2016-09-17 21:16:03 +00:00
=======================
9/16/2016 - RELEASE 1.6
=======================
-Encompasses all changes since the 1.5 tagged release
9/16/2016
---------
-Fix for 'skywalker v2' file overwrite exploit on control server (thanks again @zeroSteiner :)
9/10/2016
---------
-Fixes for Invoke-WScriptBypassUAC
8/31/2016
---------
-Invoke-ARPScan.ps1 now uses reflection
8/15/2016
---------
-Added stagers/scrambled_macro
2016-08-15 22:01:19 +00:00
8/15/2016
---------
-Added in "Fileless" UAC bypass using eventvwr.exe
2016-08-14 01:28:48 +00:00
8/13/2016
---------
-Merged in updated Normal.dotm persistence module.
2016-07-21 01:28:27 +00:00
7/20/2016
---------
2016-07-21 03:44:30 +00:00
-Version 1.5.3
2016-07-21 01:28:27 +00:00
-Fix for issue #273 - added hostnames to raw screenshot output file
-Fix for issue #285 - credential export supporting commas
-Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
2016-07-21 03:44:30 +00:00
-moved collection/keethief to collection/vaults/keethief
-added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
-added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
-added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
-added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
2016-07-21 03:39:25 +00:00
-Misc. bug fixes
2016-07-21 01:28:27 +00:00
7/16/2016
---------
-Added collection/keethief module to pilfer KeePass key material from memory
-"creds X" now searches additional fields for the term (like domain)
-merged credentials/enum_cred_store from @BeetleChunks
7/15/2016
---------
-Merged @rvrsh3ll's collection/browser_data module
-Merged @curi0usJack's situational_awareness/network/smbautobrute module
-fix for issue #258 - "interact AGENT" now works globally in every menu except an active agent menu
-fix for issue #221 - hop listeners
-fix for issue #252 - management/invoke_script now no longer requires an external script
-fix for issue #257 - sysinfo now executed after running the steal_token command
2016-06-25 01:06:24 +00:00
6/24/2016
---------
-Updated Invoke-Mimikatz to include a fix for multi-cpu boxes/processor detection
2016-06-25 02:22:12 +00:00
-Merged @n0clues pull request to change paths from %TEMP% to %PUBLIC% for spawnas module to fix a bug when spawning as a different user.
-Fixed a typo in the dcsync_hashdump that caused it to crash the Empire server
-Merged in Inveigh 1.1.1 and current Tater build thanks to @Kevin-Robertson
-Fixed a bug in the REST API due to the port being a string and not an int
2016-06-25 02:54:52 +00:00
-Added 417 Expectation failed error bug fix for older proxies (Squid) thanks to @i223t
2016-06-25 02:55:04 +00:00
2016-06-25 00:14:39 +00:00
6/9/2016
---------
-Updated SQLite dll for Get-ChromeDump.ps1
5/27/2016
---------
-Fixed format issues with Get-ComputerDetails.ps1
-More verbose output added to PowerUp's Invoke-ServiceCMD
-Made Get-SPN PowerShell 2.0 compatible
-Updated RunAs to include an argument parameter
-Merged @tristandostaler's /api/map feature to the Rest API
-Merged in @andrew-morris's installer update to include -Y switch for apt-get commands
-Merged in MS16-032 local privesc from @leoloobeek
5/4/2016
---------
-Merged @jaredhaight's Invoke-MetasploitModule module
2016-05-02 22:13:38 +00:00
5/2/2016
---------
-tightened up argparse validation
2016-04-24 15:26:39 +00:00
4/24/2016
---------
-Added credentials/get_spn_tickets to request SPN tickets.
-Added credentials/mimikatz/extract_tickets
2016-04-21 21:12:43 +00:00
4/21/2016
---------
-Merged @Subtee's regsvc32 (sct) stager
2016-04-01 21:06:21 +00:00
4/1/2016
---------
-listener starting now returns more verbose errors on failure in console and API
-merge of @mynameisiv's .jpg screenshot PR
-Fix for path errors in some cases for ./setup/setup_database.py
2016-09-17 21:16:03 +00:00
=======================
3/31/2016 - RELEASE 1.5
=======================
2016-03-31 20:06:02 +00:00
-Encompasses all changes since the 1.4 tagged release
3/31/2016
---------
-Merge of Inveigh 1.1 update and privesc/tater
-Updated of Invoke-Mimikatz.ps1 source
2016-03-31 21:25:08 +00:00
-Updated mimikatz dlls to version 2.1 alpha
-Included modification to suppress cmd.exe when spawned via PTH.
2016-03-31 20:06:02 +00:00
3/30/2016
---------
-Added loading of external modules with 'load /path/modules/'
2016-03-26 04:20:32 +00:00
3/25/2016
---------
-RESTful API modifications
-expanded agent/server epoch check to +/- 12 hours
-stagers now run -sta
3/24/2016
---------
-RESTful API modifications
3/22/2016
---------
-added auth to RESTful API, additional API fixes
3/21/2016
---------
-start of RESTful API implementation
3/19/2016
---------
-PowerView.ps1 update and multiple related module additions
-added github issue templates
-added situational_awareness/network/powerview/get_gpo_computer
3/11/2016
---------
-added privesc/getsystem
-bug fix for Invoke-PsExec and some x64 pointers
3/3/2016
---------
-first pass at stager retry interval
-download chunking modified
2/17/2016
2016-02-18 03:37:25 +00:00
---------
- '--debug 2' now displays debug information to the console as well as the empire.debug file
2016-03-26 04:20:32 +00:00
-added privesc/mcafee_sitelist
2016-02-18 03:37:25 +00:00
2016-02-16 07:27:37 +00:00
1/15/2016
---------
-start of command line option integration, use './empire -h' to see options
-bug fixes
-'searchmodule' with no arguments now lists all modules
1/14/2016
---------
-Fix for some UTF-8 encoding issues
1/10/2016
----------
-Corrected several bugs in how the workingHours window is handled in the agent
2016-03-31 20:06:02 +00:00
2015-12-30 00:29:05 +00:00
============
12/29/2015 - RELEASE 1.4
============
-Encompasses all changes since 1.3.1 tagged release
2016-03-31 20:06:02 +00:00
2015-12-30 00:29:05 +00:00
12/29/2015
----------
-Added situational_awareness/network/powerview/find_managed_security_groups to integrate @stufus' new code
-Fixed various issues with agent profile handling
-'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
12/28/2015
----------
-Merge of @stufus' Find-ManagedSecurityGroups code into PowerView.ps1 base
12/26/2015
----------
-Merge of @jamcut's situational_awareness/host/findtrusteddocuments module
2015-12-22 20:05:22 +00:00
12/22/2015
----------
-Sync of Kevin Robertson's lateral_movement/inveigh_relay module
2015-12-30 00:29:05 +00:00
-Sync @stufus' exfiltration/egresscheck module
2015-12-22 20:05:22 +00:00
-Added module menu dynamic sizing for prettified output
2015-12-30 00:29:05 +00:00
12/20/2015
----------
-hop.php redirector fix
2015-12-17 01:36:07 +00:00
12/16/2015
----------
-Sync of Kevin Robertson's collection/inveigh update
-Added trollsploit/rick_ascii
-Bug fixes
2015-12-11 22:56:25 +00:00
12/11/2015
----------
-Updated powerview.ps1
-Added situational_awareness/network/powerview/get_cached_rdpconnection
-Added situational_awareness/network/powerview/set_ad_object
-Added management/downgrade_account
2015-12-30 00:29:05 +00:00
-Merge of @mubix's setup automation
2015-12-11 22:56:25 +00:00
12/9/2015
---------
2015-12-30 00:29:05 +00:00
-Added credentials/mimikatz/cache and credentials/mimikatz/sam
2015-12-11 22:56:25 +00:00
2015-12-01 04:23:03 +00:00
11/30/2015
----------
-Combined persistence/debugger/* into persistence/misc/debugger
-Added SysWow64 option to management/spawn to spawn a 32-bit powershell.exe
-Added persistence/userland/backdoor_lnk
2015-11-29 16:58:16 +00:00
11/29/2015
----------
-Built several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1
11/28/2015
----------
-Merged @xorrior's FoxDump and ChromeDump modules
11/25/2015
----------
-Merged @rvrsh3ll's lateral_movement/invoke_sshcommand
11/24/2015
----------
-Added script autorun functionality
11/23/2015
----------
-Merged @rvrsh3ll's recon/http_login
2015-11-21 23:07:57 +00:00
11/21/2015
----------
-Merge of exploitation/exploit_jboss, bug fix
-Fix in case module returns None
2015-11-21 23:24:17 +00:00
-Merged debian setup.sh fix
-Merged non-interactive cert generation and added to setup.sh
2015-11-22 01:03:40 +00:00
-Fixed nested menu bug that caused buildup of "Agent X not active."
-Main display menu now shows each time "main" menu is entered
2015-11-21 23:07:57 +00:00
2015-11-08 23:51:57 +00:00
11/8/2015
---------
-All PowerUp modules now dynamically built from a single source file
-PowerUp bug fixes
-Added privesc/powerup/service_exe_restore, pulled logic from other modules
-Added management/spawnas to spawn agents with explicit credentials
-Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
-Write-Verbose and Write-Debug lines now stripped from tasked scripts
2015-11-09 00:36:20 +00:00
-Added situational_awareness/network/powerview/get_forest module
2015-11-08 23:51:57 +00:00
2015-11-04 20:19:06 +00:00
11/4/2015
2015-11-08 23:51:57 +00:00
---------
2015-11-04 20:19:06 +00:00
-Added persistence/misc/add_netuser to add local/domain users
2015-11-02 19:52:46 +00:00
11/2/2015
---------
-Fixed small bug in TASK_CMD_WAIT response parsing
2016-03-31 20:06:02 +00:00
2015-12-30 00:29:05 +00:00
============
10/30/2015 - RELEASE 1.3.1
============
2015-10-30 16:08:57 +00:00
-Updated reflectivepick dlls to fix bug in injection and dll payload injection
2016-03-31 20:06:02 +00:00
2015-10-30 16:08:57 +00:00
============
2015-12-30 00:29:05 +00:00
10/29/2015 - RELEASE 1.3
2015-10-30 16:08:57 +00:00
============
-Encompasses all changes since 1.2 tagged release
2016-03-31 20:06:02 +00:00
2015-10-27 19:18:26 +00:00
10/26/2015
----------
-Fix for psinject bug due to lack of .NET 4.0 on target.
2015-10-27 19:20:41 +00:00
-Fix for bug in persistence/misc/add_sid_history
10/23/15
2015-10-30 16:08:57 +00:00
--------
2015-10-27 19:20:41 +00:00
-Updated powerview.ps1 source to Version 2.0
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
2015-09-22 02:32:46 +00:00
9/21/2015
---------
-Fix for 'skywalker' file overwrite exploit on control server (thanks @zeroSteiner!)
2015-09-12 12:32:43 +00:00
9/12/2015
---------
-Added credentials/mimikatz/mimitokens to take advantage of Mimikatz' token listing/elevation
-Added management/enable_multi_rdp to patch terminal services to allow mutiple connections
-Fixed bug in write_dllhijacker that prevented the dll from being written out
2015-10-30 16:08:57 +00:00
2015-08-30 19:59:50 +00:00
============
8/30/2015 - RELEASE 1.2
============
-Encompasses all changes below
--- 'Native' shell commands in agent core ported to WMI equivalents
--- HMAC now uses SHA1 instead of MD5
--- Numerous bug fixes and UI tweaks throughout code
--- Six new modules and WAR stager added, /sids option added to golden_ticket
--- Fixed international locale bug with unicode text in agent.ps1
2016-03-31 20:06:02 +00:00
2015-08-30 19:59:50 +00:00
8/29/2015
---------
-HMAC algorithm for packet comms upgraded to use SHA1 instead of MD5
-credentials collected from collection/prompt now scraped/added to credential model
2015-08-27 00:22:26 +00:00
8/26/2015
---------
-Added module privesc/bypassuac_wscript
-Added module collection/inveigh
-Added stager war
2015-08-24 21:33:35 +00:00
8/24/2015
---------
-Added credentials/mimikatz/dcsync for remote DC credential extraction
-Added situational_awareness/network/get_domaintrusts
-Added /sids argument for credentials/mimikatz/golden_ticket
-Added credential parsing for dcsync output
-updated links for PowerTools
2015-08-24 22:42:32 +00:00
-Fixed bug in credential parsing with ":" inside of the password,username, or domain
2015-08-25 02:57:48 +00:00
-Fixed international locale bug with unicode text in agent.ps1. Now all results are base64 encoded prior to being packetized. Encoding will be handled at server.
2015-08-24 21:33:35 +00:00
2015-08-20 18:35:42 +00:00
8/20/2015
---------
-Continued porting native shell commands to WMI replacents in agent core
-In agent menu, 'shell CMD' now runs straight IEX CMD, and 'help agentcmds' shows safe aliases
-Modified ./setup/reset.sh to work from parent or ./setup/ folders
2015-08-23 21:18:13 +00:00
-Agent core functions streamlined
-"list [agents/listeners] <modifier>" should now be a global command
2015-08-20 18:35:42 +00:00
2015-08-19 17:14:14 +00:00
8/19/2015
---------
-Added collection/netripper, port of the NetRipper project
-Added collection/packet_capture for netsh event tracing
2015-08-19 19:51:36 +00:00
-Added management/zipfolder for native folder compression
-Corrected menu behavior on agent exit, bug fix on some dir behavior
2015-08-20 00:51:36 +00:00
-Started porting native shell commands to WMI in the agent core
2015-08-19 17:14:14 +00:00
2015-08-16 13:35:46 +00:00
============
8/16/2015 - RELEASE 1.1
============
-Encompasses all changes below
--- Crypto patch to prevent DOS condition
--- Numerous bug fixes throughout code
--- Extra modules added and HTA stager
--- Ability for agents to die after certain number of failed checkins
--- Added ability to easily remove "stale" agents
2016-03-31 20:06:02 +00:00
2015-08-15 21:58:44 +00:00
8/15/2015
---------
2015-08-16 05:05:35 +00:00
-Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner, lateral_movement/invoke_psexec
2015-08-16 13:35:46 +00:00
-Accepted HTA Stager from subtee
2015-08-15 21:58:44 +00:00
2015-08-12 16:51:07 +00:00
8/12/2015
--------
-Merged in list stale and remove stale functionality
-Fixed delay in list stale feature
-Fixed active agent message in list stale feature
2015-08-12 22:51:24 +00:00
-Fixed registry storage in schtasks and registry persistence modules (userland and elevated)
2015-08-12 16:51:07 +00:00
2015-08-11 18:01:38 +00:00
8/11/2015
---------
-Merged in Lost Agent Detection
2015-08-12 01:48:21 +00:00
-"agents> remove X" now removes agents that checked in > X minutes ago
2015-08-12 01:59:19 +00:00
-"agents> list stale" and "agents> remove stale" now list/remove stale agents past their max checkins
2015-08-11 18:01:38 +00:00
2015-08-10 13:14:15 +00:00
8/10/2015
---------
-Fixed tab completion of usestager module
-Added dependencies for Ubuntu 14.04
-Fixed IP Whitelisting set from file
2015-08-10 22:50:18 +00:00
-Added "Lost Agent Detection". Allows the ability for an agent to die after a certain number of missed checkins. This is implemented via the "lostlimit" command. Default set to 60 missed checkins.
2015-08-10 13:14:15 +00:00
8/9/2015
----------
-Fixed flaw in crypto allowing a DOS condition.
-Added authentication to the AES crypto scheme to verify integrity of messages
8/6/2015
-----------
-Initial release. All components released
2016-03-31 20:06:02 +00:00
-Commited path fix to correct bug in certain modules
