search

BC-SECURITY / Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
https://bc-security.gitbook.io/empire-wiki/
BSD 3-Clause "New" or "Revised" License
4.21k stars 575 forks source link

[BUG] Keyword Obfuscation Not Working on windows_generate_agent #671

Closed Arszilla closed 1 year ago

Arszilla commented 1 year ago

Empire Version

OS Information (Linux flavor, Python version)

Describe the bug

Despite having Keyword Obfuscation configured on Empire (via Starkiller Web UI), the obfuscation does not apply to windows_generate_agent file.

To Reproduce

Steps to reproduce the behavior:

  1. Create any listener. I used http.
  2. Create a windows_generate_agent stager.
  3. Generate stager
  4. Observe that the stager does not have Invoke-Empire substituted with whatever was placed for Invoke-Empire in Keyword Obfuscation

Expected behavior

windows_generate_agent to obfuscate keywords declared in Keyword Obfuscation

Screenshots

N/A

Additional context

N/A

Cx01N commented 1 year ago

Should be resolved with this fix: https://github.com/BC-SECURITY/Empire-Sponsors/pull/645