infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
897 Commits
11 Branches
13 Tags
21 MiB
Commit Graph

251 Commits (de03f902ec5129ae4ec3dfbc062e201c72584aae)

Author SHA1 Message Date
chris e6fc1bebd7 Fixed dll stager for use in other platforms 2017-04-22 20:23:55 -04:00
Chris Ross 3b722d013f Merge pull request #483 from Kevin-Robertson/2.0_beta 
Inveigh 1.3.1 Modules
 2017-04-20 21:42:41 -04:00
Chris Ross 042f24ab3b Merge pull request #478 from klustic/2.0_beta 
Added a module for SOCKSv5 proxying
 2017-04-20 21:17:48 -04:00
Kevin Robertson 534218cf31 Inveigh 1.3.1 Modules 
Sync with Inveigh 1.3.1.
 2017-04-09 16:37:51 -04:00
Chris Ross 287ecd3f0a Merge pull request #452 from n00py/2.0_beta 
VNC Inject
 2017-04-09 16:08:41 -04:00
Chris Ross 3cafd25f51 Merge pull request #437 from 0xbadjuju/2.0_beta 
PowerUpSQL Modules
 2017-04-09 14:59:11 -04:00
Chris Ross ca88adb804 Merge pull request #405 from st3r30byt3/patch-1 
Fixed Get-SPNTicket multiple user SPNs bug
 2017-04-09 14:43:53 -04:00
Chris Ross 9a6f8f970e Merge pull request #404 from mr64bit/http_hop 
Fix agent staging over http_hop listeners.
 2017-04-09 09:42:52 -04:00
Chris Ross 3baad71f09 Merge pull request #438 from erikbarzdukas/dev-monitortcp 
New module to monitor TCP connections
 2017-04-08 23:16:12 -04:00
rvrsh3ll eb7f1d6483 IPv6 Modifications 2017-04-07 21:50:53 -04:00
Kevin 05dae225b6 Added a new module for SOCKSv5 proxying 
When executed, this module connects back to a designated AlmondRocks server under SSL. The AlmondRocks server acts as a SOCKSv5 proxy, and multiplexes all SOCKS communications over the single SSL connection to/through the target, enabling any SOCKSv5 client (e.g. curl, proxychains) to extend past NAT devices into the target network.

This is based on the following work:

https://github.com/klustic/AlmondRocks
** Server Usage **
$ ./almondrocks.py server -d -t 4433 --cert cert.pem --key key.pem

** Empire Usage **
set HOST 192.168.20.10
set PORT 4433
set Agent ...
 2017-04-05 10:24:31 -06:00
cobbr 5308840474 Remove spelling typo 2017-03-11 20:08:52 -06:00
cobbr 07c1092b03 ObfuscatedEmpire 2017-03-11 20:00:17 -06:00
cobbr ab1b3e5f3f Implement Obfuscation 2017-03-11 17:35:17 -06:00
n00py 5a4dbf9871 Add files via upload 2017-02-09 15:06:39 -07:00
Chris Ross 078588fc93 Added logic to use custom HTTP headers defined in the profile 2017-02-07 19:17:10 -08:00
Alexander de9b05e5f9 Merge remote-tracking branch 'refs/remotes/adaptivethreat/2.0_beta' into 2.0_beta 2017-01-17 11:00:13 -06:00
Alexander e86d4a2f4a Moved file into correct storage location 2017-01-17 10:51:15 -06:00
Alexander ab0a94a13a Removed newlines added for Empire v1 2017-01-17 10:43:39 -06:00
root 72727f2ecd Merge branch '2.0_beta' of https://github.com/erikbarzdukas/Empire into dev-monitortcp 
Updated repo
 2017-01-16 18:50:02 -05:00
root 929cd2314b Renamed file and function to match 'start' verb 2017-01-16 18:22:25 -05:00
root 5c2a2c6300 Added powershell source 2017-01-16 18:21:52 -05:00
Alexander affd33d413 2.0 Initial Commit 2017-01-16 14:08:27 -06:00
Chris Ross 812f721b84 Added Empire Custom Import hook to allow for in memory python module imports 2017-01-16 08:31:34 -08:00
root 62e8ed2c04 Added ps1 and basic py 2017-01-06 17:03:26 -05:00
Chris 86e990a6de Fix macho generation issue 2017-01-05 23:24:09 -05:00
Chris e5bf468158 Fix for issue #382. Fixed downloads in python agent. updated install script to include zlib_wrapper module. 2017-01-04 22:39:37 -05:00
Chris 82ba835c79 Removed some shell command output 2017-01-03 17:29:49 -05:00
Chris 211f52e514 Added shell command completion output. Addressed issue/request #361 2016-12-29 00:05:39 -05:00
Chris 714c56e58b Add Invoke-ExecuteMSBuild lateral movement module 2016-12-14 17:04:02 -05:00
Chris 62fc4d2ab9 Added logic to handle additional tasking in a single packet 2016-12-13 21:26:06 -05:00
rvrsh3ll 7e8252f904 Updated version 2016-12-12 05:43:35 -05:00
rvrsh3ll 71fc39b28d Invoke-Mimikatz.ps1 update to version 2.1 20161126 2016-12-11 20:17:49 -05:00
Antonio Quina 729e40cfda Fixed Get-SPNTicket multiple user SPNs bug 
When Get-SPNTicket receives a user object, if that user has multiple SPNs then the call to KerberosRequestorSecurityToken is failing because it is being fed an ResultPropertyValueCollection rather than a single SPN string, For this reason, Invoke-Kerberoast was very often returning the same wrong hash for many SPNs.

The proposed change fixes this bad behaviour. ;)
 2016-11-30 10:39:19 +01:00
mr64bit 6c3f51aca9 Fix agent staging over http_hop listeners. 
Fixes issue #370.
 2016-11-28 11:54:57 -05:00
rvrsh3ll 9f7eabf587 Merge pull request #366 from nnh100/dev 
Add module to exfiltrate files and data to a GitHub repository
 2016-11-26 15:40:48 -05:00
nnh100 4cf468fa94 Remove offending lines 2016-11-26 11:06:29 +00:00
nnh100 24daedc59c Update for 2.0_beta branch 2016-11-14 22:24:24 +00:00
rvrsh3ll e1dc756894 Merge pull request #396 from conjecturalhex/2.0_beta 
USB ETW keylogger for 2.0_beta branch
 2016-11-14 13:08:42 -05:00
xorrior a3e0aeddf6 Corrected jar stager generation 2016-11-13 18:16:11 -05:00
xorrior 42ec063d8a Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-11-13 15:24:47 -05:00
@424f424f 5ec9fc405e Mimikatz Update 2016-11-13 17:15:36 -05:00
xorrior 25c2566a14 Added obfuscation to macho stager 2016-11-13 15:24:10 -05:00
conjecturalhex 8f671e9c4f USB ETW keylogger for 2.0_beta branch 2016-11-13 08:15:08 -08:00
HarmJ0y 6ee7e03660 Renamed credentials/get_spn_tickets to credentials/invoke_kerberoast, updated 
kerberoasting code to newest version.
 2016-10-31 19:40:33 -04:00
nnh100 9daf69f40f Put write-errors back 2016-10-28 12:08:57 +01:00
Russel Van Tuyl 7782e65d31 Quotation Type Bug 
Fixed a bug due to the type of quotations used. The code used in the generate_agent function of lib/listeners/http.py incorrectly matched the $Profile variable in data/agent/agent.ps1. This cause the generated agent not to be updated with the Empire listener's DefaultProfile values before being sent to the client. Changed the quotations in agent.ps1 to match the quotation in the generate_agent code = code.replace('$Profile..... code
 2016-10-15 23:14:27 -04:00
nnh100 d600aee612 Add Invoke-ExfilDataToGitHub 2016-10-12 20:02:21 +01:00
xorrior e93ef08055 Updated Dylib templates. Removed hijacker generation from dylib stager menu. Added additional error checking to the HijackScanner module 2016-10-05 12:40:29 -04:00
xorrior fef0ef2d5a updated directories in pkgbuild 2016-09-29 19:48:45 -04:00
xorrior e3f1c1eb47 Added java template 2016-09-29 11:57:58 -04:00
xorrior 460876d8f0 Migrated EmPyre stagers from dev branch in EmPyre repo 2016-09-29 11:41:09 -04:00
xorrior a0310db58e Migrated misc resources from EmPyre repo for new stagers 2016-09-28 22:29:47 -04:00
HarmJ0y 26cd0089dd 2.0.0 beta, DerbyCon release 2016-09-23 14:04:35 -04:00
enigma0x3 03ca7bdbcc Updated to include UAC level check 2016-09-10 15:43:18 -04:00
enigma0x3 313e9d027b Added checks for UAC levels and fixed a bug with the path to powershell.exe not being found 2016-09-10 15:30:45 -04:00
HarmJ0y 2b124f8a44 Merge pull request #312 from Zer1t0/arp 
ArpScanning with reflection
 2016-08-31 14:38:12 -07:00
Yeolsooyy 51987d8f08 Use reflection instead of c# code 2016-08-28 21:10:46 +02:00
enigma0x3 eefc493411 Added fileless UAC bypass using eventvwr.exe 2016-08-15 17:55:57 -04:00
Matt Nelson 2523f84f0f Fixed bug with fqdn 
Thanks to @curi0usJack for reporting this.
 2016-08-06 23:10:01 -07:00
Harmj0y bec33f73ac moved collection/keethief to collection/vaults/keethief 
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
 2016-07-20 23:44:30 -04:00
Harmj0y 7790b250a2 misc. bug fixes and standardization updates 2016-07-20 23:39:25 -04:00
Harmj0y 0163ebec06 Added missing Invoke-CredentialInjection.ps1 file 
Updated .gitignore
 2016-07-20 21:51:14 -04:00
Matt Nelson e83b545476 Merge pull request #277 from BeetleChunks/master 
Adding credentials module to extract the current interactive user's Credential Manager credentials.
 2016-07-16 22:06:04 -04:00
Harmj0y 39d174235a Added module collection/keethief 2016-07-16 19:58:08 -04:00
HarmJ0y 8028963b64 Merge pull request #274 from curi0usJack/dev 
Adding SMB auto-brute module
 2016-07-15 14:51:25 -07:00
BeetleChunks 7ad52105ee Add files via upload 2016-07-08 08:59:13 -05:00
@424f424f 05302321ac Add Browser Search Module 2016-07-07 22:46:41 -04:00
curi0usJack 2ebf5832c8 Added Invoke-SMBAutoBrute.ps1 2016-07-07 16:30:14 -05:00
Matt Nelson 039934b883 Merge pull request #235 from Kevin-Robertson/master 
Sync with Inveigh 1.1.1 and current Tater
 2016-06-24 22:15:37 -04:00
enigma0x3 9698b75398 Updated Invoke-Mimikatz dlls after updating Invoke-Mimikatz from PowerSploit 2016-06-24 20:59:30 -04:00
enigma0x3 1a266ce6a0 Updated Invoke-Mimikatz with version from 'master' in PowerSploit. Fixed processor arch detection bug 2016-06-24 20:27:00 -04:00
Matt Nelson 13405e78d6 Update PowerUp.ps1 
Changed "Balue" to "Value" thanks to @Und3rf10w.
 2016-06-14 07:36:08 -04:00
enigma0x3 9df8e9bf03 Fix for error when loading SQLite assembly 2016-06-09 09:35:28 -04:00
Harmj0y b6db99f66f Fix for situational_awareness/host/computerdetails object output. 2016-05-27 15:16:22 -04:00
Harmj0y 0fb6599c77 More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219 2016-05-27 14:37:15 -04:00
Harmj0y e0802fb6d1 Fix for issue #230 (PowerShell 2.0 compatibility for Get-SPN.ps1) 2016-05-27 14:18:08 -04:00
Harmj0y 7a47ea3583 Fix for issue #232 2016-05-27 14:02:34 -04:00
lloobeek 61bddbc9ab Edited MS16-032 exploit for Empire 2016-05-12 01:16:04 -05:00
Kevin Robertson 5158c160b4 Sync with Inveigh 1.1.1 and current Tater 2016-05-10 23:12:34 -04:00
Jared Haight b3224860df adding the invoke-metasploitpayload module 2016-04-29 11:52:58 -04:00
Harmj0y b977dec1ae Updated PowerView 
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
 2016-04-24 11:26:39 -04:00
HarmJ0y 96ac925773 Merge pull request #182 from xorrior/master 
Added MiniEye collection module; Minor change to ChromeDump
 2016-04-11 15:47:19 -07:00
xorrior 523e4458c1 Added MiniEye collection module; Minor change to ChromeDump 
MiniEye - Collect recordings from Webcam.
ChromeDump - Modified sqlite DB connection string for read-only access.
 2016-04-09 22:11:28 -04:00
Lux Cupitor 188157e3ec removed comment 2016-04-06 08:12:36 -04:00
Lux Cupitor 4f61ecda2b added modules for unauthenticated Jenkins Script console access 2016-04-06 08:06:24 -04:00
HarmJ0y ae324964c6 Merge pull request #169 from mynameisv/dev 
screeshot in jpeg and shortcut
 2016-04-01 13:52:04 -07:00
Harmj0y e43fb94634 correct conflict in changelog 2016-03-31 17:34:46 -04:00
mynameisv 917cb2b246 screeshot in jpeg and shortcut 2016-03-31 23:27:15 +02:00
enigma0x3 30ef8172a0 Updated to hide process window for mimikatz pth 2016-03-31 16:52:36 -04:00
enigma0x3 c4a8a249fe Updated mimikatz version 2016-03-31 16:24:41 -04:00
enigma0x3 e61d12b640 Updated mimikatz dlls 2016-03-31 15:35:28 -04:00
HarmJ0y dae17d1bc1 Merge pull request #165 from Kevin-Robertson/master 
Inveigh 1.1 and Tater Modules
 2016-03-31 11:13:53 -07:00
Kevin Robertson 32b36c9597 Comment/Notes changes and WPADResponse removal 
Updated additional comment/notes. I removed WPADResponse from inveigh
and inveigh_bruteforce since wpad.dat code contains commas. The python
code that is parsing the commas for the array parameters is getting in
that way. I can add WPADResponse back in later.
 2016-03-30 15:35:44 -04:00
Kevin Robertson 7a3a95f735 Sync features with updated versions of Inveigh and Tater 
Upgrading collection/inveigh, lateral_movement/inveigh_relay, and
privesc/tater. Adding collection/inveigh_bruteforce.
 2016-03-29 23:55:39 -04:00
Harmj0y b3e8ebabe5 Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours 2016-03-26 00:00:40 -04:00
Harmj0y ae9f046aba Added trollsploit/rick_astley to run @SadProcessor's audio rickroll 2016-03-21 23:11:12 -04:00
Harmj0y d5db75c3d0 -Updated PowerView.ps1 code 
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()

-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
 2016-03-19 08:38:18 -04:00
Harmj0y 45d219e1f5 bug fix for Invoke-PsExec and some x64 pointers 2016-03-11 20:33:46 -05:00
Harmj0y 2382bd0dea Added privesc/getsystem 2016-03-11 19:31:27 -05:00