Merge branch 'mr64bit-2.5-fixes' into dev

data/agent/agent.ps1

@@ -850,7 +850,7 @@ function Invoke-Empire {
 
                         if($EncodedPart) {
                             $data = "{0}|{1}|{2}" -f $Index, $path, $EncodedPart
-                            Send-Message -Packets $(Encode-Packet -type $type -data $($data) -ResultID $ResultID)
+                            (& $SendMessage -Packets $(Encode-Packet -type $type -data $($data) -ResultID $ResultID))
                             $Index += 1
 
                             # if there are more parts of the file, sleep for the specified interval

lib/common/agents.py

@@ -164,7 +164,8 @@ def add_agent(self, sessionID, externalIP, delay, jitter, profile, killDate, wor
             signal = json.dumps({
                 'print': True,
                 'message': message,
-                'timestamp': checkinTime
+                'timestamp': checkinTime,
+                'event_type': 'checkin'
             })
             dispatcher.send(signal, sender="agents/{}".format(sessionID))
 
@@ -294,7 +295,7 @@ def save_file(self, sessionID, path, data, append=False):
             self.lock.release()
 
         # notify everyone that the file was downloaded
-        message = "[+] Part of file %s from %s saved".format(filename, sessionID)
+        message = "[+] Part of file {} from {} saved".format(filename, sessionID)
         signal = json.dumps({
             'print': True,
             'message': message
@@ -1101,7 +1102,8 @@ def add_agent_task_db(self, sessionID, taskName, task=''):
                         'message': message,
                         'task_name': taskName,
                         'task_id': pk,
-                        'task': task
+                        'task': task,
+                        'event_type': 'task'
                     })
                     dispatcher.send(signal, sender="agents/{}".format(sessionID))
 
@@ -1241,7 +1243,7 @@ def handle_agent_staging(self, sessionID, language, meta, additional, encData, s
             # step 3 of negotiation -> client posts public key
             message = "[*] Agent {} from {} posted public key".format(sessionID, clientIP)
             signal = json.dumps({
-                'print': True,
+                'print': False,
                 'message': message
             })
             dispatcher.send(signal, sender="agents/{}".format(sessionID))
@@ -1280,7 +1282,7 @@ def handle_agent_staging(self, sessionID, language, meta, additional, encData, s
                     if rsaKey:
                         message = "[*] Agent {} from {} posted valid PowerShell RSA key".format(sessionID, clientIP)
                         signal = json.dumps({
-                            'print': True,
+                            'print': False,
                             'message': message
                         })
                         dispatcher.send(signal, sender="agents/{}".format(sessionID))
@@ -1716,7 +1718,8 @@ def process_agent_packet(self, sessionID, responseName, taskID, data):
                 'print': False,
                 'message': message,
                 'response_name': responseName,
-                'task_id': taskID
+                'task_id': taskID,
+                'event_type': 'result'
             })
             dispatcher.send(signal, sender="agents/{}".format(sessionID))
 

lib/common/empire.py

@@ -157,6 +157,11 @@ def handle_event(self, signal, sender):
         if 'task_id' in signal_data:
             task_id = signal_data['task_id']
 
+        if 'event_type' in signal_data:
+            event_type = signal_data['event_type']
+        else:
+            event_type = 'dispatched_event'
+
         event_data = json.dumps({'signal': signal_data, 'sender': sender})
 
         # print any signal that indicates we should
@@ -166,7 +171,7 @@ def handle_event(self, signal, sender):
         # get a db cursor, log this event to the DB, then close the cursor
         cur = self.conn.cursor()
         # TODO instead of "dispatched_event" put something useful in the "event_type" column
-        log_event(cur, sender, 'dispatched_event', json.dumps(signal_data), signal_data['timestamp'], task_id=task_id)
+        log_event(cur, sender, event_type, json.dumps(signal_data), signal_data['timestamp'], task_id=task_id)
         cur.close()
 
         # if --debug X is passed, log out all dispatcher signals

lib/common/events.py

@@ -29,7 +29,8 @@ def agent_rename(old_name, new_name):
         'print': False,
         'message': message,
         'old_name': old_name,
-        'new_name': new_name
+        'new_name': new_name,
+        'event_type' : 'rename'
     })
     # signal twice, once for each name (that way, if you search by sender,
     # the last thing in the old agent and the first thing in the new is that

lib/common/listeners.py

@@ -422,6 +422,7 @@ def shutdown_listener(self, listenerName):
     def disable_listener(self, listenerName):
         "Wrapper for shutdown_listener(), also marks listener as 'disabled' so it won't autostart"
 
+        activeListenerModuleName = self.activeListeners[listenerName]['moduleName']
         cur = self.conn.cursor()
         if listenerName.lower() == "all":
             cur.execute("UPDATE listeners SET enabled=? WHERE NOT module=?", [False, "redirector"])
@@ -430,7 +431,6 @@ def disable_listener(self, listenerName):
         cur.close()
         self.shutdown_listener(listenerName)
         # dispatch this event
-        activeListenerModuleName = self.activeListeners[listenerName]['module']
         message = "[*] Listener {} killed".format(listenerName)
         signal = json.dumps({
             'print': True,