diff --git a/changelog b/changelog index 97b7ca7..91a08ac 100644 --- a/changelog +++ b/changelog @@ -2,6 +2,8 @@ --------- -Added collection/netripper, port of the NetRipper project -Added collection/packet_capture for netsh event tracing +-Added management/zipfolder for native folder compression +-Corrected menu behavior on agent exit, bug fix on some dir behavior ============ 8/16/2015 - RELEASE 1.1 diff --git a/data/agent/agent.ps1 b/data/agent/agent.ps1 index 82ec8f6..9119d80 100644 --- a/data/agent/agent.ps1 +++ b/data/agent/agent.ps1 @@ -267,7 +267,12 @@ function Invoke-Empire { } else { try{ - $output = Get-ChildItem -force -path "FileSystem::$cmdargs" -ErrorAction Stop | select lastwritetime,length,name + if ($cmdargs.StartsWith("\\")) { + $output = Get-ChildItem -force -path "FileSystem::$cmdargs" -ErrorAction Stop | select lastwritetime,length,name + } + else { + $output = Get-ChildItem -force -path "$cmdargs" -ErrorAction Stop | select lastwritetime,length,name + } } catch [System.Management.Automation.ActionPreferenceStopException]{ $output = "[!] Error: $_ (or cannot be accessed)." diff --git a/lib/common/empire.py b/lib/common/empire.py index b03724a..7ad9263 100644 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -1247,8 +1247,8 @@ class AgentMenu(cmd.Cmd): self.mainMenu.agents.add_agent_task(self.sessionID, "TASK_EXIT") # update the agent log self.mainMenu.agents.save_agent_log(self.sessionID, "Tasked agent to exit") - a = AgentsMenu(self.mainMenu) - a.cmdloop() + return True + except KeyboardInterrupt as e: print "" diff --git a/lib/modules/management/zipfolder.py b/lib/modules/management/zipfolder.py new file mode 100644 index 0000000..0aefe5b --- /dev/null +++ b/lib/modules/management/zipfolder.py @@ -0,0 +1,94 @@ +from lib.common import helpers + +class Module: + + def __init__(self, mainMenu, params=[]): + + self.info = { + 'Name': 'Invoke-ZipFolder', + + 'Author': ['@harmj0y'], + + 'Description': ('Zips up a target folder for later exfiltration.'), + + 'Background' : False, + + 'OutputExtension' : None, + + 'NeedsAdmin' : False, + + 'OpsecSafe' : True, + + 'MinPSVersion' : '2', + + 'Comments': [] + } + + # any options needed by the module, settable during runtime + self.options = { + # format: + # value_name : {description, required, default_value} + 'Agent' : { + 'Description' : 'Agent to run module on.', + 'Required' : True, + 'Value' : '' + }, + 'Folder' : { + 'Description' : 'Folder path to zip.', + 'Required' : True, + 'Value' : '' + }, + 'ZipFileName' : { + 'Description' : 'Zip name/path to create.', + 'Required' : True, + 'Value' : '' + } + } + + # save off a copy of the mainMenu object to access external functionality + # like listeners/agent handlers/etc. + self.mainMenu = mainMenu + + for param in params: + # parameter format is [Name, Value] + option, value = param + if option in self.options: + self.options[option]['Value'] = value + + + def generate(self): + + script = """ +function Invoke-ZipFolder +{ + param([string]$Folder, [string]$ZipFileName) + + if (-not (Test-Path $Folder)) { + "Target folder $Folder doesn't exist." + return + } + + if (test-path $ZipFileName) { + "Zip file already exists at $ZipFileName" + return + } + + $Directory = Get-Item $Folder + + Set-Content $ZipFileName ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18)) + (dir $ZipFileName).IsReadOnly = $false + + $ZipFileName = resolve-path $ZipFileName + + $ZipFile = (new-object -com shell.application).NameSpace($ZipFileName) + $ZipFile.CopyHere($Directory.FullName) + "Folder $Folder zipped to $ZipFileName" +} +Invoke-ZipFolder""" + + for option,values in self.options.iteritems(): + if option.lower() != "agent": + if values['Value'] and values['Value'] != '': + script += " -" + str(option) + " " + str(values['Value']) + + return script