infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,122 Commits
11 Branches
13 Tags
21 MiB
Commit Graph

254 Commits (8ddeb63137d8b79c5144dc6a56edb74d3b9cf52d)

Author SHA1 Message Date
Harmj0y bec33f73ac moved collection/keethief to collection/vaults/keethief 
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
 2016-07-20 23:44:30 -04:00
Harmj0y 7790b250a2 misc. bug fixes and standardization updates 2016-07-20 23:39:25 -04:00
Harmj0y fe43560bad Fix for issue #285 - credential export supporting commas 
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
 2016-07-20 21:28:27 -04:00
Harmj0y 7167f22500 added system name to screenshot output for issue #273 
start of code pep8/pylint standardization - various cleaning
 2016-07-20 19:06:42 -04:00
Harmj0y ece3a3b540 fix for issue #248 2016-07-16 21:54:18 -04:00
Harmj0y 7d697cb4b7 Expanded 'creds X' query to search domain and password as well, wildcards (*) accepted 2016-07-16 21:27:35 -04:00
Harmj0y 21893bacde Fix for issue #257 - sysinfo now tasked after steal_token/revtoself 2016-07-15 19:14:43 -04:00
Harmj0y c38256ab5c Semi-global interact command for issue #258 2016-07-15 18:56:38 -04:00
Harmj0y 75f3e2c410 Merge branch 'dev' of https://github.com/PowerShellEmpire/Empire into dev 2016-07-15 18:06:49 -04:00
Harmj0y 7c5a07581d Fix for issue #221 2016-07-15 18:06:20 -04:00
enigma0x3 8666d5f5f8 included fix by @i223t for 417 Expectation failed error when going through older Squid proxies 2016-06-24 22:51:46 -04:00
Harmj0y 0fb6599c77 More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219 2016-05-27 14:37:15 -04:00
Harmj0y b977dec1ae Updated PowerView 
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
 2016-04-24 11:26:39 -04:00
Harmj0y f699ec510d Fix for issue #178 2016-04-24 10:29:11 -04:00
Matt Nelson dce67beaeb Added tab-completion for list command 2016-04-15 14:42:12 -04:00
HarmJ0y db7c1c95b3 Merge pull request #177 from n0clues/master 
Binding Empire's native listeners to IP specified in Host option…
 2016-04-06 22:21:25 -07:00
n0clues f376dc243c Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175 2016-04-06 14:24:02 +02:00
Harmj0y b56e5d29ec listener starting now returns more verbose errors on failure in console and API 
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
 2016-04-01 17:06:21 -04:00
mynameisv 917cb2b246 screeshot in jpeg and shortcut 2016-03-31 23:27:15 +02:00
Harmj0y ac5b002301 Updated changelog and version number for 1.5.0 release. 2016-03-31 16:06:02 -04:00
Harmj0y c6662d8a3a Added loading of external module directories with the 'load /DIR/' command in the main menu. 
Solves issue #81.
 2016-03-30 23:03:02 -04:00
Harmj0y b3e8ebabe5 Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours 2016-03-26 00:00:40 -04:00
Harmj0y c2ba61ca8d added -sta to stager launching 2016-03-25 19:45:09 -04:00
Harmj0y b43da089ef Added POST /api/modules/<path:module_name> to task a module with specified options 
Fix multi-stager generation bug
More exception handling in empire.py
 2016-03-24 16:03:31 -04:00
Harmj0y 31eb9d387a Changed API path from /empire/api/ to /api/ 
Fixed agent renaming bug
 2016-03-23 14:30:54 -04:00
Harmj0y d67bbcce15 more small bug fixes 2016-03-22 14:37:10 -04:00
Harmj0y 2a13328c5b nav menu bug fix and standardization 2016-03-22 14:32:47 -04:00
Harmj0y ce307aa6db fix for issue #155 2016-03-22 01:51:23 -04:00
Harmj0y 502dc5c679 Added SSL and basic token auth to the RESTful API 
Added random RESTful API token generation on server startup
 2016-03-22 01:41:48 -04:00
Harmj0y 9f1deb1d9e Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db 2016-03-21 22:56:02 -04:00
Harmj0y eaaea57253 Added /empire/api/listeners/kill to kill a listener specified by POST data 
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
 2016-03-21 21:50:19 -04:00
Harmj0y 334f1f4b5c Added POST to /empire/api/stagers in API to generate stagers 
moved empire instantiation into the restful api start
 2016-03-21 21:03:32 -04:00
Harmj0y c15f445892 Revamp of some of the backend to allow for a proper RESTful API 
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
 2016-03-21 20:20:03 -04:00
Harmj0y e6e5222647 Added lateral_movement/new_gpo_immediate_task 2016-03-19 11:51:09 -04:00
Harmj0y 97335b83d6 -Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script() 
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
 2016-03-19 10:53:28 -04:00
Harmj0y d5db75c3d0 -Updated PowerView.ps1 code 
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()

-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
 2016-03-19 08:38:18 -04:00
Harmj0y da52a6268b Attempted fix for issue #136 2016-03-03 19:33:45 -05:00
Harmj0y 08ca63fe09 First pass at stager retries. 2016-03-03 19:13:44 -05:00
Harmj0y c32e3d15cd Additional debugging on sysinfo checkin. 2016-02-17 21:58:09 -05:00
Harmj0y 3b0003f0ce '--debug 2' now prints all debug signal output to the script as well as ./empire.debug 2016-02-17 20:06:33 -05:00
Harmj0y b0d90be6fe Updated changelog and version number. Added '--version' cli option. 2016-02-16 02:27:37 -05:00
Harmj0y 473be51acd Changed '--listeners' option to '--listener' 2016-02-16 02:02:18 -05:00
Harmj0y 75ea648c49 Small bug fixes. 2016-02-16 01:53:16 -05:00
Harmj0y 734831b5fb Added a start to cli option parsing for displaying listeners/stagers and generating stagers. 2016-02-16 01:52:32 -05:00
Harmj0y 4bab4f9484 'seachmodule' with no term now lists all modules and descriptions 2016-02-16 00:35:32 -05:00
Harmj0y 3cf322e76a Fix for issue #125 2016-01-14 15:57:26 -05:00
Harmj0y c0d427cdc8 Corrected several bugs in how the workingHours window is handled in the agent 
Added validation to the workinghours time format
 2016-01-11 01:24:46 -05:00
Harmj0y 8281a9e7ba Empire 1.4 release. 
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
 2015-12-29 19:29:05 -05:00
Harmj0y 82fed97485 Fixed various issues for agent profile setting/handling 
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
 2015-12-29 15:57:01 -05:00
Harmj0y 687954b6ef -Sync of Kevin Robertson's lateral_movement/inveigh_relay module 
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
 2015-12-22 15:05:22 -05:00
Harmj0y c95d8786aa hop.php redirector fix 
removed requirement for credentials from lateral_movement/invoke_psremoting
 2015-12-21 00:33:03 -05:00
Harmj0y c12eac3200 Added trollsploit/rick_ascii 2015-12-16 20:36:07 -05:00
Harmj0y 93c1d46236 Updated powerview.ps1 
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
 2015-12-11 17:56:25 -05:00
Harmj0y d03cecbc37 Bug fix for installations transitioning to autorun code with old database. 2015-12-01 12:15:01 -05:00
Harmj0y cb67368e2e Updated version and changelog 2015-11-30 23:23:03 -05:00
Harmj0y 66b7aa17f1 Added several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1 2015-11-29 11:58:16 -05:00
Harmj0y 743fe02b44 Removed non-ascii character from Get-FoxDump.ps1 
Added ascii check before module tasking
 2015-11-28 20:24:45 -05:00
HarmJ0y ddb47c3cdb Merge pull request #98 from PowerShellEmpire/script_autorun 
Script autorun
 2015-11-24 17:07:14 -05:00
Harmj0y 3817385bb2 Fixed agent result caching bug (again) 
Fixed multiple agent-interaction bug that causes results to be displayed simultaneously
 2015-11-24 00:41:16 -05:00
Harmj0y e59844be72 Added ability to set a script to run on each agent checkin with "set Agent autorun" in module menu. 
"(Empire: agents) > clear autorun" will clear out any current autoruns
WARNING: this requires a DB schema mod to work correctly, meaning you will lose current
agent connection information if run!
 2015-11-22 17:25:28 -05:00
Harmj0y 8637a49338 Fixed nested menu bug that caused buildup of "Agent X not active." 
Main display menu now shows each time "main" menu is entered.
 2015-11-21 20:03:40 -05:00
Harmj0y 2c14853b29 Fix for exploitation/exploit_jboss 2015-11-21 18:07:57 -05:00
Harmj0y 7252718537 derp 2015-11-08 19:00:03 -05:00
Harmj0y 7db7ec6bbc All PowerUp modules now dynamically built from a single source file 
PowerUp bug fixes
Added privesc/powerup/service_exe_restore, pulled logic from other modules
Added management/spawnas to spawn agents with explicit credentials
Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
Write-Verbose and Write-Debug lines now stripped from tasked scripts
 2015-11-08 18:51:57 -05:00
Harmj0y 55709598d5 Bug fix in some packet responses. 2015-11-02 14:52:46 -05:00
Harmj0y 1bedcee211 Updated version number and changelog for 1.3.1 2015-10-30 12:08:57 -04:00
Harmj0y 0cbdb165a2 -Updated powerview.ps1 source to Version 2.0 
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
 2015-10-23 21:40:06 -04:00
Harmj0y 6be3d4ce8b remove debug 2015-09-22 09:34:27 -04:00
Harmj0y 858f6b3a1c Additional download file path checks. 2015-09-22 09:33:21 -04:00
Harmj0y 9079a54119 Fix for 'skywalker' file overwrite exploit on control server. 
Thank you to @zeroSteiner for the disclosure!
 2015-09-21 22:32:46 -04:00
Harmj0y a92189b95c Updated changelog and version for 1.2 release. 2015-08-30 15:59:50 -04:00
Harmj0y e1cdef1d19 Removed print output 2015-08-30 15:47:47 -04:00
Harmj0y 40fda2dd04 Merge branch 'master' of https://github.com/PowerShellEmpire/Empire 2015-08-29 20:35:10 -04:00
Harmj0y c021bdf6f3 Credentials from collection/prompt now scraped into the creds db 2015-08-29 20:34:23 -04:00
Harmj0y 788be8b06a Converted message HMAC from MD5 to SHA1 2015-08-27 18:40:19 -04:00
sixdub d1ce277330 Merge branch 'master' into international_support 2015-08-24 22:56:58 -04:00
sixdub 32e95b4f93 Fixed credential parsing bug 2015-08-24 18:42:32 -04:00
Harmj0y b2cca2f3fd Added credentials/mimikatz/dcsync for remote DC credential extraction 
Added situational_awareness/network/get_domaintrusts
Added /sids argument for credentials/mimikatz/golden_ticket
Added credential parsing for dcsync output
updated links for PowerTools
 2015-08-24 17:33:35 -04:00
root 31febba7cb Modified packet. Support unicode chars in agent 2015-08-24 09:04:21 -04:00
Justin cf935db0ae Merge pull request #18 from 1njected/master 
Added support for custom proxy and fixed Epoch/counter to support other cultures/datetime-formats
 2015-08-24 08:00:58 -04:00
Harmj0y 54c7300998 Tweaks to fix for issue #23 2015-08-21 15:24:12 -04:00
Harmj0y b434102f2c Error handling for issue #23 2015-08-21 14:17:55 -04:00
Harmj0y 5b40197fd5 'list [agents/listeners] <modifier>' should now be a universal option in every menu 
Added 'run' alias for 'execute' in listener menu as well.
 2015-08-20 19:08:40 -04:00
Harmj0y 0e0c94b94a Aliased run for execute. 2015-08-20 18:49:23 -04:00
Harmj0y 804e1a01a2 Revamped basic shell operations in agent core (cp, dir, mv, etc.) 
Standardized UNC path normalization in agent core
added hostname alias
 2015-08-20 15:32:26 -04:00
Harmj0y 39d974bb09 Continued porting native shell commands to WMI replacents in agent core 
In agent menu, 'shell CMD' now runs straight IEX CMD, and 'help agentcmds' shows safe aliases
Modified ./setup/reset.sh to work from parent or ./setup/ folders
 2015-08-20 14:35:42 -04:00
Harmj0y 4bb0bc4d47 Corrected menu behavior on agent exit, bug fix on some dir behavior 2015-08-19 15:51:36 -04:00
Tomas Rzepka cf96626e8d Added support for custom proxy. 2015-08-19 10:00:32 +02:00
Harmj0y 2b499a559c Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner 2015-08-16 10:46:12 -04:00
sixdub 4a1a4e6960 Fixed IOError 2015-08-14 09:43:12 -04:00
enigma0x3 7ca33a108e Update messages.py 2015-08-14 09:42:54 -04:00
enigma0x3 3222556c2c Update empire.py 2015-08-14 09:42:54 -04:00
enigma0x3 6ace392e19 added additional delay to intervalmax 
Ensures only stale agents are actually listed.
 2015-08-14 09:42:54 -04:00
Harmj0y d44b1f1ec6 Added "list stale" and "remove stale" agents commands to list/remove 
agents past their max checkins.
 2015-08-14 09:42:54 -04:00
Harmj0y 8423c4f3bf "agents> remove X" now removes agents that checked in > X minutes ago 2015-08-14 09:42:54 -04:00
Rohan Vazarkar bdfec8c732 Updated title credits to include enigma0x3 2015-08-14 09:42:54 -04:00
Harmj0y 404d435bb0 Fixed agent.log output bug with new lostlimit logic. 2015-08-14 09:42:54 -04:00
Harmj0y 02c25719a1 Few bug fixes for the LostAgentDetection code. 2015-08-14 09:42:54 -04:00
sixdub da6c5a983c Updated Lost Agent Detection 2015-08-14 09:42:54 -04:00
sixdub 834b5c03fc Added missed CB limits 2015-08-14 09:42:54 -04:00
enigma0x3 ef6b645ffe updated to fix usestager tab completion bug 2015-08-10 09:06:13 -04:00
enigma0x3 57c2d26333 updated ip_whitelist from file 
when setting whitelists from a text file, empire adds the contents of that file to the IP black lists. updated to ensure it adds the IPs to the correct list.
 2015-08-10 07:53:22 -04:00
Jon Cave 4624cff0e6 Authenticate the encrypted communications 2015-08-08 18:54:02 +01:00
Harmj0y 751d0c15d6 Initial BSidesLV '15 release of v1.0.0 2015-08-05 14:36:39 -04:00