Use SystemRandom() and maintain API compatibility

data/agent/stagers/common/aes.py

@@ -355,7 +355,8 @@ def CBCdec(aesObj, ciphertext, base64=False):
 
 
 def getIV(len=16):
-    return ''.join(chr(random.randint(0, 255)) for _ in range(len))
+    rng = random.SystemRandom()
+    return ''.join(chr(rng.randint(0, 255)) for _ in range(len))
 
 
 def aes_encrypt(key, data):

empire

@@ -76,7 +76,8 @@ def refresh_api_token(conn):
     """
 
     # generate a randomized API token
-    apiToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40))
+    rng = random.SystemRandom()
+    apiToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40))
 
     execute_db_query(conn, "UPDATE config SET api_current_token=?", [apiToken])
 
@@ -93,7 +94,8 @@ def get_permanent_token(conn):
     permanentToken = execute_db_query(conn, "SELECT api_permanent_token FROM config")[0]
     permanentToken = permanentToken[0]
     if not permanentToken:
-        permanentToken = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(40))
+        rng = random.SystemRandom()
+        permanentToken = ''.join(rng.choice(string.ascii_lowercase + string.digits) for x in range(40))
         execute_db_query(conn, "UPDATE config SET api_permanent_token=?", [permanentToken])
 
     return permanentToken

lib/common/encryption.py

@@ -186,7 +186,8 @@ def generate_aes_key():
     Generate a random new 128-bit AES key using OS' secure Random functions.
     """
     punctuation = '!#$%&()*+,-./:;<=>?@[\]^_`{|}~'
-    return ''.join(random.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32))
+    rng = random.SystemRandom()
+    return ''.join(rng.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32))
 
 
 def rc4(key, data):