rvrsh3ll
619ae2c132
Merge pull request #355 from mlinton/patch-3
...
Typo
2016-11-26 20:44:37 -05:00
rvrsh3ll
9f7eabf587
Merge pull request #366 from nnh100/dev
...
Add module to exfiltrate files and data to a GitHub repository
2016-11-26 15:40:48 -05:00
Adam DeMamp
d2179b7042
removed some dcos modules, recommended to now use the http rest api module
2016-11-20 18:23:30 +00:00
Adam DeMamp
e1fa30c14f
added etcd crawler module
2016-11-20 18:11:55 +00:00
Adam DeMamp
a52b680445
added http rest api module
2016-11-20 18:04:31 +00:00
Adam DeMamp
57a5fae21d
fixed pyinstaller so it now works with empire 2.0_beta for linux targets
2016-11-20 17:57:30 +00:00
nnh100
7974ea3ae2
Update for 2.0_beta branch
2016-11-14 22:26:25 +00:00
rvrsh3ll
e1dc756894
Merge pull request #396 from conjecturalhex/2.0_beta
...
USB ETW keylogger for 2.0_beta branch
2016-11-14 13:08:42 -05:00
rvrsh3ll
61d92e5738
Update USBKeylogger.py
...
Changed 'MinLanguageVersion' : '2'
2016-11-14 13:08:21 -05:00
xorrior
a3e0aeddf6
Corrected jar stager generation
2016-11-13 18:16:11 -05:00
xorrior
42ec063d8a
Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta
2016-11-13 15:24:47 -05:00
xorrior
25c2566a14
Added obfuscation to macho stager
2016-11-13 15:24:10 -05:00
conjecturalhex
8f671e9c4f
USB ETW keylogger for 2.0_beta branch
2016-11-13 08:15:08 -08:00
HarmJ0y
6ee7e03660
Renamed credentials/get_spn_tickets to credentials/invoke_kerberoast, updated
...
kerberoasting code to newest version.
2016-10-31 19:40:33 -04:00
rvrsh3ll
327f91473b
Merge pull request #357 from n00py/2.0_beta
...
Module - Sudo Piggyback + Mail Persistence + Bash Profile Backdoor
2016-10-30 16:45:31 -04:00
Matt Nelson
13678af3b3
Fix for install path bug
2016-10-30 07:44:00 -04:00
nnh100
2ed2df5854
Remove contact
2016-10-28 12:10:01 +01:00
rvrsh3ll
2256c07716
Merge branch '2.0_beta' of https://github.com/AdaptiveThreat/empire into 2.0_beta
2016-10-24 10:01:31 -04:00
HarmJ0y
696e4ff752
increased routing packet debug data
2016-10-24 13:12:50 -04:00
rvrsh3ll
0a0184ae6b
Modified smbscanner to require username and password
2016-10-24 10:01:14 -04:00
rvrsh3ll
2543d27b3f
Fix for sct launcher to hide window
2016-10-24 07:36:50 -04:00
rvrsh3ll
654bc8c915
Fix for issue 376
2016-10-24 07:35:29 -04:00
rvrsh3ll
eed8cf1c1f
Fixed ms16-032 launcher, issue #359
2016-10-17 19:03:10 -04:00
rvrsh3ll
da2cabbddf
Spelling fix
2016-10-17 17:26:40 -04:00
rvrsh3ll
801a3eac36
Spelling Fix
2016-10-17 17:25:31 -04:00
nnh100
5d14a92649
Add Invoke_ExfilDataToGitHub.py
2016-10-12 19:59:59 +01:00
n00py
26c8839edf
Update bashdoor.py
...
Removed iTunes subdirectory
2016-10-11 09:40:54 -07:00
n00py
3f39272711
new module bashdoor
2016-10-10 13:53:48 -07:00
n00py
f7dd1c11e3
removed default trigger
2016-10-08 12:51:46 -07:00
n00py
5ac6b9cf00
modified mail
2016-10-08 12:47:03 -07:00
n00py
1ae3fb906c
Merge remote-tracking branch 'origin/2.0_beta' into 2.0_beta
...
# Conflicts:
# lib/modules/python/persistence/osx/mail.py
2016-10-08 12:46:25 -07:00
n00py
17e97360ff
new modules
2016-10-08 12:45:44 -07:00
n00py
2c5d7f5373
Delete mail.py
2016-10-08 11:19:51 -07:00
n00py
06d580e69a
new modules
2016-10-07 22:04:58 -07:00
n00py
236d303da3
new modules
2016-10-07 20:52:42 -07:00
n00py
c23ceac128
new modules
2016-10-07 20:38:27 -07:00
n00py
16d0df5f04
new modules
2016-10-07 20:38:07 -07:00
mlinton
b45d417e1d
Typo
...
Changed from screenshot
2016-10-07 13:58:26 -06:00
HarmJ0y
3ddfe7786f
Second fix for Host specification in listeners.
2016-10-06 17:01:43 -04:00
HarmJ0y
9f813549f7
Added autoruns back in.
2016-10-06 14:59:11 -04:00
HarmJ0y
af8ffcda76
Fixed function renaming typo.
2016-10-06 14:32:33 -04:00
leesoh
a5f9b7a9b4
Documentation, reorganization, and a touch of PEP8
2016-10-05 13:47:17 -06:00
xorrior
fcfca84167
Updated dylib stager
2016-10-05 13:25:39 -04:00
xorrior
7bcf125412
Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta
2016-10-05 12:41:01 -04:00
xorrior
e93ef08055
Updated Dylib templates. Removed hijacker generation from dylib stager menu. Added additional error checking to the HijackScanner module
2016-10-05 12:40:29 -04:00
rvrsh3ll
e7a914c4b4
Listener Code Cleanup
2016-10-05 11:00:01 -04:00
rvrsh3ll
343d0840c0
Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta
2016-10-05 10:06:53 -04:00
root
b94a81a4e2
Listener fix for issue 324
2016-10-05 10:06:04 -04:00
HarmJ0y
312d0ffb5c
Fix for listeners/http_hop staging
2016-10-01 15:33:41 -04:00
@424f424f
d6a0951848
Fix listeners for issue #324
2016-10-01 01:53:05 -04:00
@424f424f
8ad39bb3fc
SSL Launcher Fix
2016-09-29 16:01:46 -04:00
HarmJ0y
844b8cdabf
If https is indicated for a host in listeners/http but a certificate isn't specified,
...
one will now be generated by Flask on the fly
2016-09-29 14:32:54 -04:00
HarmJ0y
1ab09ebb32
Fixed hardcoded cert path for listeners/http
2016-09-29 14:23:32 -04:00
xorrior
460876d8f0
Migrated EmPyre stagers from dev branch in EmPyre repo
2016-09-29 11:41:09 -04:00
HarmJ0y
26cd0089dd
2.0.0 beta, DerbyCon release
2016-09-23 14:04:35 -04:00
HarmJ0y
2ba4e7c3c6
prep for 1.6.0 release
2016-09-17 17:16:03 -04:00
enigma0x3
f030cf6232
Patched RCE dubbed "skywalker 2.0" thanks to @zeroSteiner.
2016-09-16 09:15:13 -04:00
rschoem
68935276ff
Create scrambled_macro.py
...
Stager based on the normal macro stager. Adds "noise" to the payload to help evading signature based AV solutions
2016-08-19 23:22:14 +02:00
enigma0x3
eefc493411
Added fileless UAC bypass using eventvwr.exe
2016-08-15 17:55:57 -04:00
Matt Nelson
b7010b7f37
Merge pull request #164 from 0xbadjuju/master
...
Resubmitting pull request for normal module
2016-08-13 21:28:00 -04:00
chris
e4aad33146
Renamed module. Merged embedded assemblies. Fixed issue with module execution
2016-07-24 20:16:55 -04:00
Harmj0y
bec33f73ac
moved collection/keethief to collection/vaults/keethief
...
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
2016-07-20 23:44:30 -04:00
Harmj0y
7790b250a2
misc. bug fixes and standardization updates
2016-07-20 23:39:25 -04:00
Harmj0y
0163ebec06
Added missing Invoke-CredentialInjection.ps1 file
...
Updated .gitignore
2016-07-20 21:51:14 -04:00
Harmj0y
fe43560bad
Fix for issue #285 - credential export supporting commas
...
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
2016-07-20 21:28:27 -04:00
Harmj0y
2e8a7fba94
Merge branch 'dev' of github.com:PowerShellEmpire/Empire into dev
2016-07-20 19:24:23 -04:00
Harmj0y
7167f22500
added system name to screenshot output for issue #273
...
start of code pep8/pylint standardization - various cleaning
2016-07-20 19:06:42 -04:00
Matt Nelson
e83b545476
Merge pull request #277 from BeetleChunks/master
...
Adding credentials module to extract the current interactive user's Credential Manager credentials.
2016-07-16 22:06:04 -04:00
Harmj0y
ece3a3b540
fix for issue #248
2016-07-16 21:54:18 -04:00
Harmj0y
7d697cb4b7
Expanded 'creds X' query to search domain and password as well, wildcards (*) accepted
2016-07-16 21:27:35 -04:00
Harmj0y
39d174235a
Added module collection/keethief
2016-07-16 19:58:08 -04:00
Harmj0y
21893bacde
Fix for issue #257 - sysinfo now tasked after steal_token/revtoself
2016-07-15 19:14:43 -04:00
Harmj0y
c9bae2fc4c
Fix for issue #252
2016-07-15 19:00:49 -04:00
Harmj0y
c38256ab5c
Semi-global interact command for issue #258
2016-07-15 18:56:38 -04:00
Harmj0y
75f3e2c410
Merge branch 'dev' of https://github.com/PowerShellEmpire/Empire into dev
2016-07-15 18:06:49 -04:00
Harmj0y
7c5a07581d
Fix for issue #221
2016-07-15 18:06:20 -04:00
HarmJ0y
8028963b64
Merge pull request #274 from curi0usJack/dev
...
Adding SMB auto-brute module
2016-07-15 14:51:25 -07:00
BeetleChunks
5094c10a42
Add files via upload
2016-07-08 08:59:44 -05:00
@424f424f
05302321ac
Add Browser Search Module
2016-07-07 22:46:41 -04:00
curi0usJack
97aa252cad
Added smbautobrute.py
2016-07-07 16:31:34 -05:00
enigma0x3
8666d5f5f8
included fix by @i223t for 417 Expectation failed error when going through older Squid proxies
2016-06-24 22:51:46 -04:00
Matt Nelson
40e1639889
Revert "417 Expectation failed error fix"
2016-06-24 22:42:13 -04:00
Matt Nelson
40519e76ea
Merge pull request #55 from i223t/expect100continue_fix
...
417 Expectation failed error fix
2016-06-24 22:42:07 -04:00
Matt Nelson
039934b883
Merge pull request #235 from Kevin-Robertson/master
...
Sync with Inveigh 1.1.1 and current Tater
2016-06-24 22:15:37 -04:00
Matt Nelson
2a23255460
Fixed typo thanks to @jrmdev
...
Typo prevented the module from working. Implemented fix submitted here: https://github.com/PowerShellEmpire/Empire/pull/262 by @jrmdev.
2016-06-24 21:33:12 -04:00
Matt Nelson
fae79cef1d
Merge pull request #247 from n0clues/master
...
Change paths from %TEMP% to %PUBLIC% for spawnas module
2016-06-24 21:24:48 -04:00
n0clues
9c00cb4d70
Change paths from %TEMP% to %PUBLIC% for spawnas module
2016-06-16 16:09:50 +02:00
Harmj0y
b6db99f66f
Fix for situational_awareness/host/computerdetails object output.
2016-05-27 15:16:22 -04:00
Harmj0y
0fb6599c77
More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219
2016-05-27 14:37:15 -04:00
Harmj0y
7a47ea3583
Fix for issue #232
2016-05-27 14:02:34 -04:00
leoloobeek
75dfe996e7
Typo fix
2016-05-12 01:41:29 -05:00
lloobeek
61bddbc9ab
Edited MS16-032 exploit for Empire
2016-05-12 01:16:04 -05:00
Kevin Robertson
5158c160b4
Sync with Inveigh 1.1.1 and current Tater
2016-05-10 23:12:34 -04:00
Alexander
9c8feb170f
Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/dev'
2016-04-29 15:10:45 -05:00
Alexander
065f940f4d
Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/master'
2016-04-29 15:10:19 -05:00
Jared Haight
5d101cb228
typing is hard
2016-04-29 14:50:34 -04:00
Jared Haight
6e42249417
removed template stuff
2016-04-29 14:49:03 -04:00
Jared Haight
b3224860df
adding the invoke-metasploitpayload module
2016-04-29 11:52:58 -04:00
HarmJ0y
47c75a5902
Merge pull request #198 from matterpreter/dev
...
Teensy stager
2016-04-28 15:48:46 -07:00
Rob Fuller
7d692a1f69
No need for elevated
...
You don't need elevation to extract kerberos tickets
2016-04-28 08:35:30 -04:00
matterpreter
a4b99d41f9
Teensy stager
...
Adds the capability to generate a Teensy script to run a one-liner
stage0 launcher. Similar to the existing ducky stager.
2016-04-27 15:58:47 -04:00
Harmj0y
b977dec1ae
Updated PowerView
...
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
2016-04-24 11:26:39 -04:00
Harmj0y
f699ec510d
Fix for issue #178
2016-04-24 10:29:11 -04:00
Matt Nelson
56f7837c0f
Rename regsvr32.py to launcher_sct.py
2016-04-21 17:06:19 -04:00
Matt Nelson
95fbf7f8c5
Merge pull request #193 from subTee/master
...
regsvr32 (sct) Stager
2016-04-21 17:05:26 -04:00
Casey Smith
0686f48e37
Update regsvr32.py
2016-04-21 13:02:18 -06:00
Casey Smith
f7df5ee06a
Update regsvr32.py
2016-04-21 12:53:01 -06:00
Casey Smith
37f6e4f362
Update regsvr32.py
2016-04-21 12:52:40 -06:00
Casey Smith
eb764d1aa9
Create regsvr32.py
2016-04-21 12:49:33 -06:00
Matt Nelson
dce67beaeb
Added tab-completion for list command
2016-04-15 14:42:12 -04:00
HarmJ0y
96ac925773
Merge pull request #182 from xorrior/master
...
Added MiniEye collection module; Minor change to ChromeDump
2016-04-11 15:47:19 -07:00
xorrior
523e4458c1
Added MiniEye collection module; Minor change to ChromeDump
...
MiniEye - Collect recordings from Webcam.
ChromeDump - Modified sqlite DB connection string for read-only access.
2016-04-09 22:11:28 -04:00
HarmJ0y
54037db2b6
Merge pull request #176 from luxcupitor/dev
...
Modules for unauthenticated access to Jenkins Script Consoles to run OS commands
2016-04-08 15:12:17 -07:00
HarmJ0y
db7c1c95b3
Merge pull request #177 from n0clues/master
...
Binding Empire's native listeners to IP specified in Host option…
2016-04-06 22:21:25 -07:00
n0clues
f376dc243c
Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175
2016-04-06 14:24:02 +02:00
Lux Cupitor
4f61ecda2b
added modules for unauthenticated Jenkins Script console access
2016-04-06 08:06:24 -04:00
Harmj0y
b56e5d29ec
listener starting now returns more verbose errors on failure in console and API
...
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
2016-04-01 17:06:21 -04:00
mynameisv
917cb2b246
screeshot in jpeg and shortcut
2016-03-31 23:27:15 +02:00
Harmj0y
ac5b002301
Updated changelog and version number for 1.5.0 release.
2016-03-31 16:06:02 -04:00
HarmJ0y
dae17d1bc1
Merge pull request #165 from Kevin-Robertson/master
...
Inveigh 1.1 and Tater Modules
2016-03-31 11:13:53 -07:00
Harmj0y
c6662d8a3a
Added loading of external module directories with the 'load /DIR/' command in the main menu.
...
Solves issue #81 .
2016-03-30 23:03:02 -04:00
Kevin Robertson
32b36c9597
Comment/Notes changes and WPADResponse removal
...
Updated additional comment/notes. I removed WPADResponse from inveigh
and inveigh_bruteforce since wpad.dat code contains commas. The python
code that is parsing the commas for the array parameters is getting in
that way. I can add WPADResponse back in later.
2016-03-30 15:35:44 -04:00
Alexander
d7cf4c02c4
Merge branch 'master' of https://github.com/0xbadjuju/Empire
2016-03-30 08:27:52 -05:00
Alexander
e6aff73eb1
Merge remote-tracking branch 'refs/remotes/origin/dev'
2016-03-30 08:21:56 -05:00
Kevin Robertson
987679bd9a
Fixed missing single quote in description
2016-03-30 08:52:20 -04:00
Kevin Robertson
7a3a95f735
Sync features with updated versions of Inveigh and Tater
...
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
2016-03-29 23:55:39 -04:00
Alexander
74945a953a
Update normal.py
2016-03-29 17:00:45 -05:00
Alexander
f6fc8550b1
Added normal.dot persistence mechanism
2016-03-29 16:38:02 -05:00
Harmj0y
b3e8ebabe5
Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours
2016-03-26 00:00:40 -04:00
Harmj0y
c2ba61ca8d
added -sta to stager launching
2016-03-25 19:45:09 -04:00
Harmj0y
16fbd88339
For stagers generated through the API, if 'OutFile' is set in the
...
passed arguments, the 'Output' field in stager data return will
contain the base64 encoded value of the generated stager data.
2016-03-24 22:24:01 -04:00
Harmj0y
b43da089ef
Added POST /api/modules/<path:module_name> to task a module with specified options
...
Fix multi-stager generation bug
More exception handling in empire.py
2016-03-24 16:03:31 -04:00
Harmj0y
31eb9d387a
Changed API path from /empire/api/ to /api/
...
Fixed agent renaming bug
2016-03-23 14:30:54 -04:00
HarmJ0y
446a004cc1
Merge pull request #157 from PowerShellEmpire/restful_api
...
RESTful API
2016-03-22 14:15:25 -07:00
Harmj0y
d67bbcce15
more small bug fixes
2016-03-22 14:37:10 -04:00
Harmj0y
2a13328c5b
nav menu bug fix and standardization
2016-03-22 14:32:47 -04:00
Harmj0y
ce307aa6db
fix for issue #155
2016-03-22 01:51:23 -04:00
Harmj0y
502dc5c679
Added SSL and basic token auth to the RESTful API
...
Added random RESTful API token generation on server startup
2016-03-22 01:41:48 -04:00
Harmj0y
ae9f046aba
Added trollsploit/rick_astley to run @SadProcessor's audio rickroll
2016-03-21 23:11:12 -04:00
Harmj0y
9f1deb1d9e
Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db
2016-03-21 22:56:02 -04:00
Harmj0y
eaaea57253
Added /empire/api/listeners/kill to kill a listener specified by POST data
...
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
2016-03-21 21:50:19 -04:00
Harmj0y
334f1f4b5c
Added POST to /empire/api/stagers in API to generate stagers
...
moved empire instantiation into the restful api start
2016-03-21 21:03:32 -04:00
Harmj0y
c15f445892
Revamp of some of the backend to allow for a proper RESTful API
...
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
2016-03-21 20:20:03 -04:00
Harmj0y
e6e5222647
Added lateral_movement/new_gpo_immediate_task
2016-03-19 11:51:09 -04:00
Harmj0y
97335b83d6
-Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script()
...
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
2016-03-19 10:53:28 -04:00
Harmj0y
d5db75c3d0
-Updated PowerView.ps1 code
...
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()
-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
2016-03-19 08:38:18 -04:00
Harmj0y
2382bd0dea
Added privesc/getsystem
2016-03-11 19:31:27 -05:00
Harmj0y
da52a6268b
Attempted fix for issue #136
2016-03-03 19:33:45 -05:00
Harmj0y
08ca63fe09
First pass at stager retries.
2016-03-03 19:13:44 -05:00
Harmj0y
355db39847
Added privesc/mcafee_sitelist
2016-02-18 00:08:08 -05:00
Harmj0y
c32e3d15cd
Additional debugging on sysinfo checkin.
2016-02-17 21:58:09 -05:00
Harmj0y
3b0003f0ce
'--debug 2' now prints all debug signal output to the script as well as ./empire.debug
2016-02-17 20:06:33 -05:00
Harmj0y
b0d90be6fe
Updated changelog and version number. Added '--version' cli option.
2016-02-16 02:27:37 -05:00
Harmj0y
473be51acd
Changed '--listeners' option to '--listener'
2016-02-16 02:02:18 -05:00
Harmj0y
75ea648c49
Small bug fixes.
2016-02-16 01:53:16 -05:00
Harmj0y
734831b5fb
Added a start to cli option parsing for displaying listeners/stagers and generating stagers.
2016-02-16 01:52:32 -05:00
Harmj0y
4bab4f9484
'seachmodule' with no term now lists all modules and descriptions
2016-02-16 00:35:32 -05:00
Kevin Robertson
8b385928dc
Added Tater privesc module
...
Empire module version of https://github.com/Kevin-Robertson/Tater .
2016-02-15 18:40:09 -05:00
Harmj0y
3cf322e76a
Fix for issue #125
2016-01-14 15:57:26 -05:00
Harmj0y
c0d427cdc8
Corrected several bugs in how the workingHours window is handled in the agent
...
Added validation to the workinghours time format
2016-01-11 01:24:46 -05:00
Harmj0y
e696bb7078
spelling mistakes
2015-12-30 16:18:59 -05:00
Harmj0y
8281a9e7ba
Empire 1.4 release.
...
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
2015-12-29 19:29:05 -05:00
Harmj0y
0d30181baf
Added situational_awareness/network/powerview/find_managed_security_groups module
...
implementing @stufus' recent changes
2015-12-29 15:58:39 -05:00
Harmj0y
82fed97485
Fixed various issues for agent profile setting/handling
...
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
2015-12-29 15:57:01 -05:00
HarmJ0y
da439c441b
Merge pull request #118 from jamcut/trusted-document-store
...
Add module to enumerate trusted documents and locations for MS Office.
2015-12-27 13:03:54 -08:00
Jeff McCutchan
b7eb2852f3
Removed more commented lines
2015-12-27 00:08:27 -05:00
Jeff McCutchan
a66d2e536e
Implemented @Harmj0y changes
2015-12-27 00:04:38 -05:00
Jeff McCutchan
ffa6ca6cd0
Added reference to original .ps1 file here too...
2015-12-24 08:40:12 -05:00
Jeff McCutchan
3c7c4278fa
Change verbiage in module description
2015-12-23 14:00:06 -05:00
Jeff McCutchan
c51b33b74c
Add module to enumerate trusted documents and locations for MS Office.
2015-12-23 13:45:56 -05:00
Harmj0y
687954b6ef
-Sync of Kevin Robertson's lateral_movement/inveigh_relay module
...
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
2015-12-22 15:05:22 -05:00
HarmJ0y
c6ff79d7b8
Merge pull request #117 from stufus/add_egress_busting
...
Add Egress Checking Traffic Generator Module
2015-12-22 11:40:32 -08:00
HarmJ0y
ffe76b3828
Merge pull request #110 from Kevin-Robertson/master
...
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
2015-12-22 11:40:14 -08:00
Stuart Morgan
c2d6172587
Fixed author array
2015-12-21 23:01:38 +00:00
Stuart Morgan
4c87700c6d
Fix up verbosity
2015-12-21 22:47:54 +00:00
Stuart Morgan
cea0826222
Rework this to remove the -verbosity parameter now that Ive realised that Write-Verbose exists....:)
2015-12-21 22:18:52 +00:00
Stuart Morgan
dc9808b06b
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting
2015-12-21 20:50:11 +00:00
Harmj0y
c95d8786aa
hop.php redirector fix
...
removed requirement for credentials from lateral_movement/invoke_psremoting
2015-12-21 00:33:03 -05:00
Harmj0y
c12eac3200
Added trollsploit/rick_ascii
2015-12-16 20:36:07 -05:00
Harmj0y
bcb2f4677f
Fix for issue #112
2015-12-16 17:42:51 -05:00
Stuart Morgan
8f88c5bdce
This works! Amazingly....just needs tidying up and polishing (and sorting out the Write-Hosts)
2015-12-15 23:49:09 +00:00
Stuart Morgan
8ff5f7723a
turns out that you need commas in the options dict....:)
2015-12-15 23:38:33 +00:00
Stuart Morgan
b4ed0ceadb
Added the options to the python side
2015-12-15 23:34:38 +00:00
Stuart Morgan
d1572d325b
Continuing work
2015-12-15 23:29:00 +00:00
Kevin Robertson
6186502749
Added Inveigh's HTTP NTLMv2 to SMB relay as an Empire module
...
This module is a direct copy/paste of the Invoke-InveighRelay function
from the standalone version of Inveigh. The module will relay incoming
HTTP NTLMv2 authentication requests to an SMB target. If authentication
is successful and the user is a local administrator on the target
system, the specified command should be executed on the target PSexec
style. This module can be used with or without collection/inveigh. If
collection/inveigh is used, ensure that HTTP is disabled in
collection/inveigh. If this module is used without collection/inveigh,
another method will need to be employed to trigger incoming HTTP
requests.
This module has been successfully tested with Empire's launcher
one-liner to establish additional agents. In testing I observed a delay
(30 seconds or so) between the service creation message and Empire's
agent active message.
harmj0y: As I mentioned in the collection/inveigh pull request comments,
the length of the parameter names is throwing off Empire's options
command column display alignment. I'm not sure if there is an easy fix
for this. Also, I used the same code that you added to inveigh.py after
the pull request. With this code, I did not observe that the
SMBRelayCommand value needed to be wrapped in quotes.
2015-12-14 21:48:49 -05:00
Harmj0y
c1043156e1
Module argument tweaks to collection/inveigh.py
2015-12-14 16:04:49 -05:00
Kevin Robertson
e2209606aa
Synced collection/inveigh with current standalone Inveigh code
...
Direct copy/paste of Invoke-Inveigh function from current standalone
version of Inveigh. This version contains a number of
additions/changes/bug fixes. There are two primary additions that may be
useful to Empire users. The first is that 1122334455667788 is no longer
used as the default challenge over HTTP since it's now getting flagged
by SEP and maybe others. The default behavior is a random challenge for
each request. A specific challenge can also be specified through the
'challenge' parameter. The second is the ability to set a run time so
that collection/inveigh will auto-exit after a specified number of
minutes. On the python side, I have added the additional relevant
parameters and flipped the module to opsec safe since no files are
created on disk.
2015-12-13 19:31:52 -05:00
Harmj0y
93c1d46236
Updated powerview.ps1
...
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
2015-12-11 17:56:25 -05:00
Stuart Morgan
767d1f97a2
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire into add_egress_busting
2015-12-11 10:04:53 +00:00
Stuart Morgan
21ae58cea0
Added template python script (on the python side) for the egresscheck ps1
2015-12-10 19:30:07 +00:00
Harmj0y
788747fa92
Added lsadump::cache and lsadump::sam Mimikatz modules.
2015-12-09 15:20:13 -05:00
Harmj0y
d03cecbc37
Bug fix for installations transitioning to autorun code with old database.
2015-12-01 12:15:01 -05:00
HarmJ0y
9d9389d0a1
Merge pull request #104 from monoxgas/master
...
Added Hashdump using Invoke-DCSync
2015-12-01 10:28:45 -05:00
Nick Landers
7ab8cf4e94
I knew that...
2015-12-01 00:00:51 -07:00
Nick Landers
e8337f47f4
Fixing small things
2015-11-30 22:19:24 -07:00
Harmj0y
cb67368e2e
Updated version and changelog
2015-11-30 23:23:03 -05:00
Harmj0y
1ba56acc13
Added persistence/userland/backdoor_lnk
2015-11-30 23:20:49 -05:00
Nick Landers
d6443b9399
Update dcsync-hashdump.py
2015-11-30 18:27:19 -07:00
Monox Gas
5a85be3d37
Update Fixes
2015-11-30 18:21:22 -07:00
Nick Landers
63ea2f842c
Create dcsync-hashdump.py
2015-11-30 17:39:30 -07:00
Harmj0y
6df2841ff7
Combined persistence/debugger/* into persistence/misc/debugger
2015-11-30 00:54:55 -05:00
Harmj0y
1d1fa61116
Added SysWow64 option to management/spawn to spawn a 32-bit powershell.exe
2015-11-29 15:20:16 -05:00
Harmj0y
41cc316406
Added MailRaider's disable_security.py module
2015-11-29 12:48:06 -05:00
Harmj0y
66b7aa17f1
Added several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1
2015-11-29 11:58:16 -05:00
Harmj0y
743fe02b44
Removed non-ascii character from Get-FoxDump.ps1
...
Added ascii check before module tasking
2015-11-28 20:24:45 -05:00
xorrior
42c7eb901d
Merge branch 'master' of https://github.com/xorrior/Empire
2015-11-28 16:34:19 -05:00
xorrior
104166f8e8
Added 64-bit version of Assembly in ChromeDump. Removed unnecessary functions in FoxDump
2015-11-28 16:34:13 -05:00
Harmj0y
f853e6d750
Added option parsing and cred store support to lateral_movement/invoke_sshcommand
2015-11-28 16:00:16 -05:00
HarmJ0y
ebc023d560
Merge pull request #101 from rvrsh3ll/master
...
Add Invoke-SSHCommand
2015-11-28 15:50:57 -05:00
rvrsh3ll
6c867048c4
Add Invoke-SSHCommand
2015-11-25 15:49:36 -05:00
xorrior
c65498371f
Merge branch 'master' of https://github.com/xorrior/Empire
2015-11-25 11:55:44 -05:00
xorrior
acb9d1bb2f
Added ChromeDump and FoxDump modules
2015-11-25 11:55:36 -05:00
HarmJ0y
ddb47c3cdb
Merge pull request #98 from PowerShellEmpire/script_autorun
...
Script autorun
2015-11-24 17:07:14 -05:00
Harmj0y
3817385bb2
Fixed agent result caching bug (again)
...
Fixed multiple agent-interaction bug that causes results to be displayed simultaneously
2015-11-24 00:41:16 -05:00
Harmj0y
79400a329f
Fixup for recon/http_login
2015-11-24 00:22:42 -05:00
HarmJ0y
cf9f2f0cbf
Merge pull request #96 from rvrsh3ll/master
...
Added HTTP-Login Recon Module
2015-11-23 23:16:14 -05:00
Harmj0y
6de27d4846
Corrected /dc flag in credentials/mimikatz/dcsync
2015-11-23 21:06:06 -05:00
rvrsh3ll
b703e13614
Added HTTP-Login Recon Module
2015-11-23 08:50:58 -05:00
Harmj0y
aa9c9e804e
Added management/invoke_script
2015-11-22 17:36:57 -05:00
Harmj0y
e59844be72
Added ability to set a script to run on each agent checkin with "set Agent autorun" in module menu.
...
"(Empire: agents) > clear autorun" will clear out any current autoruns
WARNING: this requires a DB schema mod to work correctly, meaning you will lose current
agent connection information if run!
2015-11-22 17:25:28 -05:00
Harmj0y
8637a49338
Fixed nested menu bug that caused buildup of "Agent X not active."
...
Main display menu now shows each time "main" menu is entered.
2015-11-21 20:03:40 -05:00
Harmj0y
2c14853b29
Fix for exploitation/exploit_jboss
2015-11-21 18:07:57 -05:00
rvrsh3ll
b8d34090fe
Added JBoss JMX Console exploit deployment module.
2015-11-20 12:37:19 -05:00
Harmj0y
8961af6262
Added situational_awareness/network/powerview/get_loggedon and get_session
2015-11-12 23:17:37 -05:00
Harmj0y
6058f25a57
few tweaks to recon/find_fruit
2015-11-08 20:40:07 -05:00
HarmJ0y
c68177cff7
Merge pull request #87 from rvrsh3ll/master
...
Threading Updates
2015-11-08 20:37:41 -05:00
Harmj0y
c9afcc138f
Updated PowerView, added situational_awareness/network/powerview/get_forest
2015-11-08 19:36:20 -05:00
Harmj0y
7252718537
derp
2015-11-08 19:00:03 -05:00
Harmj0y
7db7ec6bbc
All PowerUp modules now dynamically built from a single source file
...
PowerUp bug fixes
Added privesc/powerup/service_exe_restore, pulled logic from other modules
Added management/spawnas to spawn agents with explicit credentials
Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
Write-Verbose and Write-Debug lines now stripped from tasked scripts
2015-11-08 18:51:57 -05:00
rvrsh3ll
746f390a1d
Added Threading
...
Added FoundOnly
2015-11-08 08:10:32 -05:00
Harmj0y
3315c106ba
Renamed privesc/directuac to privesc/ask
...
Added local admin priv and opsec checks
2015-11-05 13:06:36 -05:00
João Pena Gil
6adfacf8f6
Privesc - DirectUAC
...
Added DirectUAC module.
Description:
Leverages Start-Process' -Verb runAs option inside a loop to prompt the user for a high integrity context before running the agent code.
UAC will report Powershell is requesting Administrator privileges. Because this does not use the BypassUAC DLLs, it should not trigger any AV alerts.
2015-11-05 09:53:34 +00:00
Harmj0y
4e95039bc4
added persistence/misc/add_netuser to add local/domain users
2015-11-04 15:19:06 -05:00
Harmj0y
ced2b5d373
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire
2015-11-02 14:53:06 -05:00
Harmj0y
55709598d5
Bug fix in some packet responses.
2015-11-02 14:52:46 -05:00
redfast00
545d947183
Corrected a typo preventing the autorunning macro from automatically running
2015-10-30 21:44:58 +01:00
Harmj0y
c26a63ad94
marked module option as not required
2015-10-30 13:51:59 -04:00
Harmj0y
581c9aa948
Moved antivirusproduct to situational_awareness/host/antivirusproduct ,
...
added ComputerName option, output pipeline fix.
2015-10-30 13:39:25 -04:00
HarmJ0y
59aa123d88
Merge pull request #77 from mh4x0f/master
...
added module collection/Get-AntiVirusProduct
2015-10-30 13:36:21 -04:00
Harmj0y
1bedcee211
Updated version number and changelog for 1.3.1
2015-10-30 12:08:57 -04:00
Mharcos Nesster
95ef63fb74
added module collection/Get-AntiVirusProduct
2015-10-30 00:22:16 -02:00
pasv
d6daa45646
Merge branch 'master' into module_dev_paranoia
2015-10-28 23:39:38 -04:00
Harmj0y
e62c5866c0
Moved Find-Fruit.ps1 source to ./data/module_source/recon/*
...
Output tweak for find_fruit, added ShowAll flag
2015-10-28 13:52:35 -04:00
HarmJ0y
8ac51073e6
Merge pull request #69 from rvrsh3ll/master
...
Added find-fruit.py
2015-10-28 13:41:34 -04:00
Steve Borosh
c948fcdbfb
Parameter fixes
2015-10-27 17:43:01 -04:00
Harmj0y
4ceafec807
add_sid_history Groups bug fix
2015-10-27 14:48:43 -04:00
Steve Borosh
2855b3e045
Fix
2015-10-24 22:58:38 -04:00
Steve Borosh
d66c511252
Added find-fruit.py
2015-10-24 22:09:35 -04:00
Harmj0y
0cbdb165a2
-Updated powerview.ps1 source to Version 2.0
...
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
2015-10-23 21:40:06 -04:00
enigma0x3
5d8a64f75b
Merge pull request #63 from jamcut/legacy-option-for-macro-stager
...
Added "LegacyMacro" option for Office 97-2003 compatibility
2015-10-21 12:39:09 -04:00
Jeff McCutchan
eb779309d2
Changed the macro to support both file types
2015-10-15 14:24:42 -04:00
enigma0x3
2cb68f2da6
Update prompt.py
2015-10-14 17:12:53 -04:00
Jeff McCutchan
3b8d18a41e
Added "LegacyMacro" option which creates a macro compatible with Office 97-2003 documents.
2015-10-14 17:08:43 -04:00
enigma0x3
d5344b6716
Merge pull request #51 from xorrior/master
...
Modified Invoke-WinEnum
2015-10-13 06:56:12 -04:00
enigma0x3
4f413b1a98
Updated name so the script loads correctly.
2015-10-12 17:26:59 -04:00
enigma0x3
a46bdac77d
Updated to remove testing code and return "script"
2015-10-08 19:24:08 -04:00
i223t
b35ce82976
417 Expectation failed error fix
2015-10-02 09:13:23 +01:00
Harmj0y
6be3d4ce8b
remove debug
2015-09-22 09:34:27 -04:00
Harmj0y
858f6b3a1c
Additional download file path checks.
2015-09-22 09:33:21 -04:00
Harmj0y
9079a54119
Fix for 'skywalker' file overwrite exploit on control server.
...
Thank you to @zeroSteiner for the disclosure!
2015-09-21 22:32:46 -04:00
xorrior
7541ea23e8
Modified Invoke-WinEnum
...
Added Firewall Rules enumeration. Slightly modified file searches to
only pull files owned by the user. Changed formatting.
2015-09-14 16:34:32 -04:00
Harmj0y
ed8c476f43
Added credentials/mimikatz/mimitokens to take advantage of Mimikatz' token listing/elevation
...
Added management/enable_multi_rdp to patch terminal services to allow mutiple connections
2015-09-12 08:32:43 -04:00
Harmj0y
140c4baf7a
Fixed write_dllhijacker.
2015-09-12 08:23:12 -04:00
enigma0x3
d581538fd1
updated description
2015-09-09 13:46:07 +02:00
enigma0x3
629c8f695c
Updated to change comment wording
2015-09-03 07:55:48 -04:00
pasv
22dea0ba0a
Fixed module template to reflect required OutputExtension parameter
2015-09-03 04:05:45 -04:00
pasv
875284be7a
Working release
2015-09-03 03:44:34 -04:00
Harmj0y
fd1d17a647
Added /dc option to credentials/mimikatz/dcsync
2015-09-02 21:43:01 -04:00
Jack64
d06370e4f1
fix hard-coded event subscription name
...
Before this change, the command
` set SubName `
did not change the event subscription name installed by the agent as instructed by the user.
2015-08-31 15:45:38 +01:00
Harmj0y
a92189b95c
Updated changelog and version for 1.2 release.
2015-08-30 15:59:50 -04:00
Harmj0y
e1cdef1d19
Removed print output
2015-08-30 15:47:47 -04:00
Harmj0y
40fda2dd04
Merge branch 'master' of https://github.com/PowerShellEmpire/Empire
2015-08-29 20:35:10 -04:00
Harmj0y
c021bdf6f3
Credentials from collection/prompt now scraped into the creds db
2015-08-29 20:34:23 -04:00
Harmj0y
788be8b06a
Converted message HMAC from MD5 to SHA1
2015-08-27 18:40:19 -04:00
Harmj0y
a669c85824
Modified war stager to not drop any temp files to disk.
2015-08-26 20:23:10 -04:00
HarmJ0y
c0d7fcaf55
Merge pull request #30 from ch33kyf3ll0w/master
...
Added the war.py Stager
2015-08-26 20:18:50 -04:00
HarmJ0y
8eaf601ea5
Merge pull request #33 from PowerShellEmpire/inveigh
...
Integration of Kevin Robertson's Inveigh project
2015-08-26 17:23:52 -04:00
enigma0x3
d3fc5137d4
added privesc/bypassuac_wscript
2015-08-25 21:18:48 -04:00
Harmj0y
fb9c18769f
Added collection/inveigh.
2015-08-25 17:21:59 -04:00
sixdub
d1ce277330
Merge branch 'master' into international_support
2015-08-24 22:56:58 -04:00
ch33kyf3ll0w
ef64deb25d
Created war.py
...
Wrote a new stager that deploys the empire agent via WAR file.
2015-08-24 18:40:06 -05:00
sixdub
32e95b4f93
Fixed credential parsing bug
2015-08-24 18:42:32 -04:00
Harmj0y
b2cca2f3fd
Added credentials/mimikatz/dcsync for remote DC credential extraction
...
Added situational_awareness/network/get_domaintrusts
Added /sids argument for credentials/mimikatz/golden_ticket
Added credential parsing for dcsync output
updated links for PowerTools
2015-08-24 17:33:35 -04:00
root
31febba7cb
Modified packet. Support unicode chars in agent
2015-08-24 09:04:21 -04:00
Justin
cf935db0ae
Merge pull request #18 from 1njected/master
...
Added support for custom proxy and fixed Epoch/counter to support other cultures/datetime-formats
2015-08-24 08:00:58 -04:00
Harmj0y
59633fefa1
More bug fixes for lsadump::dcsync.
2015-08-24 01:45:04 -04:00
Harmj0y
683e6403c3
Added -Domain option for lsadump::dcsync in credentials/mimikatz/dcsync
2015-08-24 01:33:12 -04:00
Harmj0y
be637dd38a
Updated .dll for Invoke-Mimikatz, including lsadump::dcsync functionality.
2015-08-24 01:28:11 -04:00
Harmj0y
54c7300998
Tweaks to fix for issue #23
2015-08-21 15:24:12 -04:00
Harmj0y
b434102f2c
Error handling for issue #23
2015-08-21 14:17:55 -04:00
Harmj0y
5b40197fd5
'list [agents/listeners] <modifier>' should now be a universal option in every menu
...
Added 'run' alias for 'execute' in listener menu as well.
2015-08-20 19:08:40 -04:00
Harmj0y
0e0c94b94a
Aliased run for execute.
2015-08-20 18:49:23 -04:00
Harmj0y
804e1a01a2
Revamped basic shell operations in agent core (cp, dir, mv, etc.)
...
Standardized UNC path normalization in agent core
added hostname alias
2015-08-20 15:32:26 -04:00
Harmj0y
39d974bb09
Continued porting native shell commands to WMI replacents in agent core
...
In agent menu, 'shell CMD' now runs straight IEX CMD, and 'help agentcmds' shows safe aliases
Modified ./setup/reset.sh to work from parent or ./setup/ folders
2015-08-20 14:35:42 -04:00
Harmj0y
4bb0bc4d47
Corrected menu behavior on agent exit, bug fix on some dir behavior
2015-08-19 15:51:36 -04:00
Harmj0y
23a3aa3f07
Added management/zipfolder for folder zipping/exfiltration.
2015-08-19 14:56:00 -04:00
Harmj0y
46bf3040f0
Added collection/packet_capture to use netsh to initiate a packet capture.
2015-08-19 12:57:35 -04:00
Tomas Rzepka
cf96626e8d
Added support for custom proxy.
2015-08-19 10:00:32 +02:00
Harmj0y
f07a4d4a3f
Added collection/netripper implementation of the NetRipper project from Ionut Popescu (@NytroRST)
2015-08-18 21:09:05 -04:00
ch33kyf3ll0w
5308dafff2
Update hta.py
...
Unexpected line ident. Threw off Empire startup.
2015-08-16 12:27:26 -05:00
Casey Smith
1d37d7702a
Create hta.py
2015-08-16 10:46:29 -04:00
Harmj0y
6ddce8bb7e
Added lateral_movement/invoke_psexec
2015-08-16 10:46:22 -04:00
Harmj0y
2b499a559c
Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner
2015-08-16 10:46:12 -04:00
enigma0x3
8c36d463e3
Update macro.py
...
"Set" in VBA instantiates an object. A string var isn't defined as an object, so this fails. Updated to remove "Set" from initial str instantiation.
2015-08-14 09:43:13 -04:00
sixdub
4a1a4e6960
Fixed IOError
2015-08-14 09:43:12 -04:00
enigma0x3
3ade74603f
Update schtasks.py
...
fixed registry storage
2015-08-14 09:43:12 -04:00
enigma0x3
afe64910a3
Update registry.py
...
Updated to fix execution of registry key
fixed registry parsing
2015-08-14 09:43:02 -04:00
Harmj0y
4572513129
Bug fix in stagers/macro module.
2015-08-14 09:43:01 -04:00
enigma0x3
52de78bfc3
Update registry.py
...
Made listener requiered.
2015-08-14 09:42:55 -04:00
enigma0x3
7ca33a108e
Update messages.py
2015-08-14 09:42:54 -04:00
enigma0x3
3222556c2c
Update empire.py
2015-08-14 09:42:54 -04:00
enigma0x3
6ace392e19
added additional delay to intervalmax
...
Ensures only stale agents are actually listed.
2015-08-14 09:42:54 -04:00
Harmj0y
d44b1f1ec6
Added "list stale" and "remove stale" agents commands to list/remove
...
agents past their max checkins.
2015-08-14 09:42:54 -04:00
Harmj0y
8423c4f3bf
"agents> remove X" now removes agents that checked in > X minutes ago
2015-08-14 09:42:54 -04:00
Rohan Vazarkar
bdfec8c732
Updated title credits to include enigma0x3
2015-08-14 09:42:54 -04:00
Harmj0y
404d435bb0
Fixed agent.log output bug with new lostlimit logic.
2015-08-14 09:42:54 -04:00
Harmj0y
02c25719a1
Few bug fixes for the LostAgentDetection code.
2015-08-14 09:42:54 -04:00
sixdub
da6c5a983c
Updated Lost Agent Detection
2015-08-14 09:42:54 -04:00
sixdub
834b5c03fc
Added missed CB limits
2015-08-14 09:42:54 -04:00
enigma0x3
ef6b645ffe
updated to fix usestager tab completion bug
2015-08-10 09:06:13 -04:00
enigma0x3
57c2d26333
updated ip_whitelist from file
...
when setting whitelists from a text file, empire adds the contents of that file to the IP black lists. updated to ensure it adds the IPs to the correct list.
2015-08-10 07:53:22 -04:00
Jon Cave
4624cff0e6
Authenticate the encrypted communications
2015-08-08 18:54:02 +01:00
Harmj0y
629c648c2b
Updated citataions and documentation.
2015-08-08 12:06:44 -04:00
enigma0x3
175d8df7f0
Update userhunter.py
2015-08-06 04:08:50 -04:00
enigma0x3
fb6c28bd3b
Update stealth_userhunter.py
2015-08-06 04:08:37 -04:00
enigma0x3
174e767721
Update sharefinder.py
2015-08-06 04:08:22 -04:00
enigma0x3
c911a5c478
Update reverse_dns.py
2015-08-06 04:08:08 -04:00
enigma0x3
d8dbcc7eea
Update portscan.py
2015-08-06 04:07:51 -04:00
enigma0x3
d1d9ba6e36
Update netview.py
2015-08-06 04:07:34 -04:00
enigma0x3
0f3607ad9a
Update mapdomaintrusts.py
2015-08-06 04:07:15 -04:00
enigma0x3
508c39c3fe
Update get_user.py
2015-08-06 04:06:58 -04:00
enigma0x3
65a25425cf
Update get_spn.py
2015-08-06 04:06:40 -04:00
enigma0x3
fd5d181b9d
Update get_localgroup.py
2015-08-06 04:06:19 -04:00
enigma0x3
63ec7e252b
Update get_exploitable_systems.py
2015-08-06 04:06:02 -04:00
enigma0x3
1915ee033a
Update get_computer.py
2015-08-06 04:05:30 -04:00
enigma0x3
9c3b2192e4
Update find_localadmin_access.py
2015-08-06 04:05:11 -04:00
enigma0x3
8d9bdf272b
Update arpscan.py
2015-08-06 04:04:46 -04:00
Jared Haight
ca0a2e1bdf
Fixed file path typo
2015-08-05 21:19:44 -04:00
Jared Haight
e3148de261
Fixed file path typo
2015-08-05 21:19:18 -04:00
Harmj0y
751d0c15d6
Initial BSidesLV '15 release of v1.0.0
2015-08-05 14:36:39 -04:00