Harmj0y
bec33f73ac
moved collection/keethief to collection/vaults/keethief
...
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
2016-07-20 23:44:30 -04:00
Harmj0y
7790b250a2
misc. bug fixes and standardization updates
2016-07-20 23:39:25 -04:00
Harmj0y
fe43560bad
Fix for issue #285 - credential export supporting commas
...
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
2016-07-20 21:28:27 -04:00
Harmj0y
7167f22500
added system name to screenshot output for issue #273
...
start of code pep8/pylint standardization - various cleaning
2016-07-20 19:06:42 -04:00
Harmj0y
ece3a3b540
fix for issue #248
2016-07-16 21:54:18 -04:00
Harmj0y
7d697cb4b7
Expanded 'creds X' query to search domain and password as well, wildcards (*) accepted
2016-07-16 21:27:35 -04:00
Harmj0y
21893bacde
Fix for issue #257 - sysinfo now tasked after steal_token/revtoself
2016-07-15 19:14:43 -04:00
Harmj0y
c38256ab5c
Semi-global interact command for issue #258
2016-07-15 18:56:38 -04:00
Harmj0y
75f3e2c410
Merge branch 'dev' of https://github.com/PowerShellEmpire/Empire into dev
2016-07-15 18:06:49 -04:00
Harmj0y
7c5a07581d
Fix for issue #221
2016-07-15 18:06:20 -04:00
enigma0x3
8666d5f5f8
included fix by @i223t for 417 Expectation failed error when going through older Squid proxies
2016-06-24 22:51:46 -04:00
Harmj0y
0fb6599c77
More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219
2016-05-27 14:37:15 -04:00
Harmj0y
b977dec1ae
Updated PowerView
...
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
2016-04-24 11:26:39 -04:00
Harmj0y
f699ec510d
Fix for issue #178
2016-04-24 10:29:11 -04:00
Matt Nelson
dce67beaeb
Added tab-completion for list command
2016-04-15 14:42:12 -04:00
HarmJ0y
db7c1c95b3
Merge pull request #177 from n0clues/master
...
Binding Empire's native listeners to IP specified in Host option…
2016-04-06 22:21:25 -07:00
n0clues
f376dc243c
Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175
2016-04-06 14:24:02 +02:00
Harmj0y
b56e5d29ec
listener starting now returns more verbose errors on failure in console and API
...
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
2016-04-01 17:06:21 -04:00
mynameisv
917cb2b246
screeshot in jpeg and shortcut
2016-03-31 23:27:15 +02:00
Harmj0y
ac5b002301
Updated changelog and version number for 1.5.0 release.
2016-03-31 16:06:02 -04:00
Harmj0y
c6662d8a3a
Added loading of external module directories with the 'load /DIR/' command in the main menu.
...
Solves issue #81 .
2016-03-30 23:03:02 -04:00
Harmj0y
b3e8ebabe5
Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours
2016-03-26 00:00:40 -04:00
Harmj0y
c2ba61ca8d
added -sta to stager launching
2016-03-25 19:45:09 -04:00
Harmj0y
b43da089ef
Added POST /api/modules/<path:module_name> to task a module with specified options
...
Fix multi-stager generation bug
More exception handling in empire.py
2016-03-24 16:03:31 -04:00
Harmj0y
31eb9d387a
Changed API path from /empire/api/ to /api/
...
Fixed agent renaming bug
2016-03-23 14:30:54 -04:00
Harmj0y
d67bbcce15
more small bug fixes
2016-03-22 14:37:10 -04:00
Harmj0y
2a13328c5b
nav menu bug fix and standardization
2016-03-22 14:32:47 -04:00
Harmj0y
ce307aa6db
fix for issue #155
2016-03-22 01:51:23 -04:00
Harmj0y
502dc5c679
Added SSL and basic token auth to the RESTful API
...
Added random RESTful API token generation on server startup
2016-03-22 01:41:48 -04:00
Harmj0y
9f1deb1d9e
Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db
2016-03-21 22:56:02 -04:00
Harmj0y
eaaea57253
Added /empire/api/listeners/kill to kill a listener specified by POST data
...
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
2016-03-21 21:50:19 -04:00
Harmj0y
334f1f4b5c
Added POST to /empire/api/stagers in API to generate stagers
...
moved empire instantiation into the restful api start
2016-03-21 21:03:32 -04:00
Harmj0y
c15f445892
Revamp of some of the backend to allow for a proper RESTful API
...
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
2016-03-21 20:20:03 -04:00
Harmj0y
e6e5222647
Added lateral_movement/new_gpo_immediate_task
2016-03-19 11:51:09 -04:00
Harmj0y
97335b83d6
-Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script()
...
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
2016-03-19 10:53:28 -04:00
Harmj0y
d5db75c3d0
-Updated PowerView.ps1 code
...
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()
-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
2016-03-19 08:38:18 -04:00
Harmj0y
da52a6268b
Attempted fix for issue #136
2016-03-03 19:33:45 -05:00
Harmj0y
08ca63fe09
First pass at stager retries.
2016-03-03 19:13:44 -05:00
Harmj0y
c32e3d15cd
Additional debugging on sysinfo checkin.
2016-02-17 21:58:09 -05:00
Harmj0y
3b0003f0ce
'--debug 2' now prints all debug signal output to the script as well as ./empire.debug
2016-02-17 20:06:33 -05:00
Harmj0y
b0d90be6fe
Updated changelog and version number. Added '--version' cli option.
2016-02-16 02:27:37 -05:00
Harmj0y
473be51acd
Changed '--listeners' option to '--listener'
2016-02-16 02:02:18 -05:00
Harmj0y
75ea648c49
Small bug fixes.
2016-02-16 01:53:16 -05:00
Harmj0y
734831b5fb
Added a start to cli option parsing for displaying listeners/stagers and generating stagers.
2016-02-16 01:52:32 -05:00
Harmj0y
4bab4f9484
'seachmodule' with no term now lists all modules and descriptions
2016-02-16 00:35:32 -05:00
Harmj0y
3cf322e76a
Fix for issue #125
2016-01-14 15:57:26 -05:00
Harmj0y
c0d427cdc8
Corrected several bugs in how the workingHours window is handled in the agent
...
Added validation to the workinghours time format
2016-01-11 01:24:46 -05:00
Harmj0y
8281a9e7ba
Empire 1.4 release.
...
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
2015-12-29 19:29:05 -05:00
Harmj0y
82fed97485
Fixed various issues for agent profile setting/handling
...
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
2015-12-29 15:57:01 -05:00
Harmj0y
687954b6ef
-Sync of Kevin Robertson's lateral_movement/inveigh_relay module
...
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
2015-12-22 15:05:22 -05:00
Harmj0y
c95d8786aa
hop.php redirector fix
...
removed requirement for credentials from lateral_movement/invoke_psremoting
2015-12-21 00:33:03 -05:00
Harmj0y
c12eac3200
Added trollsploit/rick_ascii
2015-12-16 20:36:07 -05:00
Harmj0y
93c1d46236
Updated powerview.ps1
...
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
2015-12-11 17:56:25 -05:00
Harmj0y
d03cecbc37
Bug fix for installations transitioning to autorun code with old database.
2015-12-01 12:15:01 -05:00
Harmj0y
cb67368e2e
Updated version and changelog
2015-11-30 23:23:03 -05:00
Harmj0y
66b7aa17f1
Added several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1
2015-11-29 11:58:16 -05:00
Harmj0y
743fe02b44
Removed non-ascii character from Get-FoxDump.ps1
...
Added ascii check before module tasking
2015-11-28 20:24:45 -05:00
HarmJ0y
ddb47c3cdb
Merge pull request #98 from PowerShellEmpire/script_autorun
...
Script autorun
2015-11-24 17:07:14 -05:00
Harmj0y
3817385bb2
Fixed agent result caching bug (again)
...
Fixed multiple agent-interaction bug that causes results to be displayed simultaneously
2015-11-24 00:41:16 -05:00
Harmj0y
e59844be72
Added ability to set a script to run on each agent checkin with "set Agent autorun" in module menu.
...
"(Empire: agents) > clear autorun" will clear out any current autoruns
WARNING: this requires a DB schema mod to work correctly, meaning you will lose current
agent connection information if run!
2015-11-22 17:25:28 -05:00
Harmj0y
8637a49338
Fixed nested menu bug that caused buildup of "Agent X not active."
...
Main display menu now shows each time "main" menu is entered.
2015-11-21 20:03:40 -05:00
Harmj0y
2c14853b29
Fix for exploitation/exploit_jboss
2015-11-21 18:07:57 -05:00
Harmj0y
7252718537
derp
2015-11-08 19:00:03 -05:00
Harmj0y
7db7ec6bbc
All PowerUp modules now dynamically built from a single source file
...
PowerUp bug fixes
Added privesc/powerup/service_exe_restore, pulled logic from other modules
Added management/spawnas to spawn agents with explicit credentials
Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
Write-Verbose and Write-Debug lines now stripped from tasked scripts
2015-11-08 18:51:57 -05:00
Harmj0y
55709598d5
Bug fix in some packet responses.
2015-11-02 14:52:46 -05:00
Harmj0y
1bedcee211
Updated version number and changelog for 1.3.1
2015-10-30 12:08:57 -04:00
Harmj0y
0cbdb165a2
-Updated powerview.ps1 source to Version 2.0
...
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
2015-10-23 21:40:06 -04:00
Harmj0y
6be3d4ce8b
remove debug
2015-09-22 09:34:27 -04:00
Harmj0y
858f6b3a1c
Additional download file path checks.
2015-09-22 09:33:21 -04:00
Harmj0y
9079a54119
Fix for 'skywalker' file overwrite exploit on control server.
...
Thank you to @zeroSteiner for the disclosure!
2015-09-21 22:32:46 -04:00
Harmj0y
a92189b95c
Updated changelog and version for 1.2 release.
2015-08-30 15:59:50 -04:00
Harmj0y
e1cdef1d19
Removed print output
2015-08-30 15:47:47 -04:00
Harmj0y
40fda2dd04
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire
2015-08-29 20:35:10 -04:00
Harmj0y
c021bdf6f3
Credentials from collection/prompt now scraped into the creds db
2015-08-29 20:34:23 -04:00
Harmj0y
788be8b06a
Converted message HMAC from MD5 to SHA1
2015-08-27 18:40:19 -04:00
sixdub
d1ce277330
Merge branch 'master' into international_support
2015-08-24 22:56:58 -04:00
sixdub
32e95b4f93
Fixed credential parsing bug
2015-08-24 18:42:32 -04:00
Harmj0y
b2cca2f3fd
Added credentials/mimikatz/dcsync for remote DC credential extraction
...
Added situational_awareness/network/get_domaintrusts
Added /sids argument for credentials/mimikatz/golden_ticket
Added credential parsing for dcsync output
updated links for PowerTools
2015-08-24 17:33:35 -04:00
root
31febba7cb
Modified packet. Support unicode chars in agent
2015-08-24 09:04:21 -04:00
Justin
cf935db0ae
Merge pull request #18 from 1njected/master
...
Added support for custom proxy and fixed Epoch/counter to support other cultures/datetime-formats
2015-08-24 08:00:58 -04:00
Harmj0y
54c7300998
Tweaks to fix for issue #23
2015-08-21 15:24:12 -04:00
Harmj0y
b434102f2c
Error handling for issue #23
2015-08-21 14:17:55 -04:00
Harmj0y
5b40197fd5
'list [agents/listeners] <modifier>' should now be a universal option in every menu
...
Added 'run' alias for 'execute' in listener menu as well.
2015-08-20 19:08:40 -04:00
Harmj0y
0e0c94b94a
Aliased run for execute.
2015-08-20 18:49:23 -04:00
Harmj0y
804e1a01a2
Revamped basic shell operations in agent core (cp, dir, mv, etc.)
...
Standardized UNC path normalization in agent core
added hostname alias
2015-08-20 15:32:26 -04:00
Harmj0y
39d974bb09
Continued porting native shell commands to WMI replacents in agent core
...
In agent menu, 'shell CMD' now runs straight IEX CMD, and 'help agentcmds' shows safe aliases
Modified ./setup/reset.sh to work from parent or ./setup/ folders
2015-08-20 14:35:42 -04:00
Harmj0y
4bb0bc4d47
Corrected menu behavior on agent exit, bug fix on some dir behavior
2015-08-19 15:51:36 -04:00
Tomas Rzepka
cf96626e8d
Added support for custom proxy.
2015-08-19 10:00:32 +02:00
Harmj0y
2b499a559c
Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner
2015-08-16 10:46:12 -04:00
sixdub
4a1a4e6960
Fixed IOError
2015-08-14 09:43:12 -04:00
enigma0x3
7ca33a108e
Update messages.py
2015-08-14 09:42:54 -04:00
enigma0x3
3222556c2c
Update empire.py
2015-08-14 09:42:54 -04:00
enigma0x3
6ace392e19
added additional delay to intervalmax
...
Ensures only stale agents are actually listed.
2015-08-14 09:42:54 -04:00
Harmj0y
d44b1f1ec6
Added "list stale" and "remove stale" agents commands to list/remove
...
agents past their max checkins.
2015-08-14 09:42:54 -04:00
Harmj0y
8423c4f3bf
"agents> remove X" now removes agents that checked in > X minutes ago
2015-08-14 09:42:54 -04:00
Rohan Vazarkar
bdfec8c732
Updated title credits to include enigma0x3
2015-08-14 09:42:54 -04:00
Harmj0y
404d435bb0
Fixed agent.log output bug with new lostlimit logic.
2015-08-14 09:42:54 -04:00
Harmj0y
02c25719a1
Few bug fixes for the LostAgentDetection code.
2015-08-14 09:42:54 -04:00
sixdub
da6c5a983c
Updated Lost Agent Detection
2015-08-14 09:42:54 -04:00
sixdub
834b5c03fc
Added missed CB limits
2015-08-14 09:42:54 -04:00
enigma0x3
ef6b645ffe
updated to fix usestager tab completion bug
2015-08-10 09:06:13 -04:00
enigma0x3
57c2d26333
updated ip_whitelist from file
...
when setting whitelists from a text file, empire adds the contents of that file to the IP black lists. updated to ensure it adds the IPs to the correct list.
2015-08-10 07:53:22 -04:00
Jon Cave
4624cff0e6
Authenticate the encrypted communications
2015-08-08 18:54:02 +01:00
Harmj0y
751d0c15d6
Initial BSidesLV '15 release of v1.0.0
2015-08-05 14:36:39 -04:00