Skip to content

Commit

Permalink
Remove usages of deprecated listener and credential functions (BC-SEC…
Browse files Browse the repository at this point in the history 
…URITY#732)

* remove usages of deprecated listener function

* remove usages of deprecated credential functions

* changelog, update imports, add typehinting

* remove usages of deprecated agent functions
  • Loading branch information
@vinnybod
vinnybod authored Nov 20, 2023
1 parent 6fad4f9 commit 45ff7d1
Show file tree
Hide file tree
Showing 112 changed files with 509 additions and 373 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Upgrade Pydantic to v2 (@Vinnybod)
- Update common FastAPI Dependencies to use 'Annotated' types for simpler code (@Vinnybod)
- Simplify TestClient setup (@Vinnybod)
- Removed usages of deprecated `Credentials` and `Listeners` functions (@Vinnybod)
- Remove usages of deprecated `Agents` functions (@Vinnybod)
- Add typehinting for `MainMenu` object in modules (@Vinnybod)

### Removed

Expand Down
2 changes: 1 addition & 1 deletion empire/server/core/credential_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def get_all(
return query.all()

@staticmethod
def get_by_id(db: Session, uid: int):
def get_by_id(db: Session, uid: int) -> models.Credential | None:
return db.query(models.Credential).filter(models.Credential.id == uid).first()

@staticmethod
Expand Down
18 changes: 9 additions & 9 deletions empire/server/data/misc/inactive_modules/redirector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ def __init__(self, mainMenu):
'Background' : False,

'OutputExtension' : None,

'NeedsAdmin' : True,

'OpsecSafe' : True,

'Language' : 'powershell',

'MinLanguageVersion' : '2',

'Comments': []
}

Expand Down Expand Up @@ -81,7 +81,7 @@ def __init__(self, mainMenu):
self.mainMenu = mainMenu

def generate(self, obfuscate=False, obfuscation_command=""):

script = """
function Invoke-Redirector {
param($ListenPort, $ConnectHost, [switch]$Reset, [switch]$ShowAll)
Expand Down Expand Up @@ -111,7 +111,7 @@ def generate(self, obfuscate=False, obfuscation_command=""):
else{
$ConnectAddress = ""
$ConnectPort = ""
$parts = $ConnectHost -split(":")
if($parts.Length -eq 2){
# if the form is http[s]://HOST or HOST:PORT
Expand All @@ -135,7 +135,7 @@ def generate(self, obfuscate=False, obfuscation_command=""):
$ConnectPort = $parts[2]
}
if($ConnectPort -ne ""){
$out = netsh interface portproxy add v4tov4 listenport=$ListenPort connectaddress=$ConnectAddress connectport=$ConnectPort protocol=tcp
if($out){
$out
Expand All @@ -151,14 +151,14 @@ def generate(self, obfuscate=False, obfuscation_command=""):
}
}
Invoke-Redirector"""

addAsListener = False
listenerName = False

for option,values in self.options.items():
if option.lower() == "listener" and values['Value'] != '':
# extract out all options from a listener if one is set
if not self.mainMenu.listeners.is_listener_valid(values['Value']):
if not self.mainMenu.listenersv2.get_active_listener_by_name(values['Value']):
print(helpers.color("[!] Invalid listener set"))
return ""
else:
Expand All @@ -178,7 +178,7 @@ def generate(self, obfuscate=False, obfuscation_command=""):
# if we're just adding a switch
script += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
script += " -" + str(option) + " " + str(values['Value'])
if addAsListener:
if listenerName:
# if we're add this as a pivot listener
Expand Down
146 changes: 72 additions & 74 deletions empire/server/listeners/port_forward_pivot.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -704,10 +704,10 @@ def start(self, name=""):
return False

# validate that the Listener does exist
if self.mainMenu.listeners.is_listener_valid(listenerName):
if self.mainMenu.listenersv2.get_active_listener_by_name(listenerName):
# check if a listener for the agent already exists

if self.mainMenu.listeners.is_listener_valid(
if self.mainMenu.listenersv2.get_active_listener_by_name(
tempOptions["Name"]["Value"]
):
log.error(
Expand Down Expand Up @@ -862,93 +862,91 @@ def shutdown(self, name=""):
self.instance_log.info(f"{name}: shutting down...")
log.info(f"{name}: shutting down...")

sessionID = self.mainMenu.agents.get_agent_id_db(name)
isElevated = self.mainMenu.agents.is_agent_elevated(sessionID)
if self.mainMenu.agents.is_agent_present(sessionID) and isElevated:
if self.mainMenu.agents.get_language_db(sessionID).startswith("po"):
script = """
function Invoke-Redirector {
param($FirewallName, $ListenAddress, $ListenPort, $ConnectHost, [switch]$Reset, [switch]$ShowAll)
if($ShowAll){
$out = netsh interface portproxy show all
if($out){
$out
}
else{
"[*] no redirectors currently configured"
}
}
elseif($Reset){
Netsh.exe advfirewall firewall del rule name="$FirewallName"
$out = netsh interface portproxy reset
if($out){
$out
}
else{
"[+] successfully removed all redirectors"
with SessionLocal() as db:
agent = self.mainMenu.agentsv2.get_by_name(db, name)

if not agent:
log.error("Agent is not present in the cache or not elevated")
return

if agent.high_integrity:
if agent.language.startswith("po"):
script = """
function Invoke-Redirector {
param($FirewallName, $ListenAddress, $ListenPort, $ConnectHost, [switch]$Reset, [switch]$ShowAll)
if($ShowAll){
$out = netsh interface portproxy show all
if($out){
$out
}
else{
"[*] no redirectors currently configured"
}
}
}
else{
if((-not $ListenPort)){
"[!] netsh error: required option not specified"
elseif($Reset){
Netsh.exe advfirewall firewall del rule name="$FirewallName"
$out = netsh interface portproxy reset
if($out){
$out
}
else{
"[+] successfully removed all redirectors"
}
}
else{
$ConnectAddress = ""
$ConnectPort = ""
$parts = $ConnectHost -split(":")
if($parts.Length -eq 2){
# if the form is http[s]://HOST or HOST:PORT
if($parts[0].StartsWith("http")){
$ConnectAddress = $parts[1] -replace "//",""
if($parts[0] -eq "https"){
$ConnectPort = "443"
if((-not $ListenPort)){
"[!] netsh error: required option not specified"
}
else{
$ConnectAddress = ""
$ConnectPort = ""
$parts = $ConnectHost -split(":")
if($parts.Length -eq 2){
# if the form is http[s]://HOST or HOST:PORT
if($parts[0].StartsWith("http")){
$ConnectAddress = $parts[1] -replace "//",""
if($parts[0] -eq "https"){
$ConnectPort = "443"
}
else{
$ConnectPort = "80"
}
}
else{
$ConnectPort = "80"
$ConnectAddress = $parts[0]
$ConnectPort = $parts[1]
}
}
else{
$ConnectAddress = $parts[0]
$ConnectPort = $parts[1]
elseif($parts.Length -eq 3){
# if the form is http[s]://HOST:PORT
$ConnectAddress = $parts[1] -replace "//",""
$ConnectPort = $parts[2]
}
}
elseif($parts.Length -eq 3){
# if the form is http[s]://HOST:PORT
$ConnectAddress = $parts[1] -replace "//",""
$ConnectPort = $parts[2]
}
if($ConnectPort -ne ""){
Netsh.exe advfirewall firewall add rule name=`"$FirewallName`" dir=in action=allow protocol=TCP localport=$ListenPort enable=yes
$out = netsh interface portproxy add v4tov4 listenaddress=$ListenAddress listenport=$ListenPort connectaddress=$ConnectAddress connectport=$ConnectPort protocol=tcp
if($out){
$out
if($ConnectPort -ne ""){
Netsh.exe advfirewall firewall add rule name=`"$FirewallName`" dir=in action=allow protocol=TCP localport=$ListenPort enable=yes
$out = netsh interface portproxy add v4tov4 listenaddress=$ListenAddress listenport=$ListenPort connectaddress=$ConnectAddress connectport=$ConnectPort protocol=tcp
if($out){
$out
}
else{
"[+] successfully added redirector on port $ListenPort to $ConnectHost"
}
}
else{
"[+] successfully added redirector on port $ListenPort to $ConnectHost"
"[!] netsh error: host not in http[s]://HOST:[PORT] format"
}
}
else{
"[!] netsh error: host not in http[s]://HOST:[PORT] format"
}
}
}
}
Invoke-Redirector"""
Invoke-Redirector"""

script += " -Reset"
script += " -FirewallName %s" % (sessionID)
script += " -Reset"
script += f" -FirewallName {agent.session_id}"

with SessionLocal.begin() as db:
agent = self.mainMenu.agentsv2.get_by_id(db, sessionID)
self.mainMenu.agenttasksv2.create_task_shell(db, agent, script)
msg = "Tasked agent to uninstall Pivot listener "
self.mainMenu.agents.save_agent_log(sessionID, msg)

elif self.mainMenu.agents.get_language_db(sessionID).startswith("py"):
log.error("Shutdown not implemented for python")

else:
log.error("Agent is not present in the cache or not elevated")
msg = "Tasked agent to uninstall Pivot listener "
self.mainMenu.agents.save_agent_log(agent.session_id, msg)

pass
elif agent.language.startswith("py"):
log.error("Shutdown not implemented for python")
26 changes: 13 additions & 13 deletions empire/server/listeners/smb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,20 +423,20 @@ def start(self, name=""):
"""
try:
tempOptions = copy.deepcopy(self.options)
sessionID = self.mainMenu.agents.get_agent_id_db(
self.options["Agent"]["Value"]
)

if self.mainMenu.agents.is_agent_present(sessionID):
with SessionLocal.begin() as db:
agent = self.mainMenu.agentsv2.get_by_id(
db, self.options["Agent"]["Value"]
)
self.mainMenu.agenttasksv2.create_task_smb(
db, agent, name + "|" + self.options["PipeName"]["Value"]
)
self.parent_agent = agent.session_id
parent_listener_name = agent.listener
with SessionLocal() as db:
agent = self.mainMenu.agentsv2.get_by_id(
db, self.options["Agent"]["Value"]
)

if not agent:
return

self.mainMenu.agenttasksv2.create_task_smb(
db, agent, name + "|" + self.options["PipeName"]["Value"]
)
self.parent_agent = agent.session_id
parent_listener_name = agent.listener

log.info(
f"{self.options['Agent']['Value']}: SMB pivot server task request send to agent"
Expand Down
3 changes: 2 additions & 1 deletion empire/server/modules/csharp/Assembly.Covenant.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import yaml

from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule


class Module:
@staticmethod
def generate(
main_menu,
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
Expand Down
3 changes: 2 additions & 1 deletion empire/server/modules/csharp/AssemblyReflect.Covenant.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import yaml

from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule


class Module:
@staticmethod
def generate(
main_menu,
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
Expand Down
3 changes: 2 additions & 1 deletion empire/server/modules/csharp/Inject_BOF.Covenant.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import yaml

from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule


class Module:
@staticmethod
def generate(
main_menu,
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
Expand Down
5 changes: 3 additions & 2 deletions empire/server/modules/csharp/ProcessInjection.Covenant.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,15 @@
import yaml

from empire.server.common import helpers
from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule
from empire.server.utils.module_util import handle_error_message


class Module:
@staticmethod
def generate(
main_menu,
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
Expand All @@ -31,7 +32,7 @@ def generate(
arch = params["Architecture"]
launcher_obfuscation = params["Obfuscate"]

if not main_menu.listeners.is_listener_valid(listener_name):
if not main_menu.listenersv2.get_active_listener_by_name(listener_name):
# not a valid listener, return nothing for the script
return handle_error_message("[!] Invalid listener: " + listener_name)

Expand Down
3 changes: 2 additions & 1 deletion empire/server/modules/csharp/Shellcode.Covenant.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import yaml

from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule


class Module:
@staticmethod
def generate(
main_menu,
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
Expand Down
Loading

0 comments on commit 45ff7d1

Please sign in to comment.