diff --git a/data/agent/stagers/common/aes.py b/data/agent/stagers/common/aes.py index 4c92116a0..6c92f7a82 100644 --- a/data/agent/stagers/common/aes.py +++ b/data/agent/stagers/common/aes.py @@ -355,7 +355,8 @@ def CBCdec(aesObj, ciphertext, base64=False): def getIV(len=16): - return ''.join(chr(random.randint(0, 255)) for _ in range(len)) + rng = random.SystemRandom() + return ''.join(chr(rng.randint(0, 255)) for _ in range(len)) def aes_encrypt(key, data): diff --git a/empire b/empire index 4a81ed436..f7caf2d37 100755 --- a/empire +++ b/empire @@ -76,7 +76,8 @@ def refresh_api_token(conn): """ # generate a randomized API token - apiToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40)) + rng = random.SystemRandom() + apiToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40)) execute_db_query(conn, "UPDATE config SET api_current_token=?", [apiToken]) @@ -93,7 +94,8 @@ def get_permanent_token(conn): permanentToken = execute_db_query(conn, "SELECT api_permanent_token FROM config")[0] permanentToken = permanentToken[0] if not permanentToken: - permanentToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40)) + rng = random.SystemRandom() + permanentToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40)) execute_db_query(conn, "UPDATE config SET api_permanent_token=?", [permanentToken]) return permanentToken diff --git a/lib/common/encryption.py b/lib/common/encryption.py index 120336106..dd08df8e2 100644 --- a/lib/common/encryption.py +++ b/lib/common/encryption.py @@ -186,7 +186,8 @@ def generate_aes_key(): Generate a random new 128-bit AES key using OS' secure Random functions. """ punctuation = '!#$%&()*+,-./:;<=>?@[\]^_`{|}~' - return ''.join(random.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32)) + rng = random.SystemRandom() + return ''.join(rng.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32)) def rc4(key, data):