Skip to content

Commit

Permalink
Merge pull request #29 from moloch--/master
Browse files Browse the repository at this point in the history
Use SystemRandom() and maintain api compatibility
  • Loading branch information
vinnybod authored Jan 8, 2020
2 parents f016d28 + 02db6e0 commit 7eda4cb
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 4 deletions.
3 changes: 2 additions & 1 deletion data/agent/stagers/common/aes.py
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,8 @@ def CBCdec(aesObj, ciphertext, base64=False):


def getIV(len=16):
return ''.join(chr(random.randint(0, 255)) for _ in range(len))
rng = random.SystemRandom()
return ''.join(chr(rng.randint(0, 255)) for _ in range(len))


def aes_encrypt(key, data):
Expand Down
6 changes: 4 additions & 2 deletions empire
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ def refresh_api_token(conn):
"""

# generate a randomized API token
apiToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40))
rng = random.SystemRandom()
apiToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40))

execute_db_query(conn, "UPDATE config SET api_current_token=?", [apiToken])

Expand All @@ -95,7 +96,8 @@ def get_permanent_token(conn):
permanentToken = execute_db_query(conn, "SELECT api_permanent_token FROM config")[0]
permanentToken = permanentToken[0]
if not permanentToken:
permanentToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40))
rng = random.SystemRandom()
permanentToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40))
execute_db_query(conn, "UPDATE config SET api_permanent_token=?", [permanentToken])

return permanentToken
Expand Down
3 changes: 2 additions & 1 deletion lib/common/encryption.py
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,8 @@ def generate_aes_key():
Generate a random new 128-bit AES key using OS' secure Random functions.
"""
punctuation = '!#$%&()*+,-./:;<=>?@[\]^_`{|}~'
return ''.join(random.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32))
rng = random.SystemRandom()
return ''.join(rng.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32))


def rc4(key, data):
Expand Down

0 comments on commit 7eda4cb

Please sign in to comment.