Matt Nelson
95fbf7f8c5
Merge pull request #193 from subTee/master
...
regsvr32 (sct) Stager
2016-04-21 17:05:26 -04:00
Casey Smith
0686f48e37
Update regsvr32.py
2016-04-21 13:02:18 -06:00
Casey Smith
f7df5ee06a
Update regsvr32.py
2016-04-21 12:53:01 -06:00
Casey Smith
37f6e4f362
Update regsvr32.py
2016-04-21 12:52:40 -06:00
Casey Smith
eb764d1aa9
Create regsvr32.py
2016-04-21 12:49:33 -06:00
Matt Nelson
dce67beaeb
Added tab-completion for list command
2016-04-15 14:42:12 -04:00
HarmJ0y
96ac925773
Merge pull request #182 from xorrior/master
...
Added MiniEye collection module; Minor change to ChromeDump
2016-04-11 15:47:19 -07:00
xorrior
523e4458c1
Added MiniEye collection module; Minor change to ChromeDump
...
MiniEye - Collect recordings from Webcam.
ChromeDump - Modified sqlite DB connection string for read-only access.
2016-04-09 22:11:28 -04:00
HarmJ0y
54037db2b6
Merge pull request #176 from luxcupitor/dev
...
Modules for unauthenticated access to Jenkins Script Consoles to run OS commands
2016-04-08 15:12:17 -07:00
HarmJ0y
db7c1c95b3
Merge pull request #177 from n0clues/master
...
Binding Empire's native listeners to IP specified in Host option…
2016-04-06 22:21:25 -07:00
n0clues
f376dc243c
Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175
2016-04-06 14:24:02 +02:00
Lux Cupitor
4f61ecda2b
added modules for unauthenticated Jenkins Script console access
2016-04-06 08:06:24 -04:00
Harmj0y
b56e5d29ec
listener starting now returns more verbose errors on failure in console and API
...
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
2016-04-01 17:06:21 -04:00
mynameisv
917cb2b246
screeshot in jpeg and shortcut
2016-03-31 23:27:15 +02:00
Harmj0y
ac5b002301
Updated changelog and version number for 1.5.0 release.
2016-03-31 16:06:02 -04:00
HarmJ0y
dae17d1bc1
Merge pull request #165 from Kevin-Robertson/master
...
Inveigh 1.1 and Tater Modules
2016-03-31 11:13:53 -07:00
Harmj0y
c6662d8a3a
Added loading of external module directories with the 'load /DIR/' command in the main menu.
...
Solves issue #81 .
2016-03-30 23:03:02 -04:00
Kevin Robertson
32b36c9597
Comment/Notes changes and WPADResponse removal
...
Updated additional comment/notes. I removed WPADResponse from inveigh
and inveigh_bruteforce since wpad.dat code contains commas. The python
code that is parsing the commas for the array parameters is getting in
that way. I can add WPADResponse back in later.
2016-03-30 15:35:44 -04:00
Alexander
d7cf4c02c4
Merge branch 'master' of https://github.com/0xbadjuju/Empire
2016-03-30 08:27:52 -05:00
Alexander
e6aff73eb1
Merge remote-tracking branch 'refs/remotes/origin/dev'
2016-03-30 08:21:56 -05:00
Kevin Robertson
987679bd9a
Fixed missing single quote in description
2016-03-30 08:52:20 -04:00
Kevin Robertson
7a3a95f735
Sync features with updated versions of Inveigh and Tater
...
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
2016-03-29 23:55:39 -04:00
Alexander
74945a953a
Update normal.py
2016-03-29 17:00:45 -05:00
Alexander
f6fc8550b1
Added normal.dot persistence mechanism
2016-03-29 16:38:02 -05:00
Harmj0y
b3e8ebabe5
Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours
2016-03-26 00:00:40 -04:00
Harmj0y
c2ba61ca8d
added -sta to stager launching
2016-03-25 19:45:09 -04:00
Harmj0y
16fbd88339
For stagers generated through the API, if 'OutFile' is set in the
...
passed arguments, the 'Output' field in stager data return will
contain the base64 encoded value of the generated stager data.
2016-03-24 22:24:01 -04:00
Harmj0y
b43da089ef
Added POST /api/modules/<path:module_name> to task a module with specified options
...
Fix multi-stager generation bug
More exception handling in empire.py
2016-03-24 16:03:31 -04:00
Harmj0y
31eb9d387a
Changed API path from /empire/api/ to /api/
...
Fixed agent renaming bug
2016-03-23 14:30:54 -04:00
HarmJ0y
446a004cc1
Merge pull request #157 from PowerShellEmpire/restful_api
...
RESTful API
2016-03-22 14:15:25 -07:00
Harmj0y
d67bbcce15
more small bug fixes
2016-03-22 14:37:10 -04:00
Harmj0y
2a13328c5b
nav menu bug fix and standardization
2016-03-22 14:32:47 -04:00
Harmj0y
ce307aa6db
fix for issue #155
2016-03-22 01:51:23 -04:00
Harmj0y
502dc5c679
Added SSL and basic token auth to the RESTful API
...
Added random RESTful API token generation on server startup
2016-03-22 01:41:48 -04:00
Harmj0y
ae9f046aba
Added trollsploit/rick_astley to run @SadProcessor's audio rickroll
2016-03-21 23:11:12 -04:00
Harmj0y
9f1deb1d9e
Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db
2016-03-21 22:56:02 -04:00
Harmj0y
eaaea57253
Added /empire/api/listeners/kill to kill a listener specified by POST data
...
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
2016-03-21 21:50:19 -04:00
Harmj0y
334f1f4b5c
Added POST to /empire/api/stagers in API to generate stagers
...
moved empire instantiation into the restful api start
2016-03-21 21:03:32 -04:00
Harmj0y
c15f445892
Revamp of some of the backend to allow for a proper RESTful API
...
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
2016-03-21 20:20:03 -04:00
Harmj0y
e6e5222647
Added lateral_movement/new_gpo_immediate_task
2016-03-19 11:51:09 -04:00
Harmj0y
97335b83d6
-Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script()
...
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
2016-03-19 10:53:28 -04:00
Harmj0y
d5db75c3d0
-Updated PowerView.ps1 code
...
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()
-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
2016-03-19 08:38:18 -04:00
Harmj0y
2382bd0dea
Added privesc/getsystem
2016-03-11 19:31:27 -05:00
Harmj0y
da52a6268b
Attempted fix for issue #136
2016-03-03 19:33:45 -05:00
Harmj0y
08ca63fe09
First pass at stager retries.
2016-03-03 19:13:44 -05:00
Harmj0y
355db39847
Added privesc/mcafee_sitelist
2016-02-18 00:08:08 -05:00
Harmj0y
c32e3d15cd
Additional debugging on sysinfo checkin.
2016-02-17 21:58:09 -05:00
Harmj0y
3b0003f0ce
'--debug 2' now prints all debug signal output to the script as well as ./empire.debug
2016-02-17 20:06:33 -05:00
Harmj0y
b0d90be6fe
Updated changelog and version number. Added '--version' cli option.
2016-02-16 02:27:37 -05:00
Harmj0y
473be51acd
Changed '--listeners' option to '--listener'
2016-02-16 02:02:18 -05:00
Harmj0y
75ea648c49
Small bug fixes.
2016-02-16 01:53:16 -05:00
Harmj0y
734831b5fb
Added a start to cli option parsing for displaying listeners/stagers and generating stagers.
2016-02-16 01:52:32 -05:00
Harmj0y
4bab4f9484
'seachmodule' with no term now lists all modules and descriptions
2016-02-16 00:35:32 -05:00
Kevin Robertson
8b385928dc
Added Tater privesc module
...
Empire module version of https://github.com/Kevin-Robertson/Tater .
2016-02-15 18:40:09 -05:00
Harmj0y
3cf322e76a
Fix for issue #125
2016-01-14 15:57:26 -05:00
Harmj0y
c0d427cdc8
Corrected several bugs in how the workingHours window is handled in the agent
...
Added validation to the workinghours time format
2016-01-11 01:24:46 -05:00
Harmj0y
e696bb7078
spelling mistakes
2015-12-30 16:18:59 -05:00
Harmj0y
8281a9e7ba
Empire 1.4 release.
...
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
2015-12-29 19:29:05 -05:00
Harmj0y
0d30181baf
Added situational_awareness/network/powerview/find_managed_security_groups module
...
implementing @stufus' recent changes
2015-12-29 15:58:39 -05:00
Harmj0y
82fed97485
Fixed various issues for agent profile setting/handling
...
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
2015-12-29 15:57:01 -05:00
HarmJ0y
da439c441b
Merge pull request #118 from jamcut/trusted-document-store
...
Add module to enumerate trusted documents and locations for MS Office.
2015-12-27 13:03:54 -08:00
Jeff McCutchan
b7eb2852f3
Removed more commented lines
2015-12-27 00:08:27 -05:00
Jeff McCutchan
a66d2e536e
Implemented @Harmj0y changes
2015-12-27 00:04:38 -05:00
Jeff McCutchan
ffa6ca6cd0
Added reference to original .ps1 file here too...
2015-12-24 08:40:12 -05:00
Jeff McCutchan
3c7c4278fa
Change verbiage in module description
2015-12-23 14:00:06 -05:00
Jeff McCutchan
c51b33b74c
Add module to enumerate trusted documents and locations for MS Office.
2015-12-23 13:45:56 -05:00
Harmj0y
687954b6ef
-Sync of Kevin Robertson's lateral_movement/inveigh_relay module
...
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
2015-12-22 15:05:22 -05:00
HarmJ0y
c6ff79d7b8
Merge pull request #117 from stufus/add_egress_busting
...
Add Egress Checking Traffic Generator Module
2015-12-22 11:40:32 -08:00
HarmJ0y
ffe76b3828
Merge pull request #110 from Kevin-Robertson/master
...
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
2015-12-22 11:40:14 -08:00
Stuart Morgan
c2d6172587
Fixed author array
2015-12-21 23:01:38 +00:00
Stuart Morgan
4c87700c6d
Fix up verbosity
2015-12-21 22:47:54 +00:00
Stuart Morgan
cea0826222
Rework this to remove the -verbosity parameter now that Ive realised that Write-Verbose exists....:)
2015-12-21 22:18:52 +00:00
Stuart Morgan
dc9808b06b
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting
2015-12-21 20:50:11 +00:00
Harmj0y
c95d8786aa
hop.php redirector fix
...
removed requirement for credentials from lateral_movement/invoke_psremoting
2015-12-21 00:33:03 -05:00
Harmj0y
c12eac3200
Added trollsploit/rick_ascii
2015-12-16 20:36:07 -05:00
Harmj0y
bcb2f4677f
Fix for issue #112
2015-12-16 17:42:51 -05:00
Stuart Morgan
8f88c5bdce
This works! Amazingly....just needs tidying up and polishing (and sorting out the Write-Hosts)
2015-12-15 23:49:09 +00:00
Stuart Morgan
8ff5f7723a
turns out that you need commas in the options dict....:)
2015-12-15 23:38:33 +00:00
Stuart Morgan
b4ed0ceadb
Added the options to the python side
2015-12-15 23:34:38 +00:00
Stuart Morgan
d1572d325b
Continuing work
2015-12-15 23:29:00 +00:00
Kevin Robertson
6186502749
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
...
This module is a direct copy/paste of the Invoke-InveighRelay function
from the standalone version of Inveigh. The module will relay incoming
HTTP NTLMv2 authentication requests to an SMB target. If authentication
is successful and the user is a local administrator on the target
system, the specified command should be executed on the target PSexec
style. This module can be used with or without collection/inveigh. If
collection/inveigh is used, ensure that HTTP is disabled in
collection/inveigh. If this module is used without collection/inveigh,
another method will need to be employed to trigger incoming HTTP
requests.
This module has been successfully tested with Empire's launcher
one-liner to establish additional agents. In testing I observed a delay
(30 seconds or so) between the service creation message and Empire's
agent active message.
harmj0y: As I mentioned in the collection/inveigh pull request comments,
the length of the parameter names is throwing off Empire's options
command column display alignment. I'm not sure if there is an easy fix
for this. Also, I used the same code that you added to inveigh.py after
the pull request. With this code, I did not observe that the
SMBRelayCommand value needed to be wrapped in quotes.
2015-12-14 21:48:49 -05:00
Harmj0y
c1043156e1
Module argument tweaks to collection/inveigh.py
2015-12-14 16:04:49 -05:00
Kevin Robertson
e2209606aa
Synced collection/inveigh with current standalone Inveigh code
...
Direct copy/paste of Invoke-Inveigh function from current standalone
version of Inveigh. This version contains a number of
additions/changes/bug fixes. There are two primary additions that may be
useful to Empire users. The first is that 1122334455667788 is no longer
used as the default challenge over HTTP since it's now getting flagged
by SEP and maybe others. The default behavior is a random challenge for
each request. A specific challenge can also be specified through the
'challenge' parameter. The second is the ability to set a run time so
that collection/inveigh will auto-exit after a specified number of
minutes. On the python side, I have added the additional relevant
parameters and flipped the module to opsec safe since no files are
created on disk.
2015-12-13 19:31:52 -05:00
Harmj0y
93c1d46236
Updated powerview.ps1
...
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
2015-12-11 17:56:25 -05:00
Stuart Morgan
767d1f97a2
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting
2015-12-11 10:04:53 +00:00
Stuart Morgan
21ae58cea0
Added template python script (on the python side) for the egresscheck ps1
2015-12-10 19:30:07 +00:00
Harmj0y
788747fa92
Added lsadump::cache and lsadump::sam Mimikatz modules.
2015-12-09 15:20:13 -05:00
Harmj0y
d03cecbc37
Bug fix for installations transitioning to autorun code with old database.
2015-12-01 12:15:01 -05:00
HarmJ0y
9d9389d0a1
Merge pull request #104 from monoxgas/master
...
Added Hashdump using Invoke-DCSync
2015-12-01 10:28:45 -05:00
Nick Landers
7ab8cf4e94
I knew that...
2015-12-01 00:00:51 -07:00
Nick Landers
e8337f47f4
Fixing small things
2015-11-30 22:19:24 -07:00
Harmj0y
cb67368e2e
Updated version and changelog
2015-11-30 23:23:03 -05:00
Harmj0y
1ba56acc13
Added persistence/userland/backdoor_lnk
2015-11-30 23:20:49 -05:00
Nick Landers
d6443b9399
Update dcsync-hashdump.py
2015-11-30 18:27:19 -07:00
Monox Gas
5a85be3d37
Update Fixes
2015-11-30 18:21:22 -07:00
Nick Landers
63ea2f842c
Create dcsync-hashdump.py
2015-11-30 17:39:30 -07:00
Harmj0y
6df2841ff7
Combined persistence/debugger/* into persistence/misc/debugger
2015-11-30 00:54:55 -05:00
Harmj0y
1d1fa61116
Added SysWow64 option to management/spawn to spawn a 32-bit powershell.exe
2015-11-29 15:20:16 -05:00
Harmj0y
41cc316406
Added MailRaider's disable_security.py module
2015-11-29 12:48:06 -05:00
Harmj0y
66b7aa17f1
Added several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1
2015-11-29 11:58:16 -05:00