infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Invoke-Obfuscation merged into 2.0_beta

mdns
cobbr 2017-04-22 21:37:50 -05:00
parent 4340a6679e
commit 057636c447
6 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
data/agent/stagers/http.ps1
View File

@ -4,20 +4,20 @@ function Start-Negotiate {
function ConvertTo-RC4ByteStream { function ConvertTo-RC4ByteStream {
Param ($RCK, $In) Param ($RCK, $In)
begin { begin {
[Byte[]] $S = 0..255; [Byte[]] $Str = 0..255;
$J = 0; $J = 0;
0..255 | ForEach-Object { 0..255 | ForEach-Object {
$J = ($J + $S[$_] + $RCK[$_ % $RCK.Length]) % 256; $J = ($J + $Str[$_] + $RCK[$_ % $RCK.Length]) % 256;
$S[$_], $S[$J] = $S[$J], $S[$_]; $Str[$_], $Str[$J] = $Str[$J], $Str[$_];
}; };
$I = $J = 0; $I = $J = 0;
} }
process { process {
ForEach($Byte in $In) { ForEach($Byte in $In) {
$I = ($I + 1) % 256; $I = ($I + 1) % 256;
$J = ($J + $S[$I]) % 256; $J = ($J + $Str[$I]) % 256;
$S[$I], $S[$J] = $S[$J], $S[$I]; $Str[$I], $Str[$J] = $Str[$J], $Str[$I];
$Byte -bxor $S[($S[$I] + $S[$J]) % 256]; $Byte -bxor $Str[($Str[$I] + $Str[$J]) % 256];
} }
} }
} }

4
lib/listeners/http.py
View File

@ -396,7 +396,7 @@ class Listener:
randomizedStager += line randomizedStager += line
if obfuscate: if obfuscate:
randomizedStager = helpers.obfuscate(randomizedStager, self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) randomizedStager = helpers.obfuscate(randomizedStager, obfuscationCommand=obfuscationCommand)
# base64 encode the stager and return it # base64 encode the stager and return it
if encode: if encode:
return helpers.enc_powershell(randomizedStager) return helpers.enc_powershell(randomizedStager)
@ -483,7 +483,7 @@ class Listener:
if workingHours != "": if workingHours != "":
code = code.replace('$WorkingHours,', "$WorkingHours = '" + str(workingHours) + "',") code = code.replace('$WorkingHours,', "$WorkingHours = '" + str(workingHours) + "',")
if obfuscate: if obfuscate:
code = helpers.obfuscate(code, self.mainMenu.installPath, obfuscationCommand=obfuscationCommand) code = helpers.obfuscate(code, obfuscationCommand=obfuscationCommand)
return code return code
elif language == 'python': elif language == 'python':

6
lib/powershell/Invoke-Obfuscation/Out-ObfuscatedTokenCommand.ps1
View File

@ -118,7 +118,7 @@ http://www.danielbohannon.com
# 'RandomWhitespace' will be manually added last for reasons defined below. # 'RandomWhitespace' will be manually added last for reasons defined below.
$ObfuscationChoices = @() $ObfuscationChoices = @()
$ObfuscationChoices += 'Member' $ObfuscationChoices += 'Member'
# $ObfuscationChoices += 'Command' $ObfuscationChoices += 'Command'
$ObfuscationChoices += 'CommandArgument' $ObfuscationChoices += 'CommandArgument'
$ObfuscationChoices += 'Variable' $ObfuscationChoices += 'Variable'
$ObfuscationChoices += 'Type' $ObfuscationChoices += 'Type'
@ -257,8 +257,8 @@ http://www.danielbohannon.com
$Counter-- $Counter--
# Set valid obfuscation levels for current token type. # Set valid obfuscation levels for current token type.
# $ValidObfuscationLevels = @(0,1,2,3,4) $ValidObfuscationLevels = @(0,1,2,3,4)
$ValidObfuscationLevels = @(0,1,2)
# If invalid obfuscation level is passed to this function then default to highest obfuscation level available for current token type. # If invalid obfuscation level is passed to this function then default to highest obfuscation level available for current token type.
If($ValidObfuscationLevels -NotContains $ObfuscationLevel) {$ObfuscationLevel = $ValidObfuscationLevels | Sort-Object -Descending | Select-Object -First 1} If($ValidObfuscationLevels -NotContains $ObfuscationLevel) {$ObfuscationLevel = $ValidObfuscationLevels | Sort-Object -Descending | Select-Object -First 1}