Merge pull request #579 from BC-SECURITY/release/v4.5.5

v4.5.5 into master
BC-SECURITY · May 7, 2022 · c011f68 · c011f68
2 parents 542536d + ebcca60
commit c011f68
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.5.5] - 2022-05-07
+
+-   Fixed http bug in malleable, http-com, and onedrive listeners (@Cx01N)
+-   Updated jq to 1.2.2 to avoid install errors (@Cx01N)
+
 ## [4.5.4] - 2022-04-26
 
 -   Fixed typo from 4.5.3 with the bypass database model (@Vinnybod)
@@ -239,7 +244,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v4.5.4...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v4.5.5...HEAD
+
+[4.5.5]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v4.5.4...v4.5.5
 
 [4.5.4]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v4.5.3...v4.5.4
 

diff --git a/empire/server/common/empire.py b/empire/server/common/empire.py
@@ -46,7 +46,7 @@
 )
 from .events import log_event
 
-VERSION = "4.5.4 BC Security Fork"
+VERSION = "4.5.5 BC Security Fork"
 
 
 class MainMenu(cmd.Cmd):

diff --git a/empire/server/listeners/http_com.py b/empire/server/listeners/http_com.py
@@ -653,7 +653,7 @@ def start_server(self, listenerOptions):
         stagingKey = listenerOptions["StagingKey"]["Value"]
 
         self.template_dir = self.mainMenu.installPath + "/data/listeners/templates/"
-        app = Flask(__name__, template_folder=template_dir)
+        app = Flask(__name__, template_folder=self.template_dir)
         self.app = app
 
         # Set HTTP/1.1 as in IIS 7.5 instead of /1.0

diff --git a/empire/server/listeners/http_malleable.py b/empire/server/listeners/http_malleable.py
@@ -1386,7 +1386,7 @@ def start_server(self, listenerOptions):
 
         # initialize flask server
         self.template_dir = self.mainMenu.installPath + "/data/listeners/templates/"
-        app = Flask(__name__, template_folder=template_dir)
+        app = Flask(__name__, template_folder=self.template_dir)
         self.app = app
 
         @app.route("/", methods=["GET", "POST"])

diff --git a/empire/server/listeners/onedrive.py b/empire/server/listeners/onedrive.py
@@ -407,7 +407,7 @@ def generate_comms(
         if language.lower() == "powershell":
             # Function to generate a WebClient object with the required headers
             token_manager = f"""
-    $Script:TokenObject = @{{token="%{token}";refresh="{refresh_token}";expires=(Get-Date).addSeconds(3480)}};
+    $Script:TokenObject = @{{token="{token}";refresh="{refresh_token}";expires=(Get-Date).addSeconds(3480)}};
     $script:GetWebClient = {{
         $wc = New-Object System.Net.WebClient
         $wc.Proxy = [System.Net.WebRequest]::GetSystemWebProxy();
@@ -480,7 +480,7 @@ def generate_comms(
         try {{
             $wc = (& $GetWebClient)
 
-            $TaskingsFolder = "{base_folder}/{results_folder}"
+            $TaskingsFolder = "{base_folder}/{taskings_folder}"
 
             #If we haven't sent a message recently...
             if($script:lastseen.addseconds($script:AgentDelay * 2) -lt (get-date)) {{

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "empire-bc-security-fork"
-version = "4.5.4"
+version = "4.5.5"
 description = ""
 authors = ["BC Security <[email protected]>"]
 readme = "README.md"