Commit Graph

74 Commits (14d12fba1e66665013ec6140346f8e66d43bc913)

Author SHA1 Message Date
byt3bl33d3r d9fb2a506a Fixes #168 and #167 2017-04-26 17:04:15 -06:00
caoimhinp 5bd238e9ae Fixed errors in on_request, options, and admin_login 2017-04-07 04:45:23 -05:00
byt3bl33d3r 57d5d7ca13 Y'all better be ready for this, initial 4.0 release
- Fixed an edge case in gpp_decrypt.py also renamed to gpp_password
- Added the gpp_autologin module
- Added a workaround for the current impacket smb server bug in
get_keystrokes
- fixed formatting in the SMB database navigator
- fixed an error where DC would have there dc attribute overwritten
- Other stuff that i don't remember
2017-04-06 22:34:30 -06:00
byt3bl33d3r 602b7e13f0 Re-added most of the SMB protocol functionality
- Added new module gpp_decrypt
- Cleaned up the SMB spider as much as possible
- --wmi now uses pywerview
- Re-added the http protocol
2017-04-05 09:07:00 -06:00
byt3bl33d3r cae5ffb6ce Various fixes 2017-04-03 09:25:05 -06:00
byt3bl33d3r 5dc7c4ae62 Fixed logic errors when adding users and groups to the database
- Added debug logging to core db functions
- Fixed logging output
- Updated modules to use the new API
2017-03-29 18:03:04 -06:00
byt3bl33d3r 751f209cd7 Initial 4.0 pre-release 2017-03-27 15:09:36 -06:00
byt3bl33d3r 8e6cc4e899 DB schema for the smb protocol is now final!
- added two more attributes to use in modules:opsec_safe and multiple_hosts

- renamed db function names

- Added the python_injector module and it's necessary files as a reminder
2016-12-20 00:23:40 -07:00
byt3bl33d3r 9fefd167b0 Initial commit for v4.0
Just fyi for anyone reading this, it's not even close to being
finished.

The amount of changes are pretty insane, this commit is to serve as a
refrence point for myself.

Highlights for v4.0:
- The whole codebase has been re-written from scratch
- Codebase has been cut around 2/4
- Protocols are now modular! In theory we could use CME for everything
- Module chaining has been removed for now, still trying to figure out a
more elegant solution
- Workspaces have implemented in cmedb
- The smb protocol's database schema has been changed to support storing users,
groups and computers with their respective memberships and relations.
- I'm in the process of re-writing most of the modules, will re-add them
once i've finished
2016-12-15 00:28:00 -07:00
byt3bl33d3r b1e8322704 changed var names in token_rider module 2016-09-26 13:47:36 -06:00
byt3bl33d3r 3d50982bfa fixed powerview module again 2016-09-22 22:30:01 -06:00
byt3bl33d3r b6e8690757 fixed powerview module 2016-09-22 22:27:31 -06:00
byt3bl33d3r 07872985d7 This commit addresses a number of issues including #130 and #126 2016-09-21 13:40:59 -06:00
byt3bl33d3r db056d1ab4 Initial implementation of module chaining
Oook, this commit is basicallu just so I can start tracking (and
testing) all of the changes made so far:

- All execution methods are now completely fileless, all output and/or batch
  files get outputted/hosted locally on a SMB server that gets spun up on runtime

- Module structure has been modified for module chaining

- Module chaining implementation is currently very hacky, I definitly
  have to figure out something more elegant but for now it
  works. Module chaining is performed via the -MC flag and has it's own
  mini syntax (will be adding it to the wiki)

- You can now specify credential ID ranges using the -id flag
- Added the eventvwr_bypass and rundll32_exec modules
- Renamed a lot of the modules for naming consistency

TODO:

- Launchers/Payloads need to be escaped before being generated when
  module chaining

- Add check for modules 'required_server' attribute
- Finish modifying the functions in the Connection object so they return
  the results
2016-09-12 00:52:50 -06:00
byt3bl33d3r 6f2596902c Implemented @mattifestation's AMSI bypass and multiple bugfixes
- @mattifestation's AMSI bypass now gets called before executing
  powershell commands or scripts

- Squashed some bugs related to account bruteforcing, enumerating users
  and creating/deleting the UseLogonCredential reg key
2016-08-06 10:28:16 -06:00
byt3bl33d3r 9af1ab56cf Added the mimikittenz module
- Removed the mem_scraper module since the new mimikittenz module should
  replace its functionalitu

- Fixed newline in enum_chrome output
- Version Bump
2016-08-01 02:23:17 -06:00
byt3bl33d3r 74f746592a Initial commit of the enum_chrome module (resolves half of #112)
The modyle uses Mimikatz's new DPAPI Chrome module to decrypt saved
chrome credentials

Additionally a new version of Invoke-Mimikatz.ps1 script has been added
that contains the latest Mimikatz binaries and a patch for it to work
when injected
(https://github.com/PowerShellMafia/PowerSploit/issues/147)
2016-06-29 00:53:41 -06:00
byt3bl33d3r d44d927372 Initial commit for the mem_scraper and powerview modules 2016-06-17 20:31:31 -06:00
byt3bl33d3r 6056ce83db Initial commit for the powerview and memscraper modules
The powerview module will replace all of the get_net* modules
Memscraper module stil has a bug which i'm working on
2016-06-17 01:34:38 -06:00
byt3bl33d3r 58edfe18f3 Code cleanup of the execute method in the Connection class in
connection.py

Additionally, since the smbexec execution method seems to be detected by
a number of AV HIPS'es, i've switched the default execution method order
to:
1. wmiexec
2. atexec
3. smbexec

Furthermore, the method argument in the execute function now accepts a
list of exec methods.
2016-06-14 18:58:19 -06:00
byt3bl33d3r 7b0b06af39 Fixed log creation in tokens.py module 2016-06-14 17:49:20 -06:00
byt3bl33d3r db223b583a Some code cleanup, bug fixes and re-added the config file
* For some reason the config file got lost in between version bumps, re-added it
* Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu
* Code cleanup in cmedb.py and bug fixes in crackmapexec.py
2016-06-08 21:44:45 -06:00
byt3bl33d3r 23d8a6517f Refactoring for packiging is now complete! 2016-06-04 01:13:38 -06:00
byt3bl33d3r 68a908562a Second round of refactoring for packaging 2016-06-03 23:42:26 -06:00