infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
914 Commits
11 Branches
13 Tags
21 MiB
Commit Graph

184 Commits (eccdbfb7cdc249641956d9e91903c39ae04bd71c)

Author SHA1 Message Date
ThePirateWhoSmellsOfSunflowers a23c636531 Fix PKCS7 padding to be RFC compliant, should resolv #458 2017-04-20 20:21:57 +02:00
rvrsh3ll c6bd9b11c0 ipv6 support added 
Merge branch '2.0_beta' of https://github.com/empireproject/Empire into 2.0_beta
 2017-04-08 07:37:59 -04:00
rvrsh3ll eb7f1d6483 IPv6 Modifications 2017-04-07 21:50:53 -04:00
Chris 9d5652284c Added global options tab completion 2017-04-06 06:45:23 -07:00
stderr 01f530700e Fixed bug in HTTP handler that can throw exceptions while parsing Cookies. 2017-04-05 15:30:01 -04:00
cobbr ab1b3e5f3f Implement Obfuscation 2017-03-11 17:35:17 -06:00
Chris Ross 35fd51d166 Added 1MB upload limit 2017-02-17 09:25:05 -08:00
Chris Ross 25a91dec5b Added logic for saving module ouput for py and powershell agents. Fixed issue 435 2017-01-21 10:37:52 -08:00
Chris Ross 812f721b84 Added Empire Custom Import hook to allow for in memory python module imports 2017-01-16 08:31:34 -08:00
Chris bfd9ee1413 Changed native_screenshot to be opsec safe. Added safe aliases for screenshot, ls, whoami 2017-01-07 22:15:20 -05:00
Chris e5bf468158 Fix for issue #382. Fixed downloads in python agent. updated install script to include zlib_wrapper module. 2017-01-04 22:39:37 -05:00
mr64bit db5af9caf9 Fix agent shell commands, broken in commit 3148493 2016-12-20 08:45:10 -05:00
Chris 3148493e15 Fixed issue 421 in reflectivepeinjection module 2016-12-11 21:43:19 -05:00
xorrior a3e0aeddf6 Corrected jar stager generation 2016-11-13 18:16:11 -05:00
xorrior 42ec063d8a Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-11-13 15:24:47 -05:00
xorrior 25c2566a14 Added obfuscation to macho stager 2016-11-13 15:24:10 -05:00
rvrsh3ll 0a0184ae6b Modified smbscanner to require username and password 2016-10-24 10:01:14 -04:00
HarmJ0y 3ddfe7786f Second fix for Host specification in listeners. 2016-10-06 17:01:43 -04:00
HarmJ0y 9f813549f7 Added autoruns back in. 2016-10-06 14:59:11 -04:00
HarmJ0y af8ffcda76 Fixed function renaming typo. 2016-10-06 14:32:33 -04:00
xorrior 7bcf125412 Merge branch '2.0_beta' of https://github.com/adaptivethreat/Empire into 2.0_beta 2016-10-05 12:41:01 -04:00
xorrior e93ef08055 Updated Dylib templates. Removed hijacker generation from dylib stager menu. Added additional error checking to the HijackScanner module 2016-10-05 12:40:29 -04:00
rvrsh3ll e7a914c4b4 Listener Code Cleanup 2016-10-05 11:00:01 -04:00
root b94a81a4e2 Listener fix for issue 324 2016-10-05 10:06:04 -04:00
@424f424f d6a0951848 Fix listeners for issue #324 2016-10-01 01:53:05 -04:00
HarmJ0y 844b8cdabf If https is indicated for a host in listeners/http but a certificate isn't specified, 
one will now be generated by Flask on the fly
 2016-09-29 14:32:54 -04:00
xorrior 460876d8f0 Migrated EmPyre stagers from dev branch in EmPyre repo 2016-09-29 11:41:09 -04:00
HarmJ0y 26cd0089dd 2.0.0 beta, DerbyCon release 2016-09-23 14:04:35 -04:00
HarmJ0y 2ba4e7c3c6 prep for 1.6.0 release 2016-09-17 17:16:03 -04:00
enigma0x3 f030cf6232 Patched RCE dubbed "skywalker 2.0" thanks to @zeroSteiner. 2016-09-16 09:15:13 -04:00
Harmj0y bec33f73ac moved collection/keethief to collection/vaults/keethief 
added collection/vaults/find_keepass_config to enumerate KeePass configs on a system
added collection/vaults/add_keepass_config_trigger to add a trigger backdoor to all reachable KeePass instances
added collection/vaults/get_keepass_config_trigger to enumerate all triggers for all reachable KeePass instances
added collection/vaults/remove_keepass_config_trigger to remove all triggers for all reachable KeePass instances
misc. bug fixes
 2016-07-20 23:44:30 -04:00
Harmj0y 7790b250a2 misc. bug fixes and standardization updates 2016-07-20 23:39:25 -04:00
Harmj0y fe43560bad Fix for issue #285 - credential export supporting commas 
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
 2016-07-20 21:28:27 -04:00
Harmj0y 7167f22500 added system name to screenshot output for issue #273 
start of code pep8/pylint standardization - various cleaning
 2016-07-20 19:06:42 -04:00
Harmj0y ece3a3b540 fix for issue #248 2016-07-16 21:54:18 -04:00
Harmj0y 7d697cb4b7 Expanded 'creds X' query to search domain and password as well, wildcards (*) accepted 2016-07-16 21:27:35 -04:00
Harmj0y 21893bacde Fix for issue #257 - sysinfo now tasked after steal_token/revtoself 2016-07-15 19:14:43 -04:00
Harmj0y c38256ab5c Semi-global interact command for issue #258 2016-07-15 18:56:38 -04:00
Harmj0y 75f3e2c410 Merge branch 'dev' of https://github.com/PowerShellEmpire/Empire into dev 2016-07-15 18:06:49 -04:00
Harmj0y 7c5a07581d Fix for issue #221 2016-07-15 18:06:20 -04:00
enigma0x3 8666d5f5f8 included fix by @i223t for 417 Expectation failed error when going through older Squid proxies 2016-06-24 22:51:46 -04:00
Harmj0y 0fb6599c77 More verbose output for Invoke-ServiceCMD in PowerUp to address issue #219 2016-05-27 14:37:15 -04:00
Harmj0y b977dec1ae Updated PowerView 
Added credentials/get_spn_tickets to request user SPN tickets
Added credentials/mimikatz/extract_tickets to extract kerberos tickets from memory
Updated PowerView location citations
 2016-04-24 11:26:39 -04:00
Harmj0y f699ec510d Fix for issue #178 2016-04-24 10:29:11 -04:00
Matt Nelson dce67beaeb Added tab-completion for list command 2016-04-15 14:42:12 -04:00
HarmJ0y db7c1c95b3 Merge pull request #177 from n0clues/master 
Binding Empire's native listeners to IP specified in Host option…
 2016-04-06 22:21:25 -07:00
n0clues f376dc243c Binding Empire's native listeners to IP specified in Host option instead to 0.0.0.0 - issue#175 2016-04-06 14:24:02 +02:00
Harmj0y b56e5d29ec listener starting now returns more verbose errors on failure in console and API 
merge of @mynameisiv's .jpg screenshot PR
fix for path errors in some cases for ./setup/setup_database.py
 2016-04-01 17:06:21 -04:00
mynameisv 917cb2b246 screeshot in jpeg and shortcut 2016-03-31 23:27:15 +02:00
Harmj0y ac5b002301 Updated changelog and version number for 1.5.0 release. 2016-03-31 16:06:02 -04:00
Harmj0y c6662d8a3a Added loading of external module directories with the 'load /DIR/' command in the main menu. 
Solves issue #81.
 2016-03-30 23:03:02 -04:00
Harmj0y b3e8ebabe5 Expanded server/agent epoch check from +/- 10 minutes to +/- 12 hours 2016-03-26 00:00:40 -04:00
Harmj0y c2ba61ca8d added -sta to stager launching 2016-03-25 19:45:09 -04:00
Harmj0y b43da089ef Added POST /api/modules/<path:module_name> to task a module with specified options 
Fix multi-stager generation bug
More exception handling in empire.py
 2016-03-24 16:03:31 -04:00
Harmj0y 31eb9d387a Changed API path from /empire/api/ to /api/ 
Fixed agent renaming bug
 2016-03-23 14:30:54 -04:00
Harmj0y d67bbcce15 more small bug fixes 2016-03-22 14:37:10 -04:00
Harmj0y 2a13328c5b nav menu bug fix and standardization 2016-03-22 14:32:47 -04:00
Harmj0y ce307aa6db fix for issue #155 2016-03-22 01:51:23 -04:00
Harmj0y 502dc5c679 Added SSL and basic token auth to the RESTful API 
Added random RESTful API token generation on server startup
 2016-03-22 01:41:48 -04:00
Harmj0y 9f1deb1d9e Added /empire/api/agents/<string:agent_name>/results to return agent tasking results and remove results from backend db 2016-03-21 22:56:02 -04:00
Harmj0y eaaea57253 Added /empire/api/listeners/kill to kill a listener specified by POST data 
Added /empire/api/listeners/options to enumerate currently set listener options
Added start to docstrings in functions -> still need to describe complete request/response JSON formats
removed /empire/api/agents/ID/X
/empire/api/agents/name/Y -> /empire/api/agents/Y
removed /empire/api/listeners/id/X
/empire/api/listeners/name/Y -> /empire/api/listeners/Y
"X listeners currently active" now pulls from the backend DB
 2016-03-21 21:50:19 -04:00
Harmj0y 334f1f4b5c Added POST to /empire/api/stagers in API to generate stagers 
moved empire instantiation into the restful api start
 2016-03-21 21:03:32 -04:00
Harmj0y c15f445892 Revamp of some of the backend to allow for a proper RESTful API 
Cleaned up some SQL calls
Moved tasking/results into database fields for agents, instead of being kept in memory on the client
Added --headless option to ./empire
 2016-03-21 20:20:03 -04:00
Harmj0y e6e5222647 Added lateral_movement/new_gpo_immediate_task 2016-03-19 11:51:09 -04:00
Harmj0y 97335b83d6 -Added the ability to specify multiple function names to helpers.generate_dynamic_powershell_script() 
-Added Unconstained option to get_computer
-Added AdminCount option to get_user
-Added situational_awareness/network/powerview/get_gpo_computer to get computers a GPO is applied to
 2016-03-19 10:53:28 -04:00
Harmj0y d5db75c3d0 -Updated PowerView.ps1 code 
-Re-tested all powerview modules
-Updated some module options
-Fixed bug in helpers.generate_dynamic_powershell_script()

-Added situational_awareness/network/powerview/get_domain_policy
-Added situational_awareness/network/powerview/get_dfs_share
-Added situational_awareness/network/powerview/get_fileserver
-Added situational_awareness/network/powerview/get_rdp_session
-Added situational_awareness/network/powerview/get_site
-Added situational_awareness/network/powerview/get_subnet
-Added situational_awareness/host/get_proxy
-Added situational_awareness/host/get_pathacl
-Added management/get_domain_sid
 2016-03-19 08:38:18 -04:00
Harmj0y da52a6268b Attempted fix for issue #136 2016-03-03 19:33:45 -05:00
Harmj0y 08ca63fe09 First pass at stager retries. 2016-03-03 19:13:44 -05:00
Harmj0y c32e3d15cd Additional debugging on sysinfo checkin. 2016-02-17 21:58:09 -05:00
Harmj0y 3b0003f0ce '--debug 2' now prints all debug signal output to the script as well as ./empire.debug 2016-02-17 20:06:33 -05:00
Harmj0y b0d90be6fe Updated changelog and version number. Added '--version' cli option. 2016-02-16 02:27:37 -05:00
Harmj0y 473be51acd Changed '--listeners' option to '--listener' 2016-02-16 02:02:18 -05:00
Harmj0y 75ea648c49 Small bug fixes. 2016-02-16 01:53:16 -05:00
Harmj0y 734831b5fb Added a start to cli option parsing for displaying listeners/stagers and generating stagers. 2016-02-16 01:52:32 -05:00
Harmj0y 4bab4f9484 'seachmodule' with no term now lists all modules and descriptions 2016-02-16 00:35:32 -05:00
Harmj0y 3cf322e76a Fix for issue #125 2016-01-14 15:57:26 -05:00
Harmj0y c0d427cdc8 Corrected several bugs in how the workingHours window is handled in the agent 
Added validation to the workinghours time format
 2016-01-11 01:24:46 -05:00
Harmj0y 8281a9e7ba Empire 1.4 release. 
Encompases all changes since tagged 1.3.1 release.
Added 'Contribution Rules' to the README.md
 2015-12-29 19:29:05 -05:00
Harmj0y 82fed97485 Fixed various issues for agent profile setting/handling 
'DefaultProfile' option in listener menu is now tab-completable and can take a path to a profile.txt
 2015-12-29 15:57:01 -05:00
Harmj0y 687954b6ef -Sync of Kevin Robertson's lateral_movement/inveigh_relay module 
-Sync stufus' exfiltration/egresscheck module
-Added module menu dynamic sizing for prettified output
 2015-12-22 15:05:22 -05:00
Harmj0y c95d8786aa hop.php redirector fix 
removed requirement for credentials from lateral_movement/invoke_psremoting
 2015-12-21 00:33:03 -05:00
Harmj0y c12eac3200 Added trollsploit/rick_ascii 2015-12-16 20:36:07 -05:00
Harmj0y 93c1d46236 Updated powerview.ps1 
Added situational_awareness/network/powerview/get_cached_rdpconnection
Added situational_awareness/network/powerview/set_ad_object
Added management/downgrade_account
 2015-12-11 17:56:25 -05:00
Harmj0y d03cecbc37 Bug fix for installations transitioning to autorun code with old database. 2015-12-01 12:15:01 -05:00
Harmj0y cb67368e2e Updated version and changelog 2015-11-30 23:23:03 -05:00
Harmj0y 66b7aa17f1 Added several modules in management/mailraider/* to integrate @xorrior's MailRaider.ps1 2015-11-29 11:58:16 -05:00
Harmj0y 743fe02b44 Removed non-ascii character from Get-FoxDump.ps1 
Added ascii check before module tasking
 2015-11-28 20:24:45 -05:00
HarmJ0y ddb47c3cdb Merge pull request #98 from PowerShellEmpire/script_autorun 
Script autorun
 2015-11-24 17:07:14 -05:00
Harmj0y 3817385bb2 Fixed agent result caching bug (again) 
Fixed multiple agent-interaction bug that causes results to be displayed simultaneously
 2015-11-24 00:41:16 -05:00
Harmj0y e59844be72 Added ability to set a script to run on each agent checkin with "set Agent autorun" in module menu. 
"(Empire: agents) > clear autorun" will clear out any current autoruns
WARNING: this requires a DB schema mod to work correctly, meaning you will lose current
agent connection information if run!
 2015-11-22 17:25:28 -05:00
Harmj0y 8637a49338 Fixed nested menu bug that caused buildup of "Agent X not active." 
Main display menu now shows each time "main" menu is entered.
 2015-11-21 20:03:40 -05:00
Harmj0y 2c14853b29 Fix for exploitation/exploit_jboss 2015-11-21 18:07:57 -05:00
Harmj0y 7252718537 derp 2015-11-08 19:00:03 -05:00
Harmj0y 7db7ec6bbc All PowerUp modules now dynamically built from a single source file 
PowerUp bug fixes
Added privesc/powerup/service_exe_restore, pulled logic from other modules
Added management/spawnas to spawn agents with explicit credentials
Debug functionality (--debug) now outputs the source of the last tasked script to ./LastTask.ps1
Write-Verbose and Write-Debug lines now stripped from tasked scripts
 2015-11-08 18:51:57 -05:00
Harmj0y 55709598d5 Bug fix in some packet responses. 2015-11-02 14:52:46 -05:00
Harmj0y 1bedcee211 Updated version number and changelog for 1.3.1 2015-10-30 12:08:57 -04:00
Harmj0y 0cbdb165a2 -Updated powerview.ps1 source to Version 2.0 
-Built a way to dynamically generate the stripped PowerView code for functions needed by PowerView modules (helpers -> generate_dynamic_powershell_script), and updated all relevant PowerView modules
-Renamed PowerView modules to better match PowerView 2.0 naming scheme and moved to situational_awareness/network/powerview/*
-Removed old split-out PowerView source files
-Removed situational_awareness/network/netview
-Combined stealth_userhunter into option for userhunter
-Added situational_awareness/network/get_forest_domain, situational_awareness/network/powerview/get_object_acl, situational_awareness/network/powerview/find_computer_field, situational_awareness/network/powerview/find_user_field, situational_awareness/network/powerview/get_ou, situational_awareness/network/powerview/get_group, situational_awareness/network/powerview/get_group_member, situational_awareness/network/powerview/get_gpo, situational_awareness/network/powerview/find_gpo_location, situational_awareness/network/powerview/find_gpo_computer_admin, situational_awareness/network/powerview/process_hunter, situational_awareness/network/powerview/find_foreign_group, situational_awareness/network/powerview/find_foreign_user
-renamed collection/filesearch to collection/find_interesting_file
 2015-10-23 21:40:06 -04:00
Harmj0y 6be3d4ce8b remove debug 2015-09-22 09:34:27 -04:00
Harmj0y 858f6b3a1c Additional download file path checks. 2015-09-22 09:33:21 -04:00
Harmj0y 9079a54119 Fix for 'skywalker' file overwrite exploit on control server. 
Thank you to @zeroSteiner for the disclosure!
 2015-09-21 22:32:46 -04:00