Merge recent commits from upstream into fork

Author: root

data/agent/agent.ps1

@@ -441,8 +441,6 @@ function Invoke-Empire {
         param($JobName)
         if($Script:Jobs.ContainsKey($JobName)) {
             $Script:Jobs[$JobName]['Buffer'].ReadAll()
-            $Script:Jobs[$JobName]['PSHost'].Streams.Error
-            $Script:Jobs[$JobName]['PSHost'].Streams.Error.Clear()
         }
     }
 
@@ -455,8 +453,6 @@ function Invoke-Empire {
             $Null = $Script:Jobs[$JobName]['PSHost'].Stop()
             # get results
             $Script:Jobs[$JobName]['Buffer'].ReadAll()
-            $Script:Jobs[$JobName]['PSHost'].Streams.Error
-            $Script:Jobs[$JobName]['PSHost'].Streams.Error.Clear()
             # unload the app domain runner
             $Null = [AppDomain]::Unload($Script:Jobs[$JobName]['AppDomain'])
             $Script:Jobs.Remove($JobName)

lib/common/agents.py

@@ -352,7 +352,8 @@ def save_module_file(self, sessionID, path, data):
                 os.makedirs(save_path)
 
             # save the file out
-            f = open(save_path + "/" + filename, 'w')
+            f = open(save_path + "/" + filename, 'wb')
+
             f.write(data)
             f.close()
         finally:
@@ -1659,13 +1660,11 @@ def handle_agent_response(self, sessionID, encData, update_lastseen=False):
             # process the packet and extract necessary data
             responsePackets = packets.parse_result_packets(packet)
             results = False
-
             # process each result packet
             for (responseName, totalPacket, packetNum, taskID, length, data) in responsePackets:
                 # process the agent's response
                 self.process_agent_packet(sessionID, responseName, taskID, data)
                 results = True
-
             if results:
                 # signal that this agent returned results
                 message = "[*] Agent {} returned results.".format(sessionID)
@@ -1771,7 +1770,6 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
                 })
                 dispatcher.send(signal, sender="agents/{}".format(sessionID))
             else:
-                print("sysinfo:", data)
                 # extract appropriate system information
                 listener = parts[1]
                 domainname = parts[2]
@@ -1838,6 +1836,9 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
 
         elif responseName == "TASK_DOWNLOAD":
             # file download
+            if isinstance(data, bytes):
+                data = data.decode('UTF-8')
+
             parts = data.split("|")
             if len(parts) != 3:
                 message = "[!] Received invalid file download response from {}".format(sessionID)
@@ -1849,7 +1850,7 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
             else:
                 index, path, data = parts
                 # decode the file data and save it off as appropriate
-                file_data = helpers.decode_base64(data)
+                file_data = helpers.decode_base64(data.encode('UTF-8'))
                 name = self.get_agent_name_db(sessionID)
 
                 if index == "0":
@@ -1922,12 +1923,13 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
 
 
         elif responseName == "TASK_CMD_WAIT_SAVE":
+
             # dynamic script output -> blocking, save data
             name = self.get_agent_name_db(sessionID)
 
             # extract the file save prefix and extension
-            prefix = data[0:15].strip()
-            extension = data[15:20].strip()
+            prefix = data[0:15].strip().decode('UTF-8')
+            extension = data[15:20].strip().decode('UTF-8')
             file_data = helpers.decode_base64(data[20:])
 
             # save the file off to the appropriate path
@@ -1955,6 +1957,8 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
                     return
 
                 with open(savePath,"a+") as f:
+                    if isinstance(data, bytes):
+                        data = data.decode('UTF-8')
                     new_results = data.replace("\r\n","").replace("[SpaceBar]", "").replace('\b', '').replace("[Shift]", "").replace("[Enter]\r","\r\n")
                     f.write(new_results)
             else:

setup/install.sh

@@ -11,8 +11,26 @@ function install_powershell() {
 		brew tap caskroom/cask
 		brew cask install powershell
 	else
+		# Deb 10.x
+		if cat /etc/debian_version | grep 10.* ; then
+			sudo apt-get install -y apt-transport-https curl
+			curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
+			sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/microsoft.list'
+
+			mkdir /tmp/pwshtmp
+			(cd /tmp/pwshtmp && \
+				wget http://http.us.debian.org/debian/pool/main/i/icu/libicu57_57.1-6+deb9u3_amd64.deb && \
+				wget http://http.us.debian.org/debian/pool/main/u/ust/liblttng-ust0_2.9.0-2+deb9u1_amd64.deb && \
+				wget http://http.us.debian.org/debian/pool/main/libu/liburcu/liburcu4_0.9.3-1_amd64.deb && \
+				wget http://http.us.debian.org/debian/pool/main/u/ust/liblttng-ust-ctl2_2.9.0-2+deb9u1_amd64.deb && \
+				wget http://security.debian.org/debian-security/pool/updates/main/o/openssl1.0/libssl1.0.2_1.0.2t-1~deb9u1_amd64.deb && \
+				sudo dpkg -i *.deb)
+			rm -rf /tmp/pwshtmp
+
+			sudo apt-get update 
+			sudo apt-get install -y powershell 
 		# Deb 9.x
-		if cat /etc/debian_version | grep 9.* ; then
+		elif cat /etc/debian_version | grep 9.* ; then
 			# Install system components
 			sudo apt-get install -y apt-transport-https curl
 			# Import the public repository GPG keys
@@ -36,7 +54,7 @@ function install_powershell() {
 			# Install PowerShell
 			sudo apt-get install -y powershell
 		#Ubuntu
-        elif lsb_release -d | grep -q "Ubuntu"; then
+		elif lsb_release -d | grep -q "Ubuntu"; then
 			# Read Ubuntu version
 			local ubuntu_version=$( grep 'DISTRIB_RELEASE=' /etc/lsb-release | grep -o -E [[:digit:]]+\\.[[:digit:]]+ )
 			# Install system components
@@ -50,7 +68,7 @@ function install_powershell() {
 			# Install PowerShell
 			sudo apt-get install -y powershell
 		#Kali Linux
-		elif cat /etc/lsb-release | grep -i 'Kali'; then
+		elif lsb_release -d | grep -q "Kali"; then
 			# Install prerequisites
 			apt-get install -y curl gnupg apt-transport-https
 			# Import the public repository GPG keys
@@ -59,15 +77,15 @@ function install_powershell() {
 			sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/microsoft.list'
 			# Update the list of products
 			apt-get update
-            wget http://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu57_57.1-6_amd64.deb
-            dpkg -i libicu57_57.1-6_amd64.deb
+			wget http://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu57_57.1-6_amd64.deb
+			dpkg -i libicu57_57.1-6_amd64.deb
 			# Install PowerShell
 			apt-get install -y powershell
 		fi
-	 fi
-        if ls /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY; then
-            rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY
-        fi
+	fi
+	if ls /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY; then
+			rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY
+	fi
 	mkdir -p /usr/local/share/powershell/Modules
 	cp -r ../lib/powershell/Invoke-Obfuscation /usr/local/share/powershell/Modules
 }
@@ -80,11 +98,11 @@ IFS='/' read -a array <<< pwd
 
 if [[ "$(pwd)" != *setup ]]
 then
-    cd ./setup
+	cd ./setup
 fi
 
 if uname | grep -q "Darwin"; then
-    Xar_version="xar-1.5.2"
+	Xar_version="xar-1.5.2"
 	install_powershell
 	sudo pip install -r requirements.txt --global-option=build_ext \
 		--global-option="-L/usr/local/opt/openssl/lib" \
@@ -97,43 +115,43 @@ else
 	version=$( lsb_release -r | grep -oP "[0-9]+" | head -1 )
 	if lsb_release -d | grep -q "Fedora"; then
 		Release=Fedora
-        Xar_version="xar-1.5.2"
+		Xar_version="xar-1.5.2"
 		sudo dnf install -y make automake gcc gcc-c++  python-devel m2crypto python-m2ext swig libxml2-devel java-openjdk-headless openssl-devel openssl libffi-devel redhat-rpm-config
 		sudo pip install -r requirements.txt
 	elif lsb_release -d | grep -q "Kali"; then
 		Release=Kali
-        Xar_version="xar-1.6.1"
+		Xar_version="xar-1.6.1"
 		apt-get update
 		sudo apt-get install -y make g++ python-dev python-m2crypto swig python-pip libxml2-dev default-jdk zlib1g-dev libssl1.1 build-essential libssl-dev libxml2-dev zlib1g-dev
 		sudo pip install -r requirements.txt
 		install_powershell
 	elif lsb_release -d | grep -q "Ubuntu"; then
 		Release=Ubuntu
 		sudo apt-get update
-        if [ $(lsb_release -rs | cut -d "." -f 1) -ge 18 ]; then
-            LibSSL_pkgs="libssl1.1 libssl-dev"
-            Pip_file="requirements.txt"
-            Xar_version="xar-1.6.1"
-        else
-            LibSSL_pkgs="libssl1.0.0 libssl-dev"
-            Pip_file="requirements_libssl1.0.txt"
-            Xar_version="xar-1.5.2"
-        fi
+		if [ $(lsb_release -rs | cut -d "." -f 1) -ge 18 ]; then
+				LibSSL_pkgs="libssl1.1 libssl-dev"
+				Pip_file="requirements.txt"
+				Xar_version="xar-1.6.1"
+		else
+				LibSSL_pkgs="libssl1.0.0 libssl-dev"
+				Pip_file="requirements_libssl1.0.txt"
+				Xar_version="xar-1.5.2"
+		fi
 		sudo apt-get install -y make g++ python-dev python-m2crypto swig python-pip libxml2-dev default-jdk $LibSSL_pkgs build-essential
 		sudo pip install -r $Pip_file
 		install_powershell
 	else
 		echo "Unknown distro - Debian/Ubuntu Fallback"
 		sudo apt-get update
-        if [ $(cut -d "." -f 1 /etc/debian_version) -ge 9 ]; then
-            LibSSL_pkgs="libssl1.1 libssl-dev"
-            Pip_file="requirements.txt"
-            Xar_version="xar-1.6.1"
-        else
-            LibSSL_pkgs="libssl1.0.0 libssl-dev"
-            Pip_file="requirements_libssl1.0.txt"
-            Xar_version="xar-1.5.2"
-        fi
+		if [ $(cut -d "." -f 1 /etc/debian_version) -ge 9 ]; then
+				LibSSL_pkgs="libssl1.1 libssl-dev"
+				Pip_file="requirements.txt"
+				Xar_version="xar-1.6.1"
+		else
+				LibSSL_pkgs="libssl1.0.0 libssl-dev"
+				Pip_file="requirements_libssl1.0.txt"
+				Xar_version="xar-1.5.2"
+		fi
 		sudo apt-get install -y make g++ python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev $LibSSL_pkgs build-essential
 		sudo pip install -r $Pip_file
 		install_powershell