infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,500 Commits
11 Branches
13 Tags
21 MiB
Commit Graph

367 Commits (ad7ccf7a60bcf3db3de4672c332f00aefd780ec5)

Author SHA1 Message Date
Petr Medonos 42745800c3 bypass UAC module based on fodhelper.exe technique (https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/) 2017-06-29 15:41:52 +02:00
cobbr c691830ddd Merge branch '2.0_beta' of https://github.com/cobbr/ObfuscatedEmpire into 2.0_beta 2017-06-19 22:35:34 -05:00
cobbr 8f98d642d8 Fixed Invoke-Obfuscation byte-array issue, ConfirmImpact issue, and PowerUp missing semi-colon 2017-06-19 22:35:06 -05:00
Ryan Cobb f776011e2f Merge pull request #8 from EmpireProject/master 
Merge latest Empire commits
 2017-06-18 22:59:28 -07:00
cobbr f2b025395f Added obfuscation to new modules 2017-06-19 00:46:30 -05:00
Chris Ross 0b582eac36 Merge pull request #578 from dchrastil/module/prompt-sandboxmode 
Added 'SandboxMode' to evade Apple Sandbox protection on applescript
 2017-06-15 17:20:56 -04:00
disk0nn3ct 7074616113 Added 'SandboxMode' option to evade Apple Sandbox protections on applescript 2017-06-13 23:34:50 -06:00
Chris Ross c9959753fc Merge pull request #557 from tevora-threat/dropboxpull 
Addition of DropBox Exfil Module
 2017-06-07 20:13:07 -04:00
Chris Ross b7cb687418 Merge pull request #509 from tristandostaler/dev 
Added wmi_updater module
 2017-06-06 21:38:15 -04:00
tristandostaler c2d865be68 Added the option for the custom launcher 2017-06-06 12:30:58 -04:00
Chris Ross a629b6179a Merge pull request #532 from ThePirateWhoSmellsOfSunflowers/add-ms16135 
Add privesc module MS16-135
 2017-06-05 23:23:43 -04:00
kevin dick 63e373a7da added eternal blue exploitation module 2017-06-04 10:05:26 -07:00
kevin dick 0c3170f9ca added dropbox exfil module 2017-06-02 19:04:32 -07:00
rvrsh3ll c2b155202b BloodHound update 2017-05-26 11:58:52 -04:00
ThePirateWhoSmellsOfSunflowers 930e31c509 Minor changes 2017-05-22 20:28:58 +02:00
ThePirateWhoSmellsOfSunflowers 15f961c058 Initial commit, add MS16-135 exploit 2017-05-21 20:49:49 +02:00
rvrsh3ll 6d88e8ee1b GetSchwifty fix 2017-05-16 09:25:27 -04:00
rvrsh3ll ec6daaba3f GetSchwifty fix 2017-05-16 09:23:45 -04:00
rvrsh3ll 7ad76fdc1f Added get schwifty trollsploit module 2017-05-16 09:15:28 -04:00
cobbr d11221bead Merge latest Empire commits 2017-05-15 18:44:05 -05:00
r1p 46fa5b34f9 Added wmi_updater module 2017-05-15 11:10:51 -04:00
Chris Ross 2654f02552 Merge pull request #504 from n00py/2.0_beta 
Change Agent option description [Typo]
 2017-05-13 23:36:59 -04:00
rvrsh3ll 44d61d3b28 Add DCOM Lateral Movement 2017-05-12 10:10:21 -04:00
n00py c34377e8ce Change Agent option description 
The template is pre-populated with "Agent to grab a screenshot from" but that description does not apply here.
 2017-05-11 10:24:56 -06:00
n00py 5d197907f4 Change Agent option description 
The template is pre-populated with "Agent to grab a screenshot from" but that description does not apply here.
 2017-05-11 10:24:03 -06:00
Brandon Arvanaghi fb4621645d SessionGopher 2017-05-07 22:55:11 -04:00
Brandon Arvanaghi 02e2a2dfce SessionGopher 2017-05-07 22:11:32 -04:00
cobbr 8d1efea1b9 Merge branch '2.0_beta' of https://github.com/EmpireProject/Empire into EmpireProject-2.0_beta 2017-04-22 21:08:55 -05:00
chris e1f7bda70e Moved management/redirector to inactive modules 2017-04-22 21:31:47 -04:00
cobbr dac5ba6b39 Improved preobfuscate command, better support for invoke-obfuscation style obfuscate commands, added warning message when trying to obfuscate without PowerShell installed 2017-04-22 20:17:28 -05:00
Chris Ross 3b722d013f Merge pull request #483 from Kevin-Robertson/2.0_beta 
Inveigh 1.3.1 Modules
 2017-04-20 21:42:41 -04:00
Chris Ross 92cc1ec36d Merge pull request #472 from benichmt1/wlmdr-2.0_beta 
Add Wlrmdr.exe Popup module (Licensing Balloons) - 2.0 beta format
 2017-04-20 21:29:34 -04:00
a5b9f44cad Moved socks module 2017-04-20 21:21:39 -04:00
Chris Ross 042f24ab3b Merge pull request #478 from klustic/2.0_beta 
Added a module for SOCKSv5 proxying
 2017-04-20 21:17:48 -04:00
Kevin Robertson 534218cf31 Inveigh 1.3.1 Modules 
Sync with Inveigh 1.3.1.
 2017-04-09 16:37:51 -04:00
Chris Ross 287ecd3f0a Merge pull request #452 from n00py/2.0_beta 
VNC Inject
 2017-04-09 16:08:41 -04:00
Chris Ross 3cafd25f51 Merge pull request #437 from 0xbadjuju/2.0_beta 
PowerUpSQL Modules
 2017-04-09 14:59:11 -04:00
Chris Ross 3baad71f09 Merge pull request #438 from erikbarzdukas/dev-monitortcp 
New module to monitor TCP connections
 2017-04-08 23:16:12 -04:00
Chris Ross a58e1c8d6d Merge pull request #350 from leesoh/powershell-template 
Documentation, reorganization, and a touch of PEP8
 2017-04-08 15:32:41 -04:00
ThePirateWhoSmellsOfSunflowers 51082a66fc Fix harcoded path, should resolv #465 2017-04-06 20:02:00 +02:00
Kevin 05dae225b6 Added a new module for SOCKSv5 proxying 
When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:

https://github.com/klustic/AlmondRocks
** Server Usage **
$ ./almondrocks.py server -d -t 4433 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 4433
set Agent ...
 2017-04-05 10:24:31 -06:00
Michael Benich d948ce3eb2 Fixed extra bracket 2017-03-13 13:51:26 -04:00
cobbr 52008f8a32 Update powershell module template 2017-03-11 22:10:21 -06:00
cobbr ab1b3e5f3f Implement Obfuscation 2017-03-11 17:35:17 -06:00
Michael Benich 76dd97ca99 Add wlmdr.py (for 2.0_beta_ 
Update for 2.0 module
 2017-03-02 16:26:01 -05:00
n00py b8f0bb2bbd Added module for enabling ARD 2017-02-10 08:38:46 -07:00
n00py f6a0ed6f0e Update vnc.py 2017-02-09 15:12:35 -07:00
n00py d78972ea05 Create vnc.py 2017-02-09 15:07:40 -07:00
killswitch-gui dd6a8d4450 change imports 2017-02-08 11:55:57 -05:00
killswitch-gui beca8fa1a9 add in ability to set interface 2017-02-08 09:31:38 -05:00
killswitch-gui 0ff5a98dd9 add osx sniffer/fix sudospawn 2017-02-07 23:50:01 -05:00
Alexander de9b05e5f9 Merge remote-tracking branch 'refs/remotes/adaptivethreat/2.0_beta' into 2.0_beta 2017-01-17 11:00:13 -06:00
root 72727f2ecd Merge branch '2.0_beta' of https://github.com/erikbarzdukas/Empire into dev-monitortcp 
Updated repo
 2017-01-16 18:50:02 -05:00
root e16ed25d07 Updated python module code 2017-01-16 18:22:50 -05:00
Alexander affd33d413 2.0 Initial Commit 2017-01-16 14:08:27 -06:00
Chris 4b79172d13 Removed unnecessary imports for Foundation and LaunchServices 2017-01-09 20:59:14 -05:00
Chris 3e7c2b9dea Removed Foundation import. Unnecessary. 2017-01-09 20:54:31 -05:00
Chris bfd9ee1413 Changed native_screenshot to be opsec safe. Added safe aliases for screenshot, ls, whoami 2017-01-07 22:15:20 -05:00
root 3ee18a061f Initial monitortcpconnections file 2017-01-06 16:50:04 -05:00
Chris e5bf468158 Fix for issue #382. Fixed downloads in python agent. updated install script to include zlib_wrapper module. 2017-01-04 22:39:37 -05:00
Chris 3fae3e2ac5 Modified how listener settings are obtained to resolve issue 412 2016-12-23 00:20:48 -05:00
Chris 58efd3d0c3 Fixed logic for PEUrl and DllPath check 2016-12-21 09:05:44 -05:00
Chris 714c56e58b Add Invoke-ExecuteMSBuild lateral movement module 2016-12-14 17:04:02 -05:00
Chris 3148493e15 Fixed issue 421 in reflectivepeinjection module 2016-12-11 21:43:19 -05:00
Chris 2d96a72460 Swapped native_screenshot with screenshot source. Modules were named improperly 2016-12-10 22:48:13 -05:00
Chris 2058b86ae8 Corrected key for self.mainMenu.stagers.stagers['windows/launcher_bat'] 2016-12-10 12:31:22 -05:00
Chris 47bbfa64db Fixed pyinstaller. Added -ForceASLR options to ReflectivePEInjection module 2016-12-09 18:17:47 -05:00
rvrsh3ll 619ae2c132 Merge pull request #355 from mlinton/patch-3 
Typo
 2016-11-26 20:44:37 -05:00
rvrsh3ll 9f7eabf587 Merge pull request #366 from nnh100/dev 
Add module to exfiltrate files and data to a GitHub repository
 2016-11-26 15:40:48 -05:00
Adam DeMamp d2179b7042 removed some dcos modules, recommended to now use the http rest api module 2016-11-20 18:23:30 +00:00
Adam DeMamp e1fa30c14f added etcd crawler module 2016-11-20 18:11:55 +00:00
Adam DeMamp a52b680445 added http rest api module 2016-11-20 18:04:31 +00:00
nnh100 7974ea3ae2 Update for 2.0_beta branch 2016-11-14 22:26:25 +00:00
rvrsh3ll 61d92e5738 Update USBKeylogger.py 
Changed 'MinLanguageVersion' : '2'
 2016-11-14 13:08:21 -05:00
conjecturalhex 8f671e9c4f USB ETW keylogger for 2.0_beta branch 2016-11-13 08:15:08 -08:00
HarmJ0y 6ee7e03660 Renamed credentials/get_spn_tickets to credentials/invoke_kerberoast, updated 
kerberoasting code to newest version.
 2016-10-31 19:40:33 -04:00
rvrsh3ll 327f91473b Merge pull request #357 from n00py/2.0_beta 
Module - Sudo Piggyback + Mail Persistence + Bash Profile Backdoor
 2016-10-30 16:45:31 -04:00
Matt Nelson 13678af3b3 Fix for install path bug 2016-10-30 07:44:00 -04:00
nnh100 2ed2df5854 Remove contact 2016-10-28 12:10:01 +01:00
rvrsh3ll 0a0184ae6b Modified smbscanner to require username and password 2016-10-24 10:01:14 -04:00
rvrsh3ll eed8cf1c1f Fixed ms16-032 launcher, issue #359 2016-10-17 19:03:10 -04:00
rvrsh3ll da2cabbddf Spelling fix 2016-10-17 17:26:40 -04:00
nnh100 5d14a92649 Add Invoke_ExfilDataToGitHub.py 2016-10-12 19:59:59 +01:00
n00py 26c8839edf Update bashdoor.py 
Removed iTunes subdirectory
 2016-10-11 09:40:54 -07:00
n00py 3f39272711 new module bashdoor 2016-10-10 13:53:48 -07:00
n00py f7dd1c11e3 removed default trigger 2016-10-08 12:51:46 -07:00
n00py 5ac6b9cf00 modified mail 2016-10-08 12:47:03 -07:00
n00py 1ae3fb906c Merge remote-tracking branch 'origin/2.0_beta' into 2.0_beta 
# Conflicts:
#	lib/modules/python/persistence/osx/mail.py
 2016-10-08 12:46:25 -07:00
n00py 17e97360ff new modules 2016-10-08 12:45:44 -07:00
n00py 2c5d7f5373 Delete mail.py 2016-10-08 11:19:51 -07:00
n00py 06d580e69a new modules 2016-10-07 22:04:58 -07:00
n00py 236d303da3 new modules 2016-10-07 20:52:42 -07:00
n00py c23ceac128 new modules 2016-10-07 20:38:27 -07:00
n00py 16d0df5f04 new modules 2016-10-07 20:38:07 -07:00
mlinton b45d417e1d Typo 
Changed from screenshot
 2016-10-07 13:58:26 -06:00
leesoh a5f9b7a9b4 Documentation, reorganization, and a touch of PEP8 2016-10-05 13:47:17 -06:00
xorrior e93ef08055 Updated Dylib templates. Removed hijacker generation from dylib stager menu. Added additional error checking to the HijackScanner module 2016-10-05 12:40:29 -04:00
HarmJ0y 26cd0089dd 2.0.0 beta, DerbyCon release 2016-09-23 14:04:35 -04:00
enigma0x3 eefc493411 Added fileless UAC bypass using eventvwr.exe 2016-08-15 17:55:57 -04:00
Matt Nelson b7010b7f37 Merge pull request #164 from 0xbadjuju/master 
Resubmitting pull request for normal module
 2016-08-13 21:28:00 -04:00
chris e4aad33146 Renamed module. Merged embedded assemblies. Fixed issue with module execution 2016-07-24 20:16:55 -04:00
Harmj0y bec33f73ac moved collection/keethief to collection/vaults/keethief 
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
 2016-07-20 23:44:30 -04:00
Harmj0y 7790b250a2 misc. bug fixes and standardization updates 2016-07-20 23:39:25 -04:00
Harmj0y 0163ebec06 Added missing Invoke-CredentialInjection.ps1 file 
Updated .gitignore
 2016-07-20 21:51:14 -04:00
Matt Nelson e83b545476 Merge pull request #277 from BeetleChunks/master 
Adding credentials module to extract the current interactive user's Credential Manager credentials.
 2016-07-16 22:06:04 -04:00
Harmj0y 39d174235a Added module collection/keethief 2016-07-16 19:58:08 -04:00
Harmj0y 21893bacde Fix for issue #257 - sysinfo now tasked after steal_token/revtoself 2016-07-15 19:14:43 -04:00
Harmj0y c9bae2fc4c Fix for issue #252 2016-07-15 19:00:49 -04:00
HarmJ0y 8028963b64 Merge pull request #274 from curi0usJack/dev 
Adding SMB auto-brute module
 2016-07-15 14:51:25 -07:00
BeetleChunks 5094c10a42 Add files via upload 2016-07-08 08:59:44 -05:00
@424f424f 05302321ac Add Browser Search Module 2016-07-07 22:46:41 -04:00
curi0usJack 97aa252cad Added smbautobrute.py 2016-07-07 16:31:34 -05:00
Matt Nelson 039934b883 Merge pull request #235 from Kevin-Robertson/master 
Sync with Inveigh 1.1.1 and current Tater
 2016-06-24 22:15:37 -04:00
Matt Nelson 2a23255460 Fixed typo thanks to @jrmdev 
Typo prevented the module from working. Implemented fix submitted here: https://github.com/PowerShellEmpire/Empire/pull/262 by @jrmdev.
 2016-06-24 21:33:12 -04:00
Matt Nelson fae79cef1d Merge pull request #247 from n0clues/master 
Change paths from %TEMP% to %PUBLIC% for spawnas module
 2016-06-24 21:24:48 -04:00
n0clues 9c00cb4d70 Change paths from %TEMP% to %PUBLIC% for spawnas module 2016-06-16 16:09:50 +02:00
Harmj0y b6db99f66f Fix for situational_awareness/host/computerdetails object output. 2016-05-27 15:16:22 -04:00
Harmj0y 7a47ea3583 Fix for issue #232 2016-05-27 14:02:34 -04:00
leoloobeek 75dfe996e7 Typo fix 2016-05-12 01:41:29 -05:00
lloobeek 61bddbc9ab Edited MS16-032 exploit for Empire 2016-05-12 01:16:04 -05:00
Kevin Robertson 5158c160b4 Sync with Inveigh 1.1.1 and current Tater 2016-05-10 23:12:34 -04:00
Alexander 9c8feb170f Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/dev' 2016-04-29 15:10:45 -05:00
Alexander 065f940f4d Merge remote-tracking branch 'refs/remotes/PowerShellEmpire/master' 2016-04-29 15:10:19 -05:00
Jared Haight 5d101cb228 typing is hard 2016-04-29 14:50:34 -04:00
Jared Haight 6e42249417 removed template stuff 2016-04-29 14:49:03 -04:00
Jared Haight b3224860df adding the invoke-metasploitpayload module 2016-04-29 11:52:58 -04:00
Rob Fuller 7d692a1f69 No need for elevated 
You don't need elevation to extract kerberos tickets
 2016-04-28 08:35:30 -04:00
Harmj0y b977dec1ae Updated PowerView 
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
 2016-04-24 11:26:39 -04:00
HarmJ0y 96ac925773 Merge pull request #182 from xorrior/master 
Added MiniEye collection module; Minor change to ChromeDump
 2016-04-11 15:47:19 -07:00
xorrior 523e4458c1 Added MiniEye collection module; Minor change to ChromeDump 
MiniEye - Collect recordings from Webcam.
ChromeDump - Modified sqlite DB connection string for read-only access.
 2016-04-09 22:11:28 -04:00
Lux Cupitor 4f61ecda2b added modules for unauthenticated Jenkins Script console access 2016-04-06 08:06:24 -04:00
mynameisv 917cb2b246 screeshot in jpeg and shortcut 2016-03-31 23:27:15 +02:00
HarmJ0y dae17d1bc1 Merge pull request #165 from Kevin-Robertson/master 
Inveigh 1.1 and Tater Modules
 2016-03-31 11:13:53 -07:00
Kevin Robertson 32b36c9597 Comment/Notes changes and WPADResponse removal 
Updated additional comment/notes. I removed WPADResponse from inveigh
and inveigh_bruteforce since wpad.dat code contains commas. The python
code that is parsing the commas for the array parameters is getting in
that way. I can add WPADResponse back in later.
 2016-03-30 15:35:44 -04:00
Alexander d7cf4c02c4 Merge branch 'master' of https://github.com/0xbadjuju/Empire 2016-03-30 08:27:52 -05:00
Alexander e6aff73eb1 Merge remote-tracking branch 'refs/remotes/origin/dev' 2016-03-30 08:21:56 -05:00
Kevin Robertson 987679bd9a Fixed missing single quote in description 2016-03-30 08:52:20 -04:00
Kevin Robertson 7a3a95f735 Sync features with updated versions of Inveigh and Tater 
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
 2016-03-29 23:55:39 -04:00
Alexander 74945a953a Update normal.py 2016-03-29 17:00:45 -05:00
Alexander f6fc8550b1 Added normal.dot persistence mechanism 2016-03-29 16:38:02 -05:00
Harmj0y ae9f046aba Added trollsploit/rick_astley to run @SadProcessor's audio rickroll 2016-03-21 23:11:12 -04:00
Harmj0y e6e5222647 Added lateral_movement/new_gpo_immediate_task 2016-03-19 11:51:09 -04:00
Harmj0y 97335b83d6 -Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script() 
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
 2016-03-19 10:53:28 -04:00
Harmj0y d5db75c3d0 -Updated PowerView.ps1 code 
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()

-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
 2016-03-19 08:38:18 -04:00
Harmj0y 2382bd0dea Added privesc/getsystem 2016-03-11 19:31:27 -05:00
Harmj0y 355db39847 Added privesc/mcafee_sitelist 2016-02-18 00:08:08 -05:00
Kevin Robertson 8b385928dc Added Tater privesc module 
Empire module version of https://github.com/Kevin-Robertson/Tater.
 2016-02-15 18:40:09 -05:00
Harmj0y e696bb7078 spelling mistakes 2015-12-30 16:18:59 -05:00
Harmj0y 0d30181baf Added situational_awareness/network/powerview/find_managed_security_groups module 
implementing @stufus' recent changes
 2015-12-29 15:58:39 -05:00
HarmJ0y da439c441b Merge pull request #118 from jamcut/trusted-document-store 
Add module to enumerate trusted documents and locations for MS Office.
 2015-12-27 13:03:54 -08:00