diff Collapse all Expand all
+1
-1
VERSION less more
0 3.0.5
0 3.0.6
+19
-8
changelog less more
0 1/31/2020
1 ------------
2 - Version 3.0.6 Master Release
3 - Fixed osx stager generation byte/str errors - #84 (@hypnoticpattern)
4 - Fixed osx appbundle generation which was stripping the wrong string - #84 (@hypnoticpattern)
5 - Removed future imports from python3 launcher, so it works without any extra libraries - #81 (@Cx01N)
6 - Staging key no longer needs to be exactly 32 characters - #85 (@Cx01N)
7 - Add "stale" property to agents endpoint - #90 (@Vinnybod)
8 - Agents endpoint now returns agents without failing due to session_key encoding - #90 (@Vinnybod)
9 - Fixed an indentation bug in aes.py (@Cx01N)
10
011 1/21/2020
112 ------------
213 - Version 3.0.5 Master Release
3 - Fixed setup_database.py python3 issue - #75 (@linxon)
4 - Added loaded listener types to API - #78 (@Vinnybod)
5 - Fixed python launcherBase (@Cx01N)
6 - Updated Python 3.8 compatibility in stager - #72 (@complana)
7 - Fixed Powerup Invoke-allchecks issue - #64 (@SkiddieTech)
8 - Fixed shellcode stager - #76 (@Hubbl3)
9 - Fixed binary upload error - #55 (@Hubbl3)
10 - Fixed multi/bash error (@Cx01N)
14 - Fixed setup_database.py python3 issue - #75 (@linxon)
15 - Added loaded listener types to API - #78 (@Vinnybod)
16 - Fixed python launcherBase (@Cx01N)
17 - Updated Python 3.8 compatibility in stager - #72 (@complana)
18 - Fixed Powerup Invoke-allchecks issue - #64 (@SkiddieTech)
19 - Fixed shellcode stager - #76 (@Hubbl3)
20 - Fixed binary upload error - #55 (@Hubbl3)
21 - Fixed multi/bash error (@Cx01N)
1122
1223 1/14/2020
1324 ------------
+10
-13
data/agent/agent.py less more
0 from __future__ import division
1 from future import standard_library
2 standard_library.install_aliases()
3 from builtins import str
4 from builtins import range
5 from builtins import object
6 from past.utils import old_div
7 import __future__
80 import struct
9 import time
101 import base64
112 import subprocess
123 import random
145 import datetime
156 import os
167 import sys
17 import trace
18 import shlex
198 import zlib
209 import threading
2110 import http.server
2211 import zipfile
2312 import io
2413 import imp
25 import marshal
2614 import re
2715 import shutil
2816 import pwd
3018 import math
3119 import stat
3220 import grp
33 from stat import S_ISREG, ST_CTIME, ST_MODE
21 import numbers
3422 from os.path import expanduser
3523 from io import StringIO
3624 from threading import Thread
530518 else:
531519 send_message(build_response_packet(0, "invalid tasking ID: %s" %(taskingID), resultID))
532520
521 def old_div(a, b):
522 """
523 Equivalent to ``a / b`` on Python 2 without ``from __future__ import
524 division``.
525 """
526 if isinstance(a, numbers.Integral) and isinstance(b, numbers.Integral):
527 return a // b
528 else:
529 return a / b
533530
534531 ################################################
535532 #
+2
-1
data/agent/stagers/common/aes.py less more
234234 else:
235235 if isinstance(iv, str):
236236 self._last_cipherblock = _string_to_bytes(iv)
237 self._last_cipherblock = iv
237 else:
238 self._last_cipherblock = iv
238239
239240 AESBlockModeOfOperation.__init__(self, key)
240241
+0
-2
data/agent/stagers/http.py less more
99 stage_1
1010 stage_2
1111 """
12 from __future__ import print_function
1312
14 import copy
1513 import random
1614 import string
1715 import urllib.request as urllib
+10
-2
empire less more
774774 for activeAgent in activeAgentsRaw:
775775 [ID, session_id, listener, name, language, language_version, delay, jitter, external_ip, internal_ip, username, high_integrity, process_name, process_id, hostname, os_details, session_key, nonce, checkin_time, lastseen_time, parent, children, servers, profile, functions, kill_date, working_hours, lost_limit, taskings, results] = activeAgent
776776
777 agents.append({"ID":ID, "session_id":session_id, "listener":listener, "name":name, "language":language, "language_version":language_version, "delay":delay, "jitter":jitter, "external_ip":external_ip, "internal_ip":internal_ip, "username":username, "high_integrity":high_integrity, "process_name":process_name, "process_id":process_id, "hostname":hostname, "os_details":os_details, "session_key":session_key, "nonce":nonce, "checkin_time":checkin_time, "lastseen_time":lastseen_time, "parent":parent, "children":children, "servers":servers, "profile":profile,"functions":functions, "kill_date":kill_date, "working_hours":working_hours, "lost_limit":lost_limit, "taskings":taskings, "results":results})
777 intervalMax = (delay + delay * jitter)+30
778
779 # get the agent last check in time
780 agentTime = time.mktime(time.strptime(lastseen_time, "%Y-%m-%d %H:%M:%S"))
781
782 stale = agentTime < time.mktime(time.localtime()) - intervalMax
783
784 agents.append({"ID":ID, "session_id":session_id, "listener":listener, "name":name, "language":language, "language_version":language_version, "delay":delay, "jitter":jitter, "external_ip":external_ip, "internal_ip":internal_ip, "username":username, "high_integrity":high_integrity, "process_name":process_name, "process_id":process_id, "hostname":hostname, "os_details":os_details, "session_key":session_key.decode('latin-1').encode('utf-8'), "nonce":nonce, "checkin_time":checkin_time, "lastseen_time":lastseen_time, "parent":parent, "children":children, "servers":servers, "profile":profile,"functions":functions, "kill_date":kill_date, "working_hours":working_hours, "lost_limit":lost_limit, "taskings":taskings, "results":results, "stale":stale})
778785
779786 return jsonify({'agents' : agents})
787
780788
781789
782790 @app.route('/api/agents/stale', methods=['GET'])
800808
801809 if agentTime < time.mktime(time.localtime()) - intervalMax:
802810
803 staleAgents.append({"ID":ID, "session_id":session_id, "listener":listener, "name":name, "language":language, "language_version":language_version, "delay":delay, "jitter":jitter, "external_ip":external_ip, "internal_ip":internal_ip, "username":username, "high_integrity":high_integrity, "process_name":process_name, "process_id":process_id, "hostname":hostname, "os_details":os_details, "session_key":session_key, "nonce":nonce, "checkin_time":checkin_time, "lastseen_time":lastseen_time, "parent":parent, "children":children, "servers":servers, "profile":profile,"functions":functions, "kill_date":kill_date, "working_hours":working_hours, "lost_limit":lost_limit, "taskings":taskings, "results":results})
811 staleAgents.append({"ID":ID, "session_id":session_id, "listener":listener, "name":name, "language":language, "language_version":language_version, "delay":delay, "jitter":jitter, "external_ip":external_ip, "internal_ip":internal_ip, "username":username, "high_integrity":high_integrity, "process_name":process_name, "process_id":process_id, "hostname":hostname, "os_details":os_details, "session_key":session_key.decode('latin-1').encode('utf-8'), "nonce":nonce, "checkin_time":checkin_time, "lastseen_time":lastseen_time, "parent":parent, "children":children, "servers":servers, "profile":profile,"functions":functions, "kill_date":kill_date, "working_hours":working_hours, "lost_limit":lost_limit, "taskings":taskings, "results":results})
804812
805813 return jsonify({'agents' : staleAgents})
806814
+1
-1
lib/common/empire.py less more
1414 from builtins import str
1515 from builtins import range
1616
17 VERSION = "3.0.5 BC-Security Fork"
17 VERSION = "3.0.6 BC-Security Fork"
1818
1919 from pydispatch import dispatcher
2020
+1
-1
lib/common/listeners.py less more
154154 # if the staging key isn't 32 characters, assume we're md5 hashing it
155155 value = str(value).strip()
156156 if len(value) != 32:
157 stagingKeyHash = hashlib.md5(value).hexdigest()
157 stagingKeyHash = hashlib.md5(value.encode('UTF-8')).hexdigest()
158158 print(helpers.color('[!] Warning: staging key not 32 characters, using hash of staging key instead: %s' % (stagingKeyHash)))
159159 listenerObject.options[option]['Value'] = stagingKeyHash
160160 else:
+5
-5
lib/common/stagers.py less more
273273
274274 if Arch == 'x64':
275275
276 f = open(self.mainMenu.installPath + "/data/misc/apptemplateResources/x64/launcher.app/Contents/MacOS/launcher")
276 f = open(self.mainMenu.installPath + "/data/misc/apptemplateResources/x64/launcher.app/Contents/MacOS/launcher", "rb")
277277 directory = self.mainMenu.installPath + "/data/misc/apptemplateResources/x64/launcher.app/"
278278 else:
279 f = open(self.mainMenu.installPath + "/data/misc/apptemplateResources/x86/launcher.app/Contents/MacOS/launcher")
279 f = open(self.mainMenu.installPath + "/data/misc/apptemplateResources/x86/launcher.app/Contents/MacOS/launcher", "rb")
280280 directory = self.mainMenu.installPath + "/data/misc/apptemplateResources/x86/launcher.app/"
281281
282282 macho = macholib.MachO.MachO(f.name)
291291 count = 0
292292 if int(cmd[count].cmd) == macholib.MachO.LC_SEGMENT_64 or int(cmd[count].cmd) == macholib.MachO.LC_SEGMENT:
293293 count += 1
294 if cmd[count].segname.strip('\x00') == '__TEXT' and cmd[count].nsects > 0:
294 if cmd[count].segname.strip(b'\x00') == b'__TEXT' and cmd[count].nsects > 0:
295295 count += 1
296296 for section in cmd[count]:
297 if section.sectname.strip('\x00') == '__cstring':
297 if section.sectname.strip(b'\x00') == b'__cstring':
298298 offset = int(section.offset)
299299 placeHolderSz = int(section.size) - 52
300300
303303
304304 if placeHolderSz and offset:
305305
306 launcher = launcherCode + "\x00" * (placeHolderSz - len(launcherCode))
306 launcher = launcherCode.encode('utf8') + b'\x00' * (placeHolderSz - len(launcherCode))
307307 patchedBinary = template[:offset]+launcher+template[(offset+len(launcher)):]
308308 if AppName == "":
309309 AppName = "launcher"
+1
-1
lib/stagers/osx/application.py less more
9696
9797 else:
9898 disarm = False
99 launcher = launcher.strip('echo').strip(' | /usr/bin/python &').strip("\"")
99 launcher = launcher.strip('echo').strip(' | /usr/bin/python3 &').strip("\"")
100100 ApplicationZip = self.mainMenu.stagers.generate_appbundle(launcherCode=launcher,Arch=arch,icon=icnsPath,AppName=AppName, disarm=disarm)
101101 return ApplicationZip