effe3954e1
Also fixed proxy in dbx.py
2017-09-28 17:11:32 +02:00
6f59ee7b34
Fixed custom proxy config in launcher code
2017-09-28 16:53:11 +02:00
9bc854826d
Add "BypassHidden" option to multi/launcher for DBX listeners.
...
Many AV detect the "-w 1" or "-w Hidden" option in powershell as suspicious.
Setting the "BypassHidden option in the multi/launcher to True
generates a launcher that will rather use the WindowHandler from User32.dll to
hide the powershell window instead of using "-w hidden".
Also it will remove "-w hidden","-W 1" etc. from the Launcher command string.
2017-09-27 16:33:41 +02:00
7b4e202bab
Added in changes from 0ffca14
2017-09-26 17:44:45 -07:00
77741b83aa
Fix spacing
2017-09-26 16:11:40 -07:00
25be0c1e48
Add support for AES Kerberoasting
2017-09-26 16:06:23 -07:00
eccdbfb7cd
Adjust cert path
2017-09-26 11:49:25 -07:00
61d62d22da
Adjusted cert path
2017-09-26 11:48:23 -07:00
b720b7996e
Add stager option and bypass uac module
2017-09-26 10:13:21 -04:00
930bc09be2
added generate upload function and example code
2017-09-25 10:10:10 -04:00
69fb544cd3
Add SOCKS support to Dropbox listener
2017-09-25 14:14:02 +02:00
00b8427f9b
Fix PR (generate function signature, opsec value)
2017-09-24 19:17:26 +02:00
a6acedec26
Update changelog
2017-09-23 18:52:52 -04:00
1201232241
Merge pull request #702 from athegist/fix-launcher_vbs.py
...
Fixes vbscript string literal quoting.
2017-09-23 18:52:27 -04:00
d5cadc70e7
Update changelog
2017-09-23 18:42:36 -04:00
6b17073504
Merge pull request #681 from ThePirateWhoSmellsOfSunflowers/fix-macro
...
Fix macro launcher
2017-09-23 18:42:11 -04:00
52f2618863
Merge branch 'dev' of https://github.com/EmpireProject/Empire into dev
2017-09-23 10:30:07 -04:00
3d7a07a114
Fixed killdate for both agents. Fixed working hours for python agent
2017-09-23 10:28:51 -04:00
227fb3a631
Update changelog
2017-09-23 08:40:15 -04:00
20c17423fd
Merge pull request #711 from clr2of8/dev
...
Modified the PowerShell keylogger to write to local file instead of stdout
2017-09-23 08:39:19 -04:00
08c3e292dc
Update changelog
2017-09-22 23:41:28 -04:00
7f376077fd
Fixed ValidateLength parameter attribute for PSInject.ps1
2017-09-22 23:39:34 -04:00
eed3453301
making the keystroke log easier to read
2017-09-22 14:59:57 -06:00
de03f902ec
Repaired function definition for generate()
2017-09-21 22:59:08 -04:00
71cc81d423
Update changelog
2017-09-21 19:39:03 -04:00
4a95b0d6e3
Add whitespace parsing for manual add of passwords
2017-09-21 18:40:08 -04:00
1dae7bd3b5
safety check in case of untrusted sessionID
2017-09-21 11:09:02 -06:00
a2ef7dab9d
Modified the PowerShell keylogger to write to local file instead of stdout
2017-09-20 15:22:10 -06:00
55834180d4
Fix powerbreach modules
2017-09-20 16:27:05 -04:00
b1c359e4b9
Fix powerbreach modules
2017-09-20 16:22:04 -04:00
ee390adc27
Merge pull request #709 from clr2of8/dev
...
added option to expand ps object in order to view domain policy details
2017-09-19 17:50:14 -04:00
932aedb4aa
added option to expand powershell object in order to view domain policy details
2017-09-19 12:08:51 -06:00
086df98ed9
Merge pull request #662 from utkusen/patch-1
...
adding M2Crypto library to install.sh
2017-09-17 16:53:32 -04:00
9c7064371c
Fixes vbscript string literal quoting.
2017-09-17 14:55:35 -05:00
60d835d1e0
Invoke-PowerDump bug - corrupt hash fix
...
Fixed the bug where the hashes are not being extracted correctly when LM is disabled and history is enabled.
Rather than relying on length, LM and NT headers are checked. Four bytes at 0xa0 show if LM exists and four bytes at 0xac show if NT exists. Details on this known issue can be found in the following whitepaper from blackhat:
https://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
This same bug has been fixed in other frameworks sharing the code:
https://github.com/rapid7/metasploit-framework/pull/4233
https://github.com/trustedsec/social-engineer-toolkit/pull/98
https://github.com/samratashok/nishang/pull/3
2017-09-14 14:57:22 -05:00
dfb049ed48
Update changelog
2017-09-10 09:29:27 -04:00
a0798bb45b
Merge pull request #686 from cobbr/improved-powershell-install
...
Better powershell install, obfuscation bug fixes, fixed vbs/macro launchers
2017-09-10 09:28:52 -04:00
b0f647d4b9
Better powershell install, obfuscation bug fixes, fixed vbs/macro launchers
2017-09-10 02:12:46 -05:00
cf6f760b94
Merge pull request #676 from theguly/dev
...
add launcher_lnk with ps payload
2017-09-06 13:32:02 -04:00
df64b1e6d1
Rest fix from #657
2017-09-06 11:14:36 -04:00
2973bfe0c9
Rest fix for Deleting agent results
2017-09-06 10:57:58 -04:00
2677363e50
Merge pull request #657 from byt3bl33d3r/master
...
Removed GroupName as required option in get_group_member module, reverted a commit that broke the RESTful API
2017-09-06 10:41:45 -04:00
ef7660febd
fix quotes
...
similar to #674
2017-09-05 18:23:19 +02:00
2b2096d2e4
fix macro launcher
...
Fix typo
2017-09-05 17:23:03 +02:00
6cf73fe272
Merge pull request #677 from raminfp/master
...
Fixed global name 'ssl' is not defined
2017-09-03 19:40:05 -04:00
a67b733f2b
Fixed global name 'ssl' is not defined
2017-09-03 16:05:19 -04:00
b70ad183ee
add launcher_lnk with ps payload
2017-09-03 11:50:09 +02:00
6ec96ee1aa
Merge pull request #547 from n0clues/creds_args
...
RESTfulAPI - api/admin/login fix
2017-09-02 11:00:18 -04:00
dffd332614
Fix for #579
2017-09-02 10:58:00 -04:00
a6ae921f29
Update rest ssl.SSLContext object
2017-09-02 10:52:05 -04:00
Dirkjan Mollema
IljaSchumacher
Jim Shaver
xorrior
rvrsh3ll
root
Nikaiw
Steve Borosh
Carrie Roberts
athegist
Piotr Marszalik
cobbr
ThePirateWhoSmellsOfSunflowers
guly