Remove Invoke-Obfuscation

.github/cst-config-docker.yaml

@@ -48,9 +48,6 @@ fileExistenceTests:
   - name: 'profiles'
     path: '/empire/empire/server/data/profiles/'
     shouldExist: true
-  - name: 'invoke obfuscation'
-    path: '/usr/local/share/powershell/Modules/Invoke-Obfuscation/'
-    shouldExist: true
   - name: 'sharpire'
     path: '/empire/empire/server/csharp/Covenant/Data/ReferenceSourceLibraries/Sharpire'
     shouldExist: true

.github/install_tests/cst-config-install-base.yaml

@@ -71,9 +71,6 @@ fileExistenceTests:
   - name: 'profiles'
     path: '/empire/empire/server/data/profiles/'
     shouldExist: true
-  - name: 'invoke obfuscation'
-    path: '/usr/local/share/powershell/Modules/Invoke-Obfuscation/'
-    shouldExist: true
   - name: 'sharpire'
     path: '/empire/empire/server/csharp/Covenant/Data/ReferenceSourceLibraries/Sharpire'
     shouldExist: true

Dockerfile

@@ -59,9 +59,7 @@ RUN poetry config virtualenvs.create false && \
 
 COPY . /empire
 
-RUN mkdir -p /usr/local/share/powershell/Modules && \
-    cp -r ./empire/server/data/Invoke-Obfuscation /usr/local/share/powershell/Modules && \
-    rm -rf /empire/empire/server/data/empire*
+RUN rm -rf /empire/empire/server/data/empire*
 
 RUN sed -i 's/use: mysql/use: sqlite/g' empire/server/config.yaml && \
     sed -i 's/auto_update: true/auto_update: false/g' empire/server/config.yaml

empire.py

@@ -2,9 +2,7 @@
 
 import sys
 
-from empire import arguments
-from empire import config_manager
-
+from empire import arguments, config_manager
 
 if __name__ == "__main__":
     args = arguments.args

empire/client/src/EmpireCliConfig.py

@@ -29,4 +29,5 @@ def set_yaml(self, location: str):
         except FileNotFoundError as exc:
             log.error(exc)
 
+
 empire_config = EmpireCliConfig()

empire/config_manager.py

@@ -1,10 +1,10 @@
 import logging
 import os
 import shutil
-import yaml
-
 from pathlib import Path
 
+import yaml
+
 log = logging.getLogger(__name__)
 
 user_home = Path.home()
@@ -14,10 +14,11 @@
 CONFIG_CLIENT_PATH = CONFIG_DIR / "client" / "config.yaml"
 CONFIG_SERVER_PATH = CONFIG_DIR / "server" / "config.yaml"
 
+
 def config_init():
     CONFIG_CLIENT_PATH.parent.mkdir(parents=True, exist_ok=True)
     CONFIG_SERVER_PATH.parent.mkdir(parents=True, exist_ok=True)
-    
+
     if not CONFIG_CLIENT_PATH.exists():
         shutil.copy(SOURCE_CONFIG_CLIENT, CONFIG_CLIENT_PATH)
         log.info(f"Copied {SOURCE_CONFIG_CLIENT} to {CONFIG_CLIENT_PATH}")
@@ -35,7 +36,7 @@ def check_config_permission(config_dict: dict, config_type: str):
     """
     Check if the specified directories in config.yaml are writable. If not, switches to a fallback directory.
     Handles both server and client configurations.
-    
+
     Args:
         config_dict (dict): The configuration dictionary loaded from YAML.
         config_type (str): The type of configuration ("server" or "client").
@@ -44,7 +45,9 @@ def check_config_permission(config_dict: dict, config_type: str):
     if config_type == "server":
         paths_to_check = {
             ("api", "cert_path"): config_dict["api"]["cert_path"],
-            ("database", "sqlite", "location"): config_dict["database"]["sqlite"]["location"],
+            ("database", "sqlite", "location"): config_dict["database"]["sqlite"][
+                "location"
+            ],
             ("starkiller", "directory"): config_dict["starkiller"]["directory"],
             ("logging", "directory"): config_dict["logging"]["directory"],
             ("debug", "last_task", "file"): config_dict["debug"]["last_task"]["file"],
@@ -56,7 +59,9 @@ def check_config_permission(config_dict: dict, config_type: str):
         paths_to_check = {
             ("logging", "directory"): config_dict["logging"]["directory"],
             ("directories", "downloads"): config_dict["directories"].get("downloads"),
-            ("directories", "generated-stagers"): config_dict["directories"].get("generated-stagers"),
+            ("directories", "generated-stagers"): config_dict["directories"].get(
+                "generated-stagers"
+            ),
         }
         config_path = CONFIG_CLIENT_PATH  # Use the client config path
 
@@ -66,20 +71,30 @@ def check_config_permission(config_dict: dict, config_type: str):
     # Check permissions and update paths as needed
     for keys, dir_path in paths_to_check.items():
         if not os.access(dir_path, os.W_OK):
-            log.info("No write permission for %s. Switching to fallback directory.", dir_path)
+            log.info(
+                "No write permission for %s. Switching to fallback directory.", dir_path
+            )
             user_home = Path.home()
-            fallback_dir = os.path.join(user_home, ".empire", dir_path.removeprefix("empire/"))
+            fallback_dir = os.path.join(
+                user_home, ".empire", dir_path.removeprefix("empire/")
+            )
 
             # Update the directory in config_dict
             target = config_dict  # target is a reference to config_dict
             for key in keys[:-1]:
                 target = target[key]
             target[keys[-1]] = fallback_dir
 
-            log.info("Updated %s to fallback directory: %s", "->".join(keys), fallback_dir)
+            log.info(
+                "Updated %s to fallback directory: %s", "->".join(keys), fallback_dir
+            )
 
     # Write the updated configuration back to the correct YAML file
-    with open(config_path, 'w') as config_file:
+    with open(config_path, "w") as config_file:
         yaml.safe_dump(config_dict, config_file)
 
-    log.info("Updated $config_type config.yaml to use fallback directory: %s", config_type, fallback_dir)
+    log.info(
+        "Updated %s config.yaml to use fallback directory: %s",
+        config_type,
+        fallback_dir,
+    )

empire/server/core/config.py

@@ -3,9 +3,10 @@
 from pathlib import Path
 
 import yaml
-from empire import config_manager
 from pydantic import BaseModel, ConfigDict, Field, field_validator
 
+from empire import config_manager
+
 log = logging.getLogger(__name__)
 
 

empire/server/server.py

@@ -1,7 +1,6 @@
 #!/usr/bin/env python3
 import logging
 import os
-import pathlib
 import pwd
 import shutil
 import signal
@@ -67,12 +66,6 @@ def setup_logging(args):
 
 
 CSHARP_DIR_BASE = os.path.join(os.path.dirname(__file__), "csharp/Covenant")
-INVOKE_OBFS_SRC_DIR_BASE = os.path.join(
-    os.path.dirname(__file__), "data/Invoke-Obfuscation"
-)
-
-user_home = Path.home()
-INVOKE_OBFS_DST_DIR_BASE = user_home / ".local" / "share" / "powershell" / "Modules" / "Invoke-Obfuscation"
 
 
 def reset():
@@ -96,16 +89,6 @@ def reset():
     if os.path.exists(empire_config.starkiller.directory):
         shutil.rmtree(empire_config.starkiller.directory)
 
-    # invoke obfuscation
-    if os.path.exists(f"{INVOKE_OBFS_DST_DIR_BASE}"):
-        shutil.rmtree(INVOKE_OBFS_DST_DIR_BASE)
-    pathlib.Path(pathlib.Path(INVOKE_OBFS_SRC_DIR_BASE).parent).mkdir(
-        parents=True, exist_ok=True
-    )
-    shutil.copytree(
-        INVOKE_OBFS_SRC_DIR_BASE, INVOKE_OBFS_DST_DIR_BASE, dirs_exist_ok=True
-    )
-
     file_util.remove_file("data/sessions.csv")
     file_util.remove_file("data/credentials.csv")
     file_util.remove_file("data/master.log")

setup/install.sh

@@ -40,9 +40,6 @@ function install_powershell() {
   sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
   sudo chmod +x /opt/microsoft/powershell/7/pwsh
   sudo ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
-
-  sudo mkdir -p /usr/local/share/powershell/Modules
-  sudo cp -r "$PARENT_PATH"/empire/server/data/Invoke-Obfuscation /usr/local/share/powershell/Modules
 }
 
 function install_mysql() {