-
Notifications
You must be signed in to change notification settings - Fork 22
/
Config.pm
144 lines (98 loc) · 4.95 KB
/
Config.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package Epowner::Epo;
use strict;
use warnings;
#=================================
# Config SAVE
#=================================
sub config_save {
my $this = shift;
my $file = $this->{config_file};
my $dsa_agent = $this->{dsa_agent};
my $agent_dsa_filename_private = $this->{config_file} . "_" . $this->{agent_dsa_filename_private};
print "[*] Saving Agent and Server configuration\n" if $this->{verbose};
print " [+] Agent/Server configuration saved to '$file' !\n" if $this->{verbose};
# Save DSA key
$dsa_agent->write_priv_key($agent_dsa_filename_private);
print " [+] Agent PRIVATE dsa key saved to '$agent_dsa_filename_private' !\n" if $this->{verbose};
$this->config_save_writefile();
}
sub config_save_seqnum_only {
# Change of last minute. Only to avoid console output
my $this = shift;
$this->config_save_writefile();
}
sub config_save_writefile {
my $this = shift;
my $file = $this->{config_file};
my $dsa_agent = $this->{dsa_agent};
my $agent_dsa_filename_private = $this->{config_file} . "_" . $this->{agent_dsa_filename_private};
# Create config file
open (CONFIG, ">$file") or die "[-] ERROR config_save: Can't open configuration file '$file'. $!\n";
print CONFIG << "EOF";
#---------------------------------------------#
# ePowner - Agent & Server configuration #
#---------------------------------------------#
# Server settings
\$this->{server_host} = "$this->{server_host}";
\$this->{server_port} = "$this->{server_port}";
\$this->{server_pubkeyhash} = "$this->{server_pubkeyhash}";
\$this->{server_is_dba} = $this->{server_is_dba};
\$this->{srv_exec_mode} = $this->{srv_exec_mode};
\$this->{srv_exec_priv} = $this->{srv_exec_priv};
\$this->{server_servername} = "$this->{server_servername}";
\$this->{server_mssql_whoami} = '$this->{server_mssql_whoami}';
\$this->{server_db_folder} = '$this->{server_db_folder}';
\$this->{server_install_folder} = '$this->{server_install_folder}';
\$this->{server_tomcat_folder} = '$this->{server_tomcat_folder}';
\$this->{server_apache_folder} = '$this->{server_apache_folder}';
# Web Console admin account
\$this->{admin_username} = "$this->{admin_username}";
\$this->{admin_password} = "$this->{admin_password}";
# Attacker agent settings
\$this->{agent_hostname} = "$this->{agent_hostname}";
\$this->{agent_ip} = "$this->{agent_ip}";
\$this->{agent_mac} = "$this->{agent_mac}";
\$this->{agent_guid} = "$this->{agent_guid}";
\$this->{agent_seqnum} = $this->{agent_seqnum};
# AES-128 Key (extracted from orion.keystore)
\$this->{aes_symkey_keystore} = "$this->{aes_symkey_keystore}";
# Various strings generated during --register
\$this->{common_prefix} = "$this->{common_prefix}";
\$this->{deploy_evil_product_id} = "$this->{deploy_evil_product_id}";
# States
\$this->{state_registered} = $this->{state_registered};
# --srv-exec --setup-nondba already ran ?
\$this->{state_exec_nondba_setup} = $this->{state_exec_nondba_setup};
# --add-admin already ran ?
\$this->{state_add_admin} = $this->{state_add_admin};
# --cli-deploy used ?
\$this->{state_cli_deploy} = $this->{state_cli_deploy};
# End of file
EOF
close CONFIG;
}
#=================================
# Config RESTORE
#=================================
sub config_restore {
my $this = shift;
my $file = $this->{config_file};
my $dsa_agent = $this->{dsa_agent};
my $agent_dsa_filename_private = $this->{config_file} . "_" . $this->{agent_dsa_filename_private};
open (CONFIG, "$file") or die "[-] ERROR: Can't open configuration file '$file'. $!\n" .
" Use '--register' parameter to register a new agent to the ePo server and then create\n" .
" a new configuration file, or specify an alternate filename using '--config <filename>'\n";
my $config = join "", <CONFIG>;
close CONFIG;
eval $config;
die "Couldn't interpret the configuration file ($file) that was given.\nError details follow: $@\n" if $@;
print "[*] Restoring Agent and Server configuration from '$file'\n" if $this->{verbose};
# Load DSA priv key
$this->{dsa_agent} = Crypt::OpenSSL::DSA->read_priv_key( $agent_dsa_filename_private );
print " [+] Agent PRIVATE dsa key loaded from '$agent_dsa_filename_private' !\n" if $this->{verbose};
# increment our seq num to be sure we use a value >= than the value expected by epo
# if the code fails somewhere without saving the current seq number, our next requests
# will be ignored by the ePo server (HTTP code 503 - Server Busy)
#$this->{agent_seqnum}+=20;
}
1;