From 11d1d83eae0947f59c1a3afb874a1cfd1736972a Mon Sep 17 00:00:00 2001 From: Joe <80632266+janit0rjoe@users.noreply.github.com> Date: Sun, 12 Jan 2025 22:59:29 +0100 Subject: [PATCH 1/3] Fixing delay/jitter adjustment in python agent (#764) (#765) --- CHANGELOG.md | 2 ++ empire/server/core/agent_task_service.py | 2 +- empire/server/data/agent/agent.py | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 992fa877d..ccb3976fc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +- Fix delay/jitter adjustment in python agent (@janit0rjoe) + ## [5.12.1] - 2025-01-08 ### Fixed diff --git a/empire/server/core/agent_task_service.py b/empire/server/core/agent_task_service.py index 4e2ac6e00..e6df66770 100644 --- a/empire/server/core/agent_task_service.py +++ b/empire/server/core/agent_task_service.py @@ -270,7 +270,7 @@ def create_task_update_sleep( db, agent, "TASK_CMD_WAIT", - f"global delay; global jitter; delay={delay}; jitter={jitter}; print('delay/jitter set to {delay}/{jitter}')", + f"global agent; agent.delay={delay}; agent.jitter={jitter}; print('delay/jitter set to {delay}/{jitter}')", user_id=user_id, ) if agent.language == "csharp": diff --git a/empire/server/data/agent/agent.py b/empire/server/data/agent/agent.py index b420a3646..8ed833f81 100644 --- a/empire/server/data/agent/agent.py +++ b/empire/server/data/agent/agent.py @@ -621,6 +621,7 @@ def dynamic_code_execute_wait_nosave(self, data, result_id): Task 100 """ try: + globals().update({'agent':self}) buffer = StringIO() sys.stdout = buffer code_obj = compile(data, "", "exec") From 3ff1427befc7cf2840e6a3b198b73b66bb89ef05 Mon Sep 17 00:00:00 2001 From: Anthony Rose <20302208+Cx01N@users.noreply.github.com> Date: Sun, 12 Jan 2025 17:00:53 -0500 Subject: [PATCH 2/3] Fixed C# exe failing generation when set to PowerShell (#767) --- CHANGELOG.md | 3 ++ .../Data/EmbeddedResources/launcher.txt | 0 empire/server/server.py | 4 ++ empire/server/stagers/CSharpPS.yaml | 43 +++++++++---------- empire/server/utils/file_util.py | 13 ++++++ 5 files changed, 41 insertions(+), 22 deletions(-) create mode 100644 empire/server/csharp/Covenant/Data/EmbeddedResources/launcher.txt diff --git a/CHANGELOG.md b/CHANGELOG.md index ccb3976fc..20dbd09ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed + +- Fixed issue with C# exe and shellcode not compiling PowerShell stagers - Fix delay/jitter adjustment in python agent (@janit0rjoe) ## [5.12.1] - 2025-01-08 diff --git a/empire/server/csharp/Covenant/Data/EmbeddedResources/launcher.txt b/empire/server/csharp/Covenant/Data/EmbeddedResources/launcher.txt new file mode 100644 index 000000000..e69de29bb diff --git a/empire/server/server.py b/empire/server/server.py index 01287e692..5b6337067 100755 --- a/empire/server/server.py +++ b/empire/server/server.py @@ -86,6 +86,10 @@ def reset(): f"{CSHARP_DIR_BASE}/Data/Tasks/CSharp/Compiled/netcoreapp3.0" ) + file_util.clear_file_contents( + f"{CSHARP_DIR_BASE}/Data/EmbeddedResources/launcher.txt" + ) + if os.path.exists(empire_config.starkiller.directory): shutil.rmtree(empire_config.starkiller.directory) diff --git a/empire/server/stagers/CSharpPS.yaml b/empire/server/stagers/CSharpPS.yaml index 6c456396b..18492bed8 100644 --- a/empire/server/stagers/CSharpPS.yaml +++ b/empire/server/stagers/CSharpPS.yaml @@ -20,35 +20,34 @@ using System.Management.Automation.Runspaces; using System.IO; using System.Reflection; - + public static class Program { - public static void Main(string[] args) - { - - PowerShell ps = PowerShell.Create(); + public static void Main(string[] args) + { - try - { - var assembly = Assembly.GetExecutingAssembly(); - var resourceName = "launcher.txt"; + PowerShell ps = PowerShell.Create(); - string[] names = assembly.GetManifestResourceNames(); + try + { + var assembly = Assembly.GetExecutingAssembly(); + var resourceName = "launcher.txt"; - using (StreamReader reader = new StreamReader(assembly.GetManifestResourceStream(resourceName))) - { - string script = reader.ReadToEnd(); - ps.AddScript(script); - } - ps.Invoke(); - - } - catch (Exception e) - { - Console.WriteLine("Error: " + e.Message.ToString()); - } + string[] names = assembly.GetManifestResourceNames(); + using (StreamReader reader = new StreamReader(assembly.GetManifestResourceStream(resourceName))) + { + string script = reader.ReadToEnd(); + ps.AddScript(script); } + ps.Invoke(); + + } + catch (Exception e) + { + Console.WriteLine("Error: " + e.Message.ToString()); + } + } } TaskingType: Assembly UnsafeCompile: false diff --git a/empire/server/utils/file_util.py b/empire/server/utils/file_util.py index b50cfd309..d8b01df98 100644 --- a/empire/server/utils/file_util.py +++ b/empire/server/utils/file_util.py @@ -28,6 +28,19 @@ def remove_file(path: str) -> None: os.remove(path) +def clear_file_contents(path: str) -> None: + """ + Clears the contents of a file without deleting it. + If the file doesn't exist, it creates an empty file. + """ + try: + with open(path, "w"): + pass + log.debug(f"Cleared contents of the file: {path}") + except Exception as e: + log.error(f"Failed to clear file contents for {path}: {e}", exc_info=True) + + def run_as_user(command, user=None, cwd=None): """ Runs a command as a specified user or the user who invoked sudo. From 8f307aae6b8f2777a5146e45a98f0541980b4667 Mon Sep 17 00:00:00 2001 From: Vince Rose Date: Sun, 12 Jan 2025 15:26:20 -0700 Subject: [PATCH 3/3] manual 5.12.2 bump --- CHANGELOG.md | 6 +++++- empire/server/common/empire.py | 2 +- pyproject.toml | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20dbd09ff..7ffbc42b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [v5.12.2] - 2025-01-12 + ### Fixed - Fixed issue with C# exe and shellcode not compiling PowerShell stagers @@ -950,7 +952,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Updated shellcoderdi to newest version (@Cx01N) - Added a Nim launcher (@Hubbl3) -[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.12.1...HEAD +[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.12.2...HEAD + +[5.12.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.12.1...v5.12.2 [5.12.1]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.12.0...v5.12.1 diff --git a/empire/server/common/empire.py b/empire/server/common/empire.py index e070f7ba5..77c15ee47 100755 --- a/empire/server/common/empire.py +++ b/empire/server/common/empire.py @@ -38,7 +38,7 @@ from . import agents, credentials, listeners, stagers -VERSION = "5.12.1 BC Security Fork" +VERSION = "5.12.2 BC Security Fork" log = logging.getLogger(__name__) diff --git a/pyproject.toml b/pyproject.toml index 24120f1ec..8a4e5dd68 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "empire-bc-security-fork" -version = "5.12.1" +version = "5.12.2" description = "" authors = ["BC Security "] readme = "README.md"