infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,122 Commits
11 Branches
13 Tags
21 MiB
Commit Graph

690 Commits (8ddeb63137d8b79c5144dc6a56edb74d3b9cf52d)

Author SHA1 Message Date
byt3bl33d3r b539e12347 Fixed RESTAPI (issue #507) 2017-05-20 15:33:03 -06:00
ceramicskate0 ead6669eb0 fixed missing variables 
fixed missing vari and added more random name generation algo
 2017-05-18 19:19:38 -05:00
ceramicskate0 772f6818b4 Update macro.py 2017-05-18 18:50:38 -05:00
ceramicskate0 72e91e55d6 fix LengthOfVari missing error 2017-05-17 11:53:08 -05:00
Etienne Stalmans 417e66df65 liniaal agents to use with https://github.com/sensepost/liniaal 2017-05-17 08:50:49 +01:00
cobbr d9a734a82e Fix two more escape issues 2017-05-16 21:10:04 -05:00
cobbr 4c20594217 Improved PowerShell install, fix escape display bug 2017-05-16 21:02:53 -05:00
ceramicskate0 99d0b12b1d randomize variable names and method names 
Make random variable and method names in VB macro code so that it looks different every time its run and runs the same every time
 2017-05-16 19:59:43 -05:00
rvrsh3ll 6d88e8ee1b GetSchwifty fix 2017-05-16 09:25:27 -04:00
rvrsh3ll ec6daaba3f GetSchwifty fix 2017-05-16 09:23:45 -04:00
rvrsh3ll 7ad76fdc1f Added get schwifty trollsploit module 2017-05-16 09:15:28 -04:00
cobbr d11221bead Merge latest Empire commits 2017-05-15 18:44:05 -05:00
r1p 46fa5b34f9 Added wmi_updater module 2017-05-15 11:10:51 -04:00
rvrsh3ll 9ee6c75362 Empire 2.0 Release 
Merge branch '2.0_beta' of https://github.com/empireproject/Empire into 2.0_beta
 2017-05-14 09:46:46 -04:00
rvrsh3ll 6ee117f080 Emipre 2.0 Release 2017-05-14 09:46:22 -04:00
rvrsh3ll 9602cf4184 Empire 2.0 Commit 2017-05-14 09:32:13 -04:00
Chris Ross 2654f02552 Merge pull request #504 from n00py/2.0_beta 
Change Agent option description [Typo]
 2017-05-13 23:36:59 -04:00
Chris Ross dd0de873f8 Merge pull request #500 from tkisason/ducky_edit 
Modified the ducky stager to use custom interpreter
 2017-05-13 23:35:43 -04:00
Chris Ross f0bbd58968 Merge pull request #499 from tkisason/bunny 
Added windows/bashbunny stager for Empire 2.0
 2017-05-13 23:35:04 -04:00
xorrior 395f4df482 Added Python language for dbx listener 2017-05-13 23:27:30 -04:00
c05083981f Adjusted for powershell stager in Db listener 2017-05-13 02:00:21 -04:00
c5f57e36f4 Added db listener 2017-05-12 19:30:29 -04:00
rvrsh3ll 44d61d3b28 Add DCOM Lateral Movement 2017-05-12 10:10:21 -04:00
n00py c34377e8ce Change Agent option description 
The template is pre-populated with "Agent to grab a screenshot from" but that description does not apply here.
 2017-05-11 10:24:56 -06:00
n00py 5d197907f4 Change Agent option description 
The template is pre-populated with "Agent to grab a screenshot from" but that description does not apply here.
 2017-05-11 10:24:03 -06:00
Brandon Arvanaghi fb4621645d SessionGopher 2017-05-07 22:55:11 -04:00
Brandon Arvanaghi 02e2a2dfce SessionGopher 2017-05-07 22:11:32 -04:00
Tonimir Kisasondi 789e99d790 Modified the ducky stager 2017-05-01 17:45:51 +02:00
Tonimir Kisasondi 02aa791f17 Added windows/bashbunny stager for Empire 2.0 2017-05-01 17:41:00 +02:00
chris 48116d35d6 Re-implemented /api/listeners/options GET Rest call 2017-04-28 22:04:10 -04:00
Chris Ross 38054a8cc9 Merge pull request #495 from dafyk/patch-1 
Add custom headers if any
 2017-04-28 09:23:41 -04:00
bneg eeae4ead0e Switch to netifaces() for getting interface name, fixes bug on Ubuntu where IP wasn't populated 2017-04-25 21:36:06 -07:00
Da-FyK 62b7c97a8d Add custom headers if any 
copy/pasted from http.py
 2017-04-26 01:59:36 +02:00
cobbr 057636c447 Invoke-Obfuscation merged into 2.0_beta 2017-04-22 21:38:40 -05:00
cobbr 8d1efea1b9 Merge branch '2.0_beta' of https://github.com/EmpireProject/Empire into EmpireProject-2.0_beta 2017-04-22 21:08:55 -05:00
chris e1f7bda70e Moved management/redirector to inactive modules 2017-04-22 21:31:47 -04:00
cobbr 672ea33a72 Remove debug output 2017-04-22 20:19:21 -05:00
cobbr dac5ba6b39 Improved preobfuscate command, better support for invoke-obfuscation style obfuscate commands, added warning message when trying to obfuscate without PowerShell installed 2017-04-22 20:17:28 -05:00
chris e6fc1bebd7 Fixed dll stager for use in other platforms 2017-04-22 20:23:55 -04:00
Chris Ross 0915ab2a66 Merge pull request #492 from ThePirateWhoSmellsOfSunflowers/fix-padding-pkcs7 
Fix PKCS7 padding to be RFC compliant
 2017-04-20 23:41:18 -04:00
Chris a6499372fb Merge branch 'patch-1' of https://github.com/bneg/Empire into bneg-patch-1 2017-04-20 20:21:29 -07:00
Chris Ross 3b722d013f Merge pull request #483 from Kevin-Robertson/2.0_beta 
Inveigh 1.3.1 Modules
 2017-04-20 21:42:41 -04:00
Chris Ross 92cc1ec36d Merge pull request #472 from benichmt1/wlmdr-2.0_beta 
Add Wlrmdr.exe Popup module (Licensing Balloons) - 2.0 beta format
 2017-04-20 21:29:34 -04:00
a5b9f44cad Moved socks module 2017-04-20 21:21:39 -04:00
Chris Ross 042f24ab3b Merge pull request #478 from klustic/2.0_beta 
Added a module for SOCKSv5 proxying
 2017-04-20 21:17:48 -04:00
ThePirateWhoSmellsOfSunflowers a23c636531 Fix PKCS7 padding to be RFC compliant, should resolv #458 2017-04-20 20:21:57 +02:00
Kevin Robertson 534218cf31 Inveigh 1.3.1 Modules 
Sync with Inveigh 1.3.1.
 2017-04-09 16:37:51 -04:00
Chris Ross 1ad0e12b80 Merge pull request #455 from ThePirateWhoSmellsOfSunflowers/add-proxy-headers 
Add HTTP headers to avoid proxy caching
 2017-04-09 16:16:46 -04:00
Chris Ross 287ecd3f0a Merge pull request #452 from n00py/2.0_beta 
VNC Inject
 2017-04-09 16:08:41 -04:00
Chris Ross 3cafd25f51 Merge pull request #437 from 0xbadjuju/2.0_beta 
PowerUpSQL Modules
 2017-04-09 14:59:11 -04:00
Chris Ross 9a6f8f970e Merge pull request #404 from mr64bit/http_hop 
Fix agent staging over http_hop listeners.
 2017-04-09 09:42:52 -04:00
Chris Ross 3baad71f09 Merge pull request #438 from erikbarzdukas/dev-monitortcp 
New module to monitor TCP connections
 2017-04-08 23:16:12 -04:00
Chris Ross a58e1c8d6d Merge pull request #350 from leesoh/powershell-template 
Documentation, reorganization, and a touch of PEP8
 2017-04-08 15:32:41 -04:00
rvrsh3ll c6bd9b11c0 ipv6 support added 
Merge branch '2.0_beta' of https://github.com/empireproject/Empire into 2.0_beta
 2017-04-08 07:37:59 -04:00
rvrsh3ll eb7f1d6483 IPv6 Modifications 2017-04-07 21:50:53 -04:00
Chris Ross dd13b13604 Merge pull request #481 from ThePirateWhoSmellsOfSunflowers/fix-harcoded-path 
Fix harcoded path, should resolv #465
 2017-04-06 17:53:06 -04:00
ThePirateWhoSmellsOfSunflowers 51082a66fc Fix harcoded path, should resolv #465 2017-04-06 20:02:00 +02:00
Chris 9d5652284c Added global options tab completion 2017-04-06 06:45:23 -07:00
stderr 01f530700e Fixed bug in HTTP handler that can throw exceptions while parsing Cookies. 2017-04-05 15:30:01 -04:00
Kevin 05dae225b6 Added a new module for SOCKSv5 proxying 
When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:

https://github.com/klustic/AlmondRocks
** Server Usage **
$ ./almondrocks.py server -d -t 4433 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 4433
set Agent ...
 2017-04-05 10:24:31 -06:00
Michael Benich d948ce3eb2 Fixed extra bracket 2017-03-13 13:51:26 -04:00
cobbr 886e33c425 Latest Invoke-Obfuscation commits 2017-03-12 17:16:54 -05:00
cobbr 52008f8a32 Update powershell module template 2017-03-11 22:10:21 -06:00
cobbr 07c1092b03 ObfuscatedEmpire 2017-03-11 20:00:17 -06:00
cobbr ab1b3e5f3f Implement Obfuscation 2017-03-11 17:35:17 -06:00
Michael Benich 76dd97ca99 Add wlmdr.py (for 2.0_beta_ 
Update for 2.0 module
 2017-03-02 16:26:01 -05:00
Chris Ross 35fd51d166 Added 1MB upload limit 2017-02-17 09:25:05 -08:00
ThePirateWhoSmellsOfSunflowers 2ff9375ccf Add HTTP headers to avoid proxy caching 2017-02-13 23:36:20 +01:00
Alexander Rymdeko-Harvey 85e28b2757 Merge pull request #450 from EmpireProject/2.0_beta_sniffer 
add osx sniffer/fix sudospawn
 2017-02-12 11:24:19 -05:00
n00py b8f0bb2bbd Added module for enabling ARD 2017-02-10 08:38:46 -07:00
n00py f6a0ed6f0e Update vnc.py 2017-02-09 15:12:35 -07:00
n00py d78972ea05 Create vnc.py 2017-02-09 15:07:40 -07:00
killswitch-gui dd6a8d4450 change imports 2017-02-08 11:55:57 -05:00
killswitch-gui beca8fa1a9 add in ability to set interface 2017-02-08 09:31:38 -05:00
killswitch-gui 0ff5a98dd9 add osx sniffer/fix sudospawn 2017-02-07 23:50:01 -05:00
Chris Ross 078588fc93 Added logic to use custom HTTP headers defined in the profile 2017-02-07 19:17:10 -08:00
Chris Ross 25a91dec5b Added logic for saving module ouput for py and powershell agents. Fixed issue 435 2017-01-21 10:37:52 -08:00
Alexander de9b05e5f9 Merge remote-tracking branch 'refs/remotes/adaptivethreat/2.0_beta' into 2.0_beta 2017-01-17 11:00:13 -06:00
root 72727f2ecd Merge branch '2.0_beta' of https://github.com/erikbarzdukas/Empire into dev-monitortcp 
Updated repo
 2017-01-16 18:50:02 -05:00
root e16ed25d07 Updated python module code 2017-01-16 18:22:50 -05:00
Alexander affd33d413 2.0 Initial Commit 2017-01-16 14:08:27 -06:00
Chris Ross 812f721b84 Added Empire Custom Import hook to allow for in memory python module imports 2017-01-16 08:31:34 -08:00
Chris 4b79172d13 Removed unnecessary imports for Foundation and LaunchServices 2017-01-09 20:59:14 -05:00
Chris 3e7c2b9dea Removed Foundation import. Unnecessary. 2017-01-09 20:54:31 -05:00
Chris bfd9ee1413 Changed native_screenshot to be opsec safe. Added safe aliases for screenshot, ls, whoami 2017-01-07 22:15:20 -05:00
root 3ee18a061f Initial monitortcpconnections file 2017-01-06 16:50:04 -05:00
Chris e5bf468158 Fix for issue #382. Fixed downloads in python agent. updated install script to include zlib_wrapper module. 2017-01-04 22:39:37 -05:00
Chris Ross 89d06f06fb Merge pull request #424 from mr64bit/fix_agent_shell 
Fix agent shell commands, broken in commit 3148493
 2016-12-23 20:36:55 -05:00
Chris 3fae3e2ac5 Modified how listener settings are obtained to resolve issue 412 2016-12-23 00:20:48 -05:00
Chris 58efd3d0c3 Fixed logic for PEUrl and DllPath check 2016-12-21 09:05:44 -05:00
mr64bit db5af9caf9 Fix agent shell commands, broken in commit 3148493 2016-12-20 08:45:10 -05:00
Chris 714c56e58b Add Invoke-ExecuteMSBuild lateral movement module 2016-12-14 17:04:02 -05:00
Chris 5125340ca2 Added logic to gather the proxies and add them to a proxy handler 2016-12-12 22:16:57 -05:00
Chris 3148493e15 Fixed issue 421 in reflectivepeinjection module 2016-12-11 21:43:19 -05:00
Chris 2d96a72460 Swapped native_screenshot with screenshot source. Modules were named improperly 2016-12-10 22:48:13 -05:00
Chris 2058b86ae8 Corrected key for self.mainMenu.stagers.stagers['windows/launcher_bat'] 2016-12-10 12:31:22 -05:00
Chris 47bbfa64db Fixed pyinstaller. Added -ForceASLR options to ReflectivePEInjection module 2016-12-09 18:17:47 -05:00
Chris e288af484e Fix pyinstaller launcher. Update setup script 2016-12-09 15:59:38 -05:00
Chris d0b2ba41b4 Fix pyinstaller launcher. Update setup script 2016-12-09 15:57:39 -05:00
mr64bit 6c3f51aca9 Fix agent staging over http_hop listeners. 
Fixes issue #370.
 2016-11-28 11:54:57 -05:00
rvrsh3ll 619ae2c132 Merge pull request #355 from mlinton/patch-3 
Typo
 2016-11-26 20:44:37 -05:00
rvrsh3ll 9f7eabf587 Merge pull request #366 from nnh100/dev 
Add module to exfiltrate files and data to a GitHub repository
 2016-11-26 15:40:48 -05:00
Adam DeMamp d2179b7042 removed some dcos modules, recommended to now use the http rest api module 2016-11-20 18:23:30 +00:00
Adam DeMamp e1fa30c14f added etcd crawler module 2016-11-20 18:11:55 +00:00
Adam DeMamp a52b680445 added http rest api module 2016-11-20 18:04:31 +00:00
Adam DeMamp 57a5fae21d fixed pyinstaller so it now works with empire 2.0_beta for linux targets 2016-11-20 17:57:30 +00:00
nnh100 7974ea3ae2 Update for 2.0_beta branch 2016-11-14 22:26:25 +00:00
rvrsh3ll e1dc756894 Merge pull request #396 from conjecturalhex/2.0_beta 
USB ETW keylogger for 2.0_beta branch
 2016-11-14 13:08:42 -05:00
rvrsh3ll 61d92e5738 Update USBKeylogger.py 
Changed 'MinLanguageVersion' : '2'
 2016-11-14 13:08:21 -05:00
xorrior a3e0aeddf6 Corrected jar stager generation 2016-11-13 18:16:11 -05:00
xorrior 42ec063d8a Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-11-13 15:24:47 -05:00
xorrior 25c2566a14 Added obfuscation to macho stager 2016-11-13 15:24:10 -05:00
conjecturalhex 8f671e9c4f USB ETW keylogger for 2.0_beta branch 2016-11-13 08:15:08 -08:00
HarmJ0y 6ee7e03660 Renamed credentials/get_spn_tickets to credentials/invoke_kerberoast, updated 
kerberoasting code to newest version.
 2016-10-31 19:40:33 -04:00
rvrsh3ll 327f91473b Merge pull request #357 from n00py/2.0_beta 
Module - Sudo Piggyback + Mail Persistence + Bash Profile Backdoor
 2016-10-30 16:45:31 -04:00
Matt Nelson 13678af3b3 Fix for install path bug 2016-10-30 07:44:00 -04:00
nnh100 2ed2df5854 Remove contact 2016-10-28 12:10:01 +01:00
rvrsh3ll 2256c07716 Merge branch '2.0_beta' of https://github.com/AdaptiveThreat/empire into 2.0_beta 2016-10-24 10:01:31 -04:00
HarmJ0y 696e4ff752 increased routing packet debug data 2016-10-24 13:12:50 -04:00
rvrsh3ll 0a0184ae6b Modified smbscanner to require username and password 2016-10-24 10:01:14 -04:00
rvrsh3ll 2543d27b3f Fix for sct launcher to hide window 2016-10-24 07:36:50 -04:00
rvrsh3ll 654bc8c915 Fix for issue 376 2016-10-24 07:35:29 -04:00
rvrsh3ll eed8cf1c1f Fixed ms16-032 launcher, issue #359 2016-10-17 19:03:10 -04:00
rvrsh3ll da2cabbddf Spelling fix 2016-10-17 17:26:40 -04:00
rvrsh3ll 801a3eac36 Spelling Fix 2016-10-17 17:25:31 -04:00
nnh100 5d14a92649 Add Invoke_ExfilDataToGitHub.py 2016-10-12 19:59:59 +01:00
n00py 26c8839edf Update bashdoor.py 
Removed iTunes subdirectory
 2016-10-11 09:40:54 -07:00
n00py 3f39272711 new module bashdoor 2016-10-10 13:53:48 -07:00
n00py f7dd1c11e3 removed default trigger 2016-10-08 12:51:46 -07:00
n00py 5ac6b9cf00 modified mail 2016-10-08 12:47:03 -07:00
n00py 1ae3fb906c Merge remote-tracking branch 'origin/2.0_beta' into 2.0_beta 
# Conflicts:
#	lib/modules/python/persistence/osx/mail.py
 2016-10-08 12:46:25 -07:00
n00py 17e97360ff new modules 2016-10-08 12:45:44 -07:00
n00py 2c5d7f5373 Delete mail.py 2016-10-08 11:19:51 -07:00
n00py 06d580e69a new modules 2016-10-07 22:04:58 -07:00
n00py 236d303da3 new modules 2016-10-07 20:52:42 -07:00
n00py c23ceac128 new modules 2016-10-07 20:38:27 -07:00
n00py 16d0df5f04 new modules 2016-10-07 20:38:07 -07:00
mlinton b45d417e1d Typo 
Changed from screenshot
 2016-10-07 13:58:26 -06:00
HarmJ0y 3ddfe7786f Second fix for Host specification in listeners. 2016-10-06 17:01:43 -04:00
HarmJ0y 9f813549f7 Added autoruns back in. 2016-10-06 14:59:11 -04:00
HarmJ0y af8ffcda76 Fixed function renaming typo. 2016-10-06 14:32:33 -04:00
leesoh a5f9b7a9b4 Documentation, reorganization, and a touch of PEP8 2016-10-05 13:47:17 -06:00
xorrior fcfca84167 Updated dylib stager 2016-10-05 13:25:39 -04:00
xorrior 7bcf125412 Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-10-05 12:41:01 -04:00
xorrior e93ef08055 Updated Dylib templates. Removed hijacker generation from dylib stager menu. Added additional error checking to the HijackScanner module 2016-10-05 12:40:29 -04:00
rvrsh3ll e7a914c4b4 Listener Code Cleanup 2016-10-05 11:00:01 -04:00
rvrsh3ll 343d0840c0 Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-10-05 10:06:53 -04:00
root b94a81a4e2 Listener fix for issue 324 2016-10-05 10:06:04 -04:00
HarmJ0y 312d0ffb5c Fix for listeners/http_hop staging 2016-10-01 15:33:41 -04:00
@424f424f d6a0951848 Fix listeners for issue #324 2016-10-01 01:53:05 -04:00
@424f424f 8ad39bb3fc SSL Launcher Fix 2016-09-29 16:01:46 -04:00
HarmJ0y 844b8cdabf If https is indicated for a host in listeners/http but a certificate isn't specified, 
one will now be generated by Flask on the fly
 2016-09-29 14:32:54 -04:00
HarmJ0y 1ab09ebb32 Fixed hardcoded cert path for listeners/http 2016-09-29 14:23:32 -04:00
xorrior 460876d8f0 Migrated EmPyre stagers from dev branch in EmPyre repo 2016-09-29 11:41:09 -04:00
HarmJ0y 26cd0089dd 2.0.0 beta, DerbyCon release 2016-09-23 14:04:35 -04:00
HarmJ0y 2ba4e7c3c6 prep for 1.6.0 release 2016-09-17 17:16:03 -04:00
enigma0x3 f030cf6232 Patched RCE dubbed "skywalker 2.0" thanks to @zeroSteiner. 2016-09-16 09:15:13 -04:00
rschoem 68935276ff Create scrambled_macro.py 
Stager based on the normal macro stager. Adds "noise" to the payload to help evading signature based AV solutions
 2016-08-19 23:22:14 +02:00
enigma0x3 eefc493411 Added fileless UAC bypass using eventvwr.exe 2016-08-15 17:55:57 -04:00
Matt Nelson b7010b7f37 Merge pull request #164 from 0xbadjuju/master 
Resubmitting pull request for normal module
 2016-08-13 21:28:00 -04:00
chris e4aad33146 Renamed module. Merged embedded assemblies. Fixed issue with module execution 2016-07-24 20:16:55 -04:00
Harmj0y bec33f73ac moved collection/keethief to collection/vaults/keethief 
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
 2016-07-20 23:44:30 -04:00
Harmj0y 7790b250a2 misc. bug fixes and standardization updates 2016-07-20 23:39:25 -04:00
Harmj0y 0163ebec06 Added missing Invoke-CredentialInjection.ps1 file 
Updated .gitignore
 2016-07-20 21:51:14 -04:00
Harmj0y fe43560bad Fix for issue #285 - credential export supporting commas 
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
 2016-07-20 21:28:27 -04:00
Harmj0y 2e8a7fba94 Merge branch 'dev' of github.com:PowerShellEmpire/Empire into dev 2016-07-20 19:24:23 -04:00
Harmj0y 7167f22500 added system name to screenshot output for issue #273 
start of code pep8/pylint standardization - various cleaning
 2016-07-20 19:06:42 -04:00
Matt Nelson e83b545476 Merge pull request #277 from BeetleChunks/master 
Adding credentials module to extract the current interactive user's Credential Manager credentials.
 2016-07-16 22:06:04 -04:00
Harmj0y ece3a3b540 fix for issue #248 2016-07-16 21:54:18 -04:00
Harmj0y 7d697cb4b7 Expanded 'creds X' query to search domain and password as well, wildcards (*) accepted 2016-07-16 21:27:35 -04:00
Harmj0y 39d174235a Added module collection/keethief 2016-07-16 19:58:08 -04:00
Harmj0y 21893bacde Fix for issue #257 - sysinfo now tasked after steal_token/revtoself 2016-07-15 19:14:43 -04:00
Harmj0y c9bae2fc4c Fix for issue #252 2016-07-15 19:00:49 -04:00
Harmj0y c38256ab5c Semi-global interact command for issue #258 2016-07-15 18:56:38 -04:00
Harmj0y 75f3e2c410 Merge branch 'dev' of https://github.com/PowerShellEmpire/Empire into dev 2016-07-15 18:06:49 -04:00
Harmj0y 7c5a07581d Fix for issue #221 2016-07-15 18:06:20 -04:00
HarmJ0y 8028963b64 Merge pull request #274 from curi0usJack/dev 
Adding SMB auto-brute module
 2016-07-15 14:51:25 -07:00
BeetleChunks 5094c10a42 Add files via upload 2016-07-08 08:59:44 -05:00
@424f424f 05302321ac Add Browser Search Module 2016-07-07 22:46:41 -04:00
curi0usJack 97aa252cad Added smbautobrute.py 2016-07-07 16:31:34 -05:00
enigma0x3 8666d5f5f8 included fix by @i223t for 417 Expectation failed error when going through older Squid proxies 2016-06-24 22:51:46 -04:00
Matt Nelson 40e1639889 Revert "417 Expectation failed error fix" 2016-06-24 22:42:13 -04:00
Matt Nelson 40519e76ea Merge pull request #55 from i223t/expect100continue_fix 
417 Expectation failed error fix
 2016-06-24 22:42:07 -04:00
Matt Nelson 039934b883 Merge pull request #235 from Kevin-Robertson/master 
Sync with Inveigh 1.1.1 and current Tater
 2016-06-24 22:15:37 -04:00
Matt Nelson 2a23255460 Fixed typo thanks to @jrmdev 
Typo prevented the module from working. Implemented fix submitted here: https://github.com/PowerShellEmpire/Empire/pull/262 by @jrmdev.
 2016-06-24 21:33:12 -04:00
Matt Nelson fae79cef1d Merge pull request #247 from n0clues/master 
Change paths from %TEMP% to %PUBLIC% for spawnas module
 2016-06-24 21:24:48 -04:00
n0clues 9c00cb4d70 Change paths from %TEMP% to %PUBLIC% for spawnas module 2016-06-16 16:09:50 +02:00
Harmj0y b6db99f66f Fix for situational_awareness/host/computerdetails object output. 2016-05-27 15:16:22 -04:00
Harmj0y 0fb6599c77 More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219 2016-05-27 14:37:15 -04:00
Harmj0y 7a47ea3583 Fix for issue #232 2016-05-27 14:02:34 -04:00
leoloobeek 75dfe996e7 Typo fix 2016-05-12 01:41:29 -05:00
lloobeek 61bddbc9ab Edited MS16-032 exploit for Empire 2016-05-12 01:16:04 -05:00
Kevin Robertson 5158c160b4 Sync with Inveigh 1.1.1 and current Tater 2016-05-10 23:12:34 -04:00
Alexander 9c8feb170f Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/dev' 2016-04-29 15:10:45 -05:00
Alexander 065f940f4d Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/master' 2016-04-29 15:10:19 -05:00
Jared Haight 5d101cb228 typing is hard 2016-04-29 14:50:34 -04:00
Jared Haight 6e42249417 removed template stuff 2016-04-29 14:49:03 -04:00
Jared Haight b3224860df adding the invoke-metasploitpayload module 2016-04-29 11:52:58 -04:00
HarmJ0y 47c75a5902 Merge pull request #198 from matterpreter/dev 
Teensy stager
 2016-04-28 15:48:46 -07:00
Rob Fuller 7d692a1f69 No need for elevated 
You don't need elevation to extract kerberos tickets
 2016-04-28 08:35:30 -04:00
matterpreter a4b99d41f9 Teensy stager 
Adds the capability to generate a Teensy script to run a one-liner
stage0 launcher. Similar to the existing ducky stager.
 2016-04-27 15:58:47 -04:00
Harmj0y b977dec1ae Updated PowerView 
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
 2016-04-24 11:26:39 -04:00
Harmj0y f699ec510d Fix for issue #178 2016-04-24 10:29:11 -04:00
Matt Nelson 56f7837c0f Rename regsvr32.py to launcher_sct.py 2016-04-21 17:06:19 -04:00
Matt Nelson 95fbf7f8c5 Merge pull request #193 from subTee/master 
regsvr32 (sct) Stager
 2016-04-21 17:05:26 -04:00
Casey Smith 0686f48e37 Update regsvr32.py 2016-04-21 13:02:18 -06:00
Casey Smith f7df5ee06a Update regsvr32.py 2016-04-21 12:53:01 -06:00
Casey Smith 37f6e4f362 Update regsvr32.py 2016-04-21 12:52:40 -06:00
Casey Smith eb764d1aa9 Create regsvr32.py 2016-04-21 12:49:33 -06:00
Matt Nelson dce67beaeb Added tab-completion for list command 2016-04-15 14:42:12 -04:00
HarmJ0y 96ac925773 Merge pull request #182 from xorrior/master 
Added MiniEye collection module; Minor change to ChromeDump
 2016-04-11 15:47:19 -07:00
xorrior 523e4458c1 Added MiniEye collection module; Minor change to ChromeDump 
MiniEye - Collect recordings from Webcam.
ChromeDump - Modified sqlite DB connection string for read-only access.
 2016-04-09 22:11:28 -04:00
HarmJ0y 54037db2b6 Merge pull request #176 from luxcupitor/dev 
Modules for unauthenticated access to Jenkins Script Consoles to run OS commands
 2016-04-08 15:12:17 -07:00
HarmJ0y db7c1c95b3 Merge pull request #177 from n0clues/master 
Binding Empire's native listeners to IP specified in Host option…
 2016-04-06 22:21:25 -07:00
n0clues f376dc243c Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175 2016-04-06 14:24:02 +02:00
Lux Cupitor 4f61ecda2b added modules for unauthenticated Jenkins Script console access 2016-04-06 08:06:24 -04:00
Harmj0y b56e5d29ec listener starting now returns more verbose errors on failure in console and API 
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
 2016-04-01 17:06:21 -04:00
mynameisv 917cb2b246 screeshot in jpeg and shortcut 2016-03-31 23:27:15 +02:00
Harmj0y ac5b002301 Updated changelog and version number for 1.5.0 release. 2016-03-31 16:06:02 -04:00
HarmJ0y dae17d1bc1 Merge pull request #165 from Kevin-Robertson/master 
Inveigh 1.1 and Tater Modules
 2016-03-31 11:13:53 -07:00
Harmj0y c6662d8a3a Added loading of external module directories with the 'load /DIR/' command in the main menu. 
Solves issue #81.
 2016-03-30 23:03:02 -04:00
Kevin Robertson 32b36c9597 Comment/Notes changes and WPADResponse removal 
Updated additional comment/notes. I removed WPADResponse from inveigh
and inveigh_bruteforce since wpad.dat code contains commas. The python
code that is parsing the commas for the array parameters is getting in
that way. I can add WPADResponse back in later.
 2016-03-30 15:35:44 -04:00
Alexander d7cf4c02c4 Merge branch 'master' of https://github.com/0xbadjuju/Empire 2016-03-30 08:27:52 -05:00
Alexander e6aff73eb1 Merge remote-tracking branch 'refs/remotes/origin/dev' 2016-03-30 08:21:56 -05:00
Kevin Robertson 987679bd9a Fixed missing single quote in description 2016-03-30 08:52:20 -04:00
Kevin Robertson 7a3a95f735 Sync features with updated versions of Inveigh and Tater 
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
 2016-03-29 23:55:39 -04:00
Alexander 74945a953a Update normal.py 2016-03-29 17:00:45 -05:00
Alexander f6fc8550b1 Added normal.dot persistence mechanism 2016-03-29 16:38:02 -05:00
Harmj0y b3e8ebabe5 Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours 2016-03-26 00:00:40 -04:00
Harmj0y c2ba61ca8d added -sta to stager launching 2016-03-25 19:45:09 -04:00
Harmj0y 16fbd88339 For stagers generated through the API, if 'OutFile' is set in the 
passed arguments, the 'Output' field in stager data return will
contain the base64 encoded value of the generated stager data.
 2016-03-24 22:24:01 -04:00
Harmj0y b43da089ef Added POST /api/modules/<path:module_name> to task a module with specified options 
Fix multi-stager generation bug
More exception handling in empire.py
 2016-03-24 16:03:31 -04:00
Harmj0y 31eb9d387a Changed API path from /empire/api/ to /api/ 
Fixed agent renaming bug
 2016-03-23 14:30:54 -04:00
HarmJ0y 446a004cc1 Merge pull request #157 from PowerShellEmpire/restful_api 
RESTful API
 2016-03-22 14:15:25 -07:00
Harmj0y d67bbcce15 more small bug fixes 2016-03-22 14:37:10 -04:00
Harmj0y 2a13328c5b nav menu bug fix and standardization 2016-03-22 14:32:47 -04:00
Harmj0y ce307aa6db fix for issue #155 2016-03-22 01:51:23 -04:00
Harmj0y 502dc5c679 Added SSL and basic token auth to the RESTful API 
Added random RESTful API token generation on server startup
 2016-03-22 01:41:48 -04:00
Harmj0y ae9f046aba Added trollsploit/rick_astley to run @SadProcessor's audio rickroll 2016-03-21 23:11:12 -04:00
Harmj0y 9f1deb1d9e Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db 2016-03-21 22:56:02 -04:00
Harmj0y eaaea57253 Added /empire/api/listeners/kill to kill a listener specified by POST data 
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
 2016-03-21 21:50:19 -04:00
Harmj0y 334f1f4b5c Added POST to /empire/api/stagers in API to generate stagers 
moved empire instantiation into the restful api start
 2016-03-21 21:03:32 -04:00
Harmj0y c15f445892 Revamp of some of the backend to allow for a proper RESTful API 
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
 2016-03-21 20:20:03 -04:00
Harmj0y e6e5222647 Added lateral_movement/new_gpo_immediate_task 2016-03-19 11:51:09 -04:00
Harmj0y 97335b83d6 -Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script() 
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
 2016-03-19 10:53:28 -04:00
Harmj0y d5db75c3d0 -Updated PowerView.ps1 code 
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()

-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
 2016-03-19 08:38:18 -04:00
Harmj0y 2382bd0dea Added privesc/getsystem 2016-03-11 19:31:27 -05:00
Harmj0y da52a6268b Attempted fix for issue #136 2016-03-03 19:33:45 -05:00
Harmj0y 08ca63fe09 First pass at stager retries. 2016-03-03 19:13:44 -05:00
Harmj0y 355db39847 Added privesc/mcafee_sitelist 2016-02-18 00:08:08 -05:00
Harmj0y c32e3d15cd Additional debugging on sysinfo checkin. 2016-02-17 21:58:09 -05:00
Harmj0y 3b0003f0ce '--debug 2' now prints all debug signal output to the script as well as ./empire.debug 2016-02-17 20:06:33 -05:00
Harmj0y b0d90be6fe Updated changelog and version number. Added '--version' cli option. 2016-02-16 02:27:37 -05:00
Harmj0y 473be51acd Changed '--listeners' option to '--listener' 2016-02-16 02:02:18 -05:00
Harmj0y 75ea648c49 Small bug fixes. 2016-02-16 01:53:16 -05:00
Harmj0y 734831b5fb Added a start to cli option parsing for displaying listeners/stagers and generating stagers. 2016-02-16 01:52:32 -05:00
Harmj0y 4bab4f9484 'seachmodule' with no term now lists all modules and descriptions 2016-02-16 00:35:32 -05:00
Kevin Robertson 8b385928dc Added Tater privesc module 
Empire module version of https://github.com/Kevin-Robertson/Tater.
 2016-02-15 18:40:09 -05:00
Harmj0y 3cf322e76a Fix for issue #125 2016-01-14 15:57:26 -05:00
Harmj0y c0d427cdc8 Corrected several bugs in how the workingHours window is handled in the agent 
Added validation to the workinghours time format
 2016-01-11 01:24:46 -05:00
Harmj0y e696bb7078 spelling mistakes 2015-12-30 16:18:59 -05:00
Harmj0y 8281a9e7ba Empire 1.4 release. 
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
 2015-12-29 19:29:05 -05:00
Harmj0y 0d30181baf Added situational_awareness/network/powerview/find_managed_security_groups module 
implementing @stufus' recent changes
 2015-12-29 15:58:39 -05:00
Harmj0y 82fed97485 Fixed various issues for agent profile setting/handling 
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
 2015-12-29 15:57:01 -05:00
HarmJ0y da439c441b Merge pull request #118 from jamcut/trusted-document-store 
Add module to enumerate trusted documents and locations for MS Office.
 2015-12-27 13:03:54 -08:00
Jeff McCutchan b7eb2852f3 Removed more commented lines 2015-12-27 00:08:27 -05:00
Jeff McCutchan a66d2e536e Implemented @Harmj0y changes 2015-12-27 00:04:38 -05:00
Jeff McCutchan ffa6ca6cd0 Added reference to original .ps1 file here too... 2015-12-24 08:40:12 -05:00
Jeff McCutchan 3c7c4278fa Change verbiage in module description 2015-12-23 14:00:06 -05:00
Jeff McCutchan c51b33b74c Add module to enumerate trusted documents and locations for MS Office. 2015-12-23 13:45:56 -05:00
Harmj0y 687954b6ef -Sync of Kevin Robertson's lateral_movement/inveigh_relay module 
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
 2015-12-22 15:05:22 -05:00
HarmJ0y c6ff79d7b8 Merge pull request #117 from stufus/add_egress_busting 
Add Egress Checking Traffic Generator Module
 2015-12-22 11:40:32 -08:00
HarmJ0y ffe76b3828 Merge pull request #110 from Kevin-Robertson/master 
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
 2015-12-22 11:40:14 -08:00
Stuart Morgan c2d6172587 Fixed author array 2015-12-21 23:01:38 +00:00
Stuart Morgan 4c87700c6d Fix up verbosity 2015-12-21 22:47:54 +00:00
Stuart Morgan cea0826222 Rework this to remove the -verbosity parameter now that Ive realised that Write-Verbose exists....:) 2015-12-21 22:18:52 +00:00
Stuart Morgan dc9808b06b Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting 2015-12-21 20:50:11 +00:00
Harmj0y c95d8786aa hop.php redirector fix 
removed requirement for credentials from lateral_movement/invoke_psremoting
 2015-12-21 00:33:03 -05:00
Harmj0y c12eac3200 Added trollsploit/rick_ascii 2015-12-16 20:36:07 -05:00
Harmj0y bcb2f4677f Fix for issue #112 2015-12-16 17:42:51 -05:00
Stuart Morgan 8f88c5bdce This works! Amazingly....just needs tidying up and polishing (and sorting out the Write-Hosts) 2015-12-15 23:49:09 +00:00
Stuart Morgan 8ff5f7723a turns out that you need commas in the options dict....:) 2015-12-15 23:38:33 +00:00
Stuart Morgan b4ed0ceadb Added the options to the python side 2015-12-15 23:34:38 +00:00
Stuart Morgan d1572d325b Continuing work 2015-12-15 23:29:00 +00:00
Kevin Robertson 6186502749 Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module 
This module is a direct copy/paste of the Invoke-InveighRelay function
from the standalone version of Inveigh. The module will relay incoming
HTTP NTLMv2 authentication requests to an SMB target. If authentication
is successful and the user is a local administrator on the target
system, the specified command should be executed on the target PSexec
style. This module can be used with or without collection/inveigh. If
collection/inveigh is used, ensure that HTTP is disabled in
collection/inveigh. If this module is used without collection/inveigh,
another method will need to be employed to trigger incoming HTTP
requests.

This module has been successfully tested with Empire's  launcher
one-liner to establish additional agents. In testing I observed a delay
(30 seconds or so) between the service creation message and Empire's
agent active message.

harmj0y: As I mentioned in the collection/inveigh pull request comments,
the length of the parameter names is throwing off Empire's options
command column display alignment. I'm not sure if there is an easy fix
for this. Also, I used the same code that you added to inveigh.py after
the pull request. With this code, I did not observe that the
SMBRelayCommand value needed to be wrapped in quotes.
 2015-12-14 21:48:49 -05:00
Harmj0y c1043156e1 Module argument tweaks to collection/inveigh.py 2015-12-14 16:04:49 -05:00
Kevin Robertson e2209606aa Synced collection/inveigh with current standalone Inveigh code 
Direct copy/paste of Invoke-Inveigh function from current standalone
version of Inveigh.  This version contains a number of
additions/changes/bug fixes. There are two primary additions that may be
useful to Empire users. The first is that 1122334455667788 is no longer
used as the default challenge over HTTP since it's now getting flagged
by SEP and maybe others. The default behavior is a random challenge for
each request. A specific challenge can also be specified through the
'challenge' parameter. The second is the ability to set a run time so
that collection/inveigh will auto-exit after a specified number of
minutes. On the python side, I have added the additional relevant
parameters and flipped the module to opsec safe since no files are
created on disk.
 2015-12-13 19:31:52 -05:00
Harmj0y 93c1d46236 Updated powerview.ps1 
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
 2015-12-11 17:56:25 -05:00
Stuart Morgan 767d1f97a2 Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting 2015-12-11 10:04:53 +00:00
Stuart Morgan 21ae58cea0 Added template python script (on the python side) for the egresscheck ps1 2015-12-10 19:30:07 +00:00
Harmj0y 788747fa92 Added lsadump::cache and lsadump::sam Mimikatz modules. 2015-12-09 15:20:13 -05:00
Harmj0y d03cecbc37 Bug fix for installations transitioning to autorun code with old database. 2015-12-01 12:15:01 -05:00
HarmJ0y 9d9389d0a1 Merge pull request #104 from monoxgas/master 
Added Hashdump using Invoke-DCSync
 2015-12-01 10:28:45 -05:00
Nick Landers 7ab8cf4e94 I knew that... 2015-12-01 00:00:51 -07:00
Nick Landers e8337f47f4 Fixing small things 2015-11-30 22:19:24 -07:00
Harmj0y cb67368e2e Updated version and changelog 2015-11-30 23:23:03 -05:00
Harmj0y 1ba56acc13 Added persistence/userland/backdoor_lnk 2015-11-30 23:20:49 -05:00
Nick Landers d6443b9399 Update dcsync-hashdump.py 2015-11-30 18:27:19 -07:00
Monox Gas 5a85be3d37 Update Fixes 2015-11-30 18:21:22 -07:00
Nick Landers 63ea2f842c Create dcsync-hashdump.py 2015-11-30 17:39:30 -07:00