Commit Graph

322 Commits (7a3a95f7352d7bdf35b44bf1b3aeef595b22b0d8)

Author SHA1 Message Date
Kevin Robertson 7a3a95f735 Sync features with updated versions of Inveigh and Tater
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
2016-03-29 23:55:39 -04:00
Kevin Robertson 8b385928dc Added Tater privesc module
Empire module version of https://github.com/Kevin-Robertson/Tater.
2016-02-15 18:40:09 -05:00
HarmJ0y 680091974c Merge pull request #121 from PowerShellEmpire/dev
Empire 1.4 release.
2015-12-29 16:54:55 -08:00
Harmj0y 8281a9e7ba Empire 1.4 release.
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
2015-12-29 19:29:05 -05:00
HarmJ0y 83378190af Merge pull request #120 from PowerShellEmpire/dev
Dev
2015-12-29 13:03:42 -08:00
Harmj0y 0d30181baf Added situational_awareness/network/powerview/find_managed_security_groups module
implementing @stufus' recent changes
2015-12-29 15:58:39 -05:00
Harmj0y 82fed97485 Fixed various issues for agent profile setting/handling
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
2015-12-29 15:57:01 -05:00
HarmJ0y d152e71949 Merge pull request #119 from stufus/identify_ad_managed_security_groups
Identify Managed AD Security Groups
2015-12-28 15:19:21 -08:00
Stuart Morgan f02e675f52 Renamed to Find-ManagedSecurityGroups at @harmjoy's request 2015-12-28 17:44:16 +00:00
Stuart Morgan d82f5208a7 Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into identify_ad_managed_security_groups 2015-12-28 17:40:17 +00:00
HarmJ0y da439c441b Merge pull request #118 from jamcut/trusted-document-store
Add module to enumerate trusted documents and locations for MS Office.
2015-12-27 13:03:54 -08:00
Jeff McCutchan b7eb2852f3 Removed more commented lines 2015-12-27 00:08:27 -05:00
Jeff McCutchan a66d2e536e Implemented @Harmj0y changes 2015-12-27 00:04:38 -05:00
Jeff McCutchan ffa6ca6cd0 Added reference to original .ps1 file here too... 2015-12-24 08:40:12 -05:00
Jeff McCutchan d49b080037 Added GitHub link to Notes section of ps1 file 2015-12-24 08:35:50 -05:00
Stuart Morgan c7dfa63ee8 Added description 2015-12-24 11:59:12 +00:00
Stuart Morgan 74abeaa2a6 Added link to PR 2015-12-24 11:56:11 +00:00
Stuart Morgan 264863b7bc remove debugging print 2015-12-24 11:48:11 +00:00
Stuart Morgan bc949a8ae4 use samaccountname for the username 2015-12-24 11:47:52 +00:00
Stuart Morgan 3f49d7fcfe Remove trailing spaces 2015-12-24 11:34:02 +00:00
Stuart Morgan a078c2bd76 Works 2015-12-24 11:23:24 +00:00
Jeff McCutchan 3c7c4278fa Change verbiage in module description 2015-12-23 14:00:06 -05:00
Jeff McCutchan c51b33b74c Add module to enumerate trusted documents and locations for MS Office. 2015-12-23 13:45:56 -05:00
Stuart Morgan 0a3aaecb13 Update 2015-12-23 17:02:10 +00:00
Harmj0y 687954b6ef -Sync of Kevin Robertson's lateral_movement/inveigh_relay module
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
2015-12-22 15:05:22 -05:00
HarmJ0y c6ff79d7b8 Merge pull request #117 from stufus/add_egress_busting
Add Egress Checking Traffic Generator Module
2015-12-22 11:40:32 -08:00
HarmJ0y ffe76b3828 Merge pull request #110 from Kevin-Robertson/master
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
2015-12-22 11:40:14 -08:00
Stuart Morgan dbbe61df41 Broken -but adding notes for testing nTSecurityDescriptor 2015-12-22 00:23:44 +00:00
Stuart Morgan 150d89d292 Initial module creation 2015-12-21 23:13:13 +00:00
Stuart Morgan c2d6172587 Fixed author array 2015-12-21 23:01:38 +00:00
Stuart Morgan c97acb0ee6 Fix comments 2015-12-21 22:49:06 +00:00
Stuart Morgan f98844d905 Fix comments 2015-12-21 22:48:39 +00:00
Stuart Morgan 4c87700c6d Fix up verbosity 2015-12-21 22:47:54 +00:00
Stuart Morgan cea0826222 Rework this to remove the -verbosity parameter now that Ive realised that Write-Verbose exists....:) 2015-12-21 22:18:52 +00:00
Stuart Morgan dc9808b06b Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting 2015-12-21 20:50:11 +00:00
Stuart Morgan 8401be21f4 Updated header 2015-12-21 20:48:48 +00:00
Stuart Morgan d48563e6e8 Sorted out verbose output 2015-12-21 20:44:51 +00:00
Harmj0y c95d8786aa hop.php redirector fix
removed requirement for credentials from lateral_movement/invoke_psremoting
2015-12-21 00:33:03 -05:00
Harmj0y c12eac3200 Added trollsploit/rick_ascii 2015-12-16 20:36:07 -05:00
Harmj0y bcb2f4677f Fix for issue #112 2015-12-16 17:42:51 -05:00
Stuart Morgan 8f88c5bdce This works! Amazingly....just needs tidying up and polishing (and sorting out the Write-Hosts) 2015-12-15 23:49:09 +00:00
Stuart Morgan 8ff5f7723a turns out that you need commas in the options dict....:) 2015-12-15 23:38:33 +00:00
Stuart Morgan b4ed0ceadb Added the options to the python side 2015-12-15 23:34:38 +00:00
Stuart Morgan d1572d325b Continuing work 2015-12-15 23:29:00 +00:00
Kevin Robertson 6186502749 Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
This module is a direct copy/paste of the Invoke-InveighRelay function
from the standalone version of Inveigh. The module will relay incoming
HTTP NTLMv2 authentication requests to an SMB target. If authentication
is successful and the user is a local administrator on the target
system, the specified command should be executed on the target PSexec
style. This module can be used with or without collection/inveigh. If
collection/inveigh is used, ensure that HTTP is disabled in
collection/inveigh. If this module is used without collection/inveigh,
another method will need to be employed to trigger incoming HTTP
requests.

This module has been successfully tested with Empire's  launcher
one-liner to establish additional agents. In testing I observed a delay
(30 seconds or so) between the service creation message and Empire's
agent active message.

harmj0y: As I mentioned in the collection/inveigh pull request comments,
the length of the parameter names is throwing off Empire's options
command column display alignment. I'm not sure if there is an easy fix
for this. Also, I used the same code that you added to inveigh.py after
the pull request. With this code, I did not observe that the
SMBRelayCommand value needed to be wrapped in quotes.
2015-12-14 21:48:49 -05:00
Harmj0y c1043156e1 Module argument tweaks to collection/inveigh.py 2015-12-14 16:04:49 -05:00
HarmJ0y 4ccc6088e0 Merge pull request #108 from Kevin-Robertson/master
Synced collection/inveigh with current standalone Inveigh code
2015-12-14 15:57:23 -05:00
Kevin Robertson e2209606aa Synced collection/inveigh with current standalone Inveigh code
Direct copy/paste of Invoke-Inveigh function from current standalone
version of Inveigh.  This version contains a number of
additions/changes/bug fixes. There are two primary additions that may be
useful to Empire users. The first is that 1122334455667788 is no longer
used as the default challenge over HTTP since it's now getting flagged
by SEP and maybe others. The default behavior is a random challenge for
each request. A specific challenge can also be specified through the
'challenge' parameter. The second is the ability to set a run time so
that collection/inveigh will auto-exit after a specified number of
minutes. On the python side, I have added the additional relevant
parameters and flipped the module to opsec safe since no files are
created on disk.
2015-12-13 19:31:52 -05:00
Harmj0y 93c1d46236 Updated powerview.ps1
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
2015-12-11 17:56:25 -05:00
enigma0x3 e7421af423 Merge pull request #106 from mubix/installautomation
allow for setup automation
2015-12-11 13:57:38 -05:00