infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added situational_awareness/network/powerview/get_loggedon and get_session

1.6
Harmj0y 2015-11-12 23:17:37 -05:00
parent 6058f25a57
commit 8961af6262
3 changed files with 185 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
data/module_source/situational_awareness/network/powerview.ps1
View File

@ -2576,19 +2576,21 @@ function Get-ObjectAcl {
try {
$Searcher.FindAll() | Foreach-Object {
$Object = [adsi]($_.path)
$Access = $Object.PsBase.ObjectSecurity.access
$Access | ForEach-Object {
$_ | Add-Member NoteProperty 'ObjectDN' ($Object.distinguishedname[0])
if($Object.distinguishedname) {
$Access = $Object.PsBase.ObjectSecurity.access
$Access | ForEach-Object {
$_ | Add-Member NoteProperty 'ObjectDN' ($Object.distinguishedname[0])
if($Object.objectsid[0]){
$S = (New-Object System.Security.Principal.SecurityIdentifier($Object.objectsid[0],0)).Value
if($Object.objectsid[0]){
$S = (New-Object System.Security.Principal.SecurityIdentifier($Object.objectsid[0],0)).Value
}
else {
$S = $Null
}
$_ | Add-Member NoteProperty 'ObjectSID' $S
$_
}
else {
$S = $Null
}
$_ | Add-Member NoteProperty 'ObjectSID' $S
$_
}
} | ForEach-Object {
if($RightsFilter) {

86
lib/modules/situational_awareness/network/powerview/get_loggedon.py Normal file
View File

@ -0,0 +1,86 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'Get-NetLoggedon',
'Author': ['@harmj0y'],
'Description': ('Execute the NetWkstaUserEnum Win32API call to query a given host for actively logged on users.'),
'Background' : True,
'OutputExtension' : None,
'NeedsAdmin' : False,
'OpsecSafe' : True,
'MinPSVersion' : '2',
'Comments': [ ]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
'Description' : 'Agent to run module on.',
'Required' : True,
'Value' : ''
},
'ComputerName' : {
'Description' : 'The hostname or IP to query for local group users.',
'Required' : False,
'Value' : 'localhost'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
moduleName = self.info["Name"]
# read in the common powerview.ps1 module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/powerview.ps1"
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
# get just the code needed for the specified function
script = helpers.generate_dynamic_powershell_script(moduleCode, moduleName)
script += moduleName + " "
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
script += ' | ft -wrap | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"'
return script

86
lib/modules/situational_awareness/network/powerview/get_session.py Normal file
View File

@ -0,0 +1,86 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
self.info = {
'Name': 'Get-NetSession',
'Author': ['@harmj0y'],
'Description': ('Execute the NetSessionEnum Win32API call to query a given host for active sessions on the host.'),
'Background' : True,
'OutputExtension' : None,
'NeedsAdmin' : False,
'OpsecSafe' : True,
'MinPSVersion' : '2',
'Comments': [ ]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
'Description' : 'Agent to run module on.',
'Required' : True,
'Value' : ''
},
'ComputerName' : {
'Description' : 'The hostname or IP to query for local group users.',
'Required' : False,
'Value' : 'localhost'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
moduleName = self.info["Name"]
# read in the common powerview.ps1 module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/powerview.ps1"
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
# get just the code needed for the specified function
script = helpers.generate_dynamic_powershell_script(moduleCode, moduleName)
script += moduleName + " "
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
script += ' | ft -wrap | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"'
return script