LogoLogo
EmpireStarkillerBlogDiscord
  • Empire
  • Quickstart
    • Installation
    • Server
  • Starkiller
    • Introduction
    • Agent Tasks
  • Listeners
    • Dropbox
    • OneDrive
    • HTTP
    • Malleable C2
  • Stagers
    • multi_generate_agent
  • Plugins
    • Development
      • Imports
      • Lifecycle Hooks
      • Execution
      • Hooks and Filters
      • Plugin Tasks
      • Notifications
      • Database Usage
      • Settings
      • Migration
  • Modules
    • Autorun Modules
    • Module Development
      • PowerShell Modules
      • Python Modules
      • C# Modules
      • BOF Modules
  • Agents
    • Python
      • Main Agent Class
      • Stage Class
      • Packet Handler Class
      • Extended Packet Handler Class
    • Go
      • Main Agent Class
      • Packet Handler Class
      • Main.go Template
    • Staging
  • RESTful API
  • Settings
    • Logging
    • Bypasses
    • IP Filtering
Powered by GitBook
On this page
  • Attributes
  • Methods
  • rc4(key, data)
  • parse_routing_packet(staging_key, data)
  • build_routing_packet(staging_key, session_id, meta, additional, enc_data)
  • decode_routing_packet(data)
  • build_response_packet(tasking_id, packet_data, result_id)
  • parse_task_packet(packet, offset)
  • process_tasking(data)
  • process_job_tasking(result)

Was this helpful?

  1. Agents
  2. Python

Packet Handler Class

The PacketHandler class is responsible for creating, parsing, and processing packets for agent-server communication. This includes encrypting/decrypting packets, extracting metadata, and routing tasking.

Attributes

  • agent: An instance of the main agent.

  • key: Encryption key for the current session.

  • staging_key: Key used during the staging process.

  • session_id: Unique identifier for the current session.

  • missedCheckins: Counter for failed check-ins.

  • language_list: Dictionary linking programming languages to unique IDs.

  • meta: Defines metadata types for packets.

  • additional: Empty dictionary, can be populated with additional metadata.

Methods

rc4(key, data)

Encrypts or decrypts the input data with the given key using the RC4 algorithm.

parse_routing_packet(staging_key, data)

Parses the encrypted agent data from a routing packet, which includes session ID, language, metadata type, and the encrypted data. The function returns a dictionary with session IDs as keys and tuples (language, metadata, additional data, encrypted data) as values.

build_routing_packet(staging_key, session_id, meta, additional, enc_data)

Builds a packet for agent communication, including a unique session ID, metadata, and encrypted data.

decode_routing_packet(data)

Parses all routing packets and processes packets specific to the agent's session ID.

build_response_packet(tasking_id, packet_data, result_id)

Constructs a task packet for the agent, which includes packet type, task ID, and the actual data.

parse_task_packet(packet, offset)

Parses a packet to extract various details such as packet type, task ID, and data. Returns a tuple with all the extracted details.

process_tasking(data)

Processes an encrypted packet by decrypting it, extracting the packets, and directing the agent to execute them.

process_job_tasking(result)

Processes job data packets, mainly sending results back to the Command & Control server.

PreviousStage ClassNextExtended Packet Handler Class

Last updated 1 month ago

Was this helpful?