infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/PowerShellEmpire/Empire

1.6
Harmj0y 2015-08-29 20:35:10 -04:00
parent c021bdf6f3 bf72039053
commit 40fda2dd04
2 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
data/agent/agent.ps1
View File

@ -523,7 +523,8 @@ function Invoke-Empire {
$AES.Key = $encoding.GetBytes($SessionKey);
$AES.IV = $IV;
$ciphertext = $IV + ($AES.CreateEncryptor()).TransformFinalBlock($bytes, 0, $bytes.Length);
$hmac = New-Object System.Security.Cryptography.HMACMD5;
# append the MAC
$hmac = New-Object System.Security.Cryptography.HMACSHA1;
$hmac.Key = $encoding.GetBytes($SessionKey);
$ciphertext + $hmac.ComputeHash($ciphertext);
}
@ -532,9 +533,9 @@ function Invoke-Empire {
param ($inBytes)
if($inBytes.Length -gt 32){
# Verify the MAC
$mac = $inBytes[-16..-1];
$inBytes = $inBytes[0..($inBytes.length - 17)];
$hmac = New-Object System.Security.Cryptography.HMACMD5;
$mac = $inBytes[-20..-1];
$inBytes = $inBytes[0..($inBytes.length - 21)];
$hmac = New-Object System.Security.Cryptography.HMACSHA1;
$hmac.Key = $encoding.GetBytes($SessionKey);
$expected = $hmac.ComputeHash($inBytes);
if (@(Compare-Object $mac $expected -sync 0).Length -ne 0){

12
lib/common/encryption.py
View File

@ -76,7 +76,7 @@ def aes_encrypt_then_mac(key, data):
Encrypt the data then calculate HMAC over the ciphertext.
"""
data = aes_encrypt(key, data)
mac = hmac.new(str(key), data, hashlib.md5).digest()
mac = hmac.new(str(key), data, hashlib.sha1).digest()
return data + mac
@ -95,10 +95,10 @@ def verify_hmac(key, data):
"""
Verify the HMAC supplied in the data with the given key.
"""
if len(data) > 16:
mac = data[-16:]
data = data[:-16]
expected = hmac.new(str(key), data, hashlib.md5).digest()
if len(data) > 20:
mac = data[-20:]
data = data[:-20]
expected = hmac.new(str(key), data, hashlib.sha1).digest()
# Double HMAC to prevent timing attacks. hmac.compare_digest() is
# preferable, but only available since Python 2.7.7.
return hmac.new(str(key), expected).digest() == hmac.new(str(key), mac).digest()
@ -111,7 +111,7 @@ def aes_decrypt_and_verify(key, data):
Decrypt the data, but only if it has a valid MAC.
"""
if len(data) > 32 and verify_hmac(key, data):
return aes_decrypt(key, data[:-16])
return aes_decrypt(key, data[:-20])
raise Exception("Invalid ciphertext received.")