diff --git a/data/agent/stagers/common/aes.py b/data/agent/stagers/common/aes.py index dcc3c5ae1..dbb73beed 100644 --- a/data/agent/stagers/common/aes.py +++ b/data/agent/stagers/common/aes.py @@ -361,7 +361,8 @@ def CBCdec(aesObj, ciphertext, base64=False): def getIV(len=16): - return ''.join(chr(random.randint(0, 255)) for _ in range(len)) + rng = random.SystemRandom() + return ''.join(chr(rng.randint(0, 255)) for _ in range(len)) def aes_encrypt(key, data): diff --git a/empire b/empire index 83690da64..31dec231b 100755 --- a/empire +++ b/empire @@ -78,7 +78,8 @@ def refresh_api_token(conn): """ # generate a randomized API token - apiToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40)) + rng = random.SystemRandom() + apiToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40)) execute_db_query(conn, "UPDATE config SET api_current_token=?", [apiToken]) @@ -95,7 +96,8 @@ def get_permanent_token(conn): permanentToken = execute_db_query(conn, "SELECT api_permanent_token FROM config")[0] permanentToken = permanentToken[0] if not permanentToken: - permanentToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40)) + rng = random.SystemRandom() + permanentToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40)) execute_db_query(conn, "UPDATE config SET api_permanent_token=?", [permanentToken]) return permanentToken diff --git a/lib/common/encryption.py b/lib/common/encryption.py index 45bf98f95..4a7f53521 100644 --- a/lib/common/encryption.py +++ b/lib/common/encryption.py @@ -214,7 +214,8 @@ def generate_aes_key(): Generate a random new 128-bit AES key using OS' secure Random functions. """ punctuation = '!#$%&()*+,-./:;<=>?@[\]^_`{|}~' - return ''.join(random.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32)) + rng = random.SystemRandom() + return ''.join(rng.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32)) def rc4(key, data):