Commit Graph

1581 Commits (f9f87b1cc425c1b4e93ecaa1506b064f9646e31d)

Author SHA1 Message Date
byt3bl33d3r 424c34c4f4 Added a -y in kali install script 2016-04-16 17:30:54 -06:00
byt3bl33d3r 42e4b05a3b Added missing dep in kali install script 2016-04-16 17:06:25 -06:00
byt3bl33d3r 7737f65fda Added path checking in Kalis install script 2016-04-16 15:52:34 -06:00
byt3bl33d3r b155649619 Initial commit for Kali install script 2016-04-16 15:50:21 -06:00
byt3bl33d3r 0bb288e7a0 fixed module names 2016-04-12 10:55:54 -06:00
byt3bl33d3r f890da0a60 Fixed wrong variable in get_computers module 2016-04-12 10:52:57 -06:00
byt3bl33d3r c2217f1c81 Added the get_computers module 2016-04-12 10:48:48 -06:00
byt3bl33d3r 69167140af Added the get_groups module 2016-04-12 10:15:59 -06:00
byt3bl33d3r f6c2c2f24d Added the get_group_members module 2016-04-12 01:07:25 -06:00
byt3bl33d3r e5e954068a Added options in token module to search for a specific username in
enumerated tokens
2016-04-12 00:09:08 -06:00
byt3bl33d3r 1d6cc4ac64 Fixed typo variable 2016-04-11 23:33:57 -06:00
byt3bl33d3r ec14e47258 Changed the add_credential SQL query, added tab complete support fro the
import command
2016-04-11 23:23:15 -06:00
byt3bl33d3r b85a4ecabd Database navigator now supports filtering seearching through hosts and creds (like Empire) 2016-04-11 23:06:42 -06:00
byt3bl33d3r cd9a77796f This commit introduces a command in cme_db.py which will import
credentials from Empire using it's RESTful API (resolves half of issue #89)

Reading through Metasploit's docs, it seems like you cannot access
it's stored credentials using the RPC server (would have to directly
access the postgres db, I do have to confirm this tho)
2016-04-10 17:10:33 -06:00
byt3bl33d3r 3ce031ffee Made the output of --lusers actually decent 2016-04-09 15:18:10 -06:00
byt3bl33d3r 4da8c07956 Cleaned up the Powershell code in the token_rider module:
* Added error handling in case a command fails to execute on a target
* POST request code is now a function
* Made the output POST'd back to us actually useful
2016-04-09 14:36:31 -06:00
byt3bl33d3r 94d1c040c8 Initial commit for the token_rider module! OMFG this thing is amazing
it deserves its own blog post!

Fixed a bug with the smbexec execution method which would cause it to
exit without retrieving output
2016-04-09 03:57:40 -06:00
byt3bl33d3r d3eb5cd8ff Added entry in .gitignore 2016-04-08 22:13:01 -06:00
byt3bl33d3r 84dfa1d839 Lots of unicode fixes (omfg halp) resolves issue #92 2016-04-08 20:38:49 -06:00
byt3bl33d3r 9052e48286 Removed decription of authentication error (will display if --verbose is
passed)

Fixed host tracking in the inject_pe_dll.py module
2016-04-08 19:58:01 -06:00
byt3bl33d3r eb4f185118 Database now tracks which users have admin access to which hosts
Added a configuration file for specifying Empire's and Metasploits API and RPC creds
Added the empire_agent_exec module: connects to Empire, generates a launcher and executes it

Minor bug fixes
2016-04-08 00:25:06 -06:00
byt3bl33d3r a1c41d97c9 Fixed incorrect error handling when database wasn't created
(part of issue #93)
2016-04-03 20:21:58 -06:00
byt3bl33d3r cd989879d4 Removed debug statement and fixed output in tokens.py module 2016-03-30 13:11:28 -06:00
byt3bl33d3r 7bfe04236a Added a tokens module to enumerate available tokens
Added a --server-host flag to specify the IP to bind the server to
2016-03-30 12:58:55 -06:00
byt3bl33d3r 9262832b86 Fixed missing imports when dumping NTDS via vss 2016-03-30 11:37:34 -06:00
byt3bl33d3r 7e6657eedb fixed timeout and error handling when smb spidering 2016-03-30 10:06:23 -06:00
byt3bl33d3r e6a293c9f3 Updated usage in README 2016-03-30 00:47:17 -06:00
byt3bl33d3r e5e38cb881 Re-added License to master 2016-03-30 00:45:16 -06:00
byt3bl33d3r 05387abf65 Changed the wdigest flag 2016-03-30 00:26:09 -06:00
byt3bl33d3r 811001edc4 Forgot to add the smbspider class back in connector.py, whoops! 2016-03-29 23:58:24 -06:00
byt3bl33d3r 0bc0855c43 Added default mimikatz command to module description 2016-03-28 00:42:42 -06:00
byt3bl33d3r f8afef444c Changed README again 2016-03-28 00:25:19 -06:00
byt3bl33d3r f5895ac4ea Changed README 2016-03-28 00:21:20 -06:00
byt3bl33d3r 6eabf0224c Updated README 2016-03-27 15:45:41 -06:00
byt3bl33d3r 10a12a9a0f Initial v3.0 commit to master
Quick re-cap on the new features:

* Credentials and hosts are now stored in a database, the cme_db.py script can be used to query it
* Module system has been implemented allowing anyone to create payloads
* All underlying powershell code has been ported to a module
* The HTTP/HTTPS server now tracks connections: no more guessing when to CTRL-C
* All around better code quality, error handling and logging
2016-03-27 15:17:18 -06:00
byt3bl33d3r 792a631fe2 Updated the usage in README 2016-03-12 19:20:40 -07:00
byt3bl33d3r 4c3ca3a0f6 Added the --tokens options to enumerate available tokens (issue #86)
Re-added Empire's function to strip powershell comments
Changed the PowerView PS script to the actual supported one
2016-03-12 18:24:08 -07:00
byt3bl33d3r 5814121e6d Actually pushing the new cert would be nice 2016-03-11 22:08:13 -07:00
byt3bl33d3r f4141c9041 Regererated SSL cert, fixed a typo variable 2016-03-11 22:02:25 -07:00
byt3bl33d3r 3ec981f3fa Re-added the --timeout option 2016-03-11 20:09:52 -07:00
byt3bl33d3r ade4c12ad4 Revert "Stole Empires powershell architecture detection code, arch is now detected and handled automatically"
This reverts commit cd103f5cb6.

This is being reverted due to a bug in wmiexec when executing long
command strings. Falling back to the old method for now until/if fixed.
2016-03-11 20:01:42 -07:00
byt3bl33d3r bdcebd0045 Changed the default server to HTTPS (cause why not) 2016-03-07 22:32:35 -07:00
byt3bl33d3r cd103f5cb6 Stole Empires powershell architecture detection code, arch is now detected and handled automatically
Removed the --ps-arch option as its now useless
Added a --timeout switch to specify a max timeout for each thread
Regenerated default key and cert for the https server
2016-03-07 20:13:51 -07:00
byt3bl33d3r 2427ccaa9b Updated README 2016-01-27 00:29:35 -07:00
byt3bl33d3r 7b255b3c9a - More code cleanup in the smart_login function, added pwdump support
when using the combo file (-C) flag (resolves #80)
2016-01-26 23:50:33 -07:00
byt3bl33d3r c50ffb0f65 - Re-Factored MSSQL support for better integration when executing
commands and attacks (e.g. mimikatz, injection)
- By default, the --mssql flag will enumerate db instances and will
  allow you to execute commands through xp_cmdshell
- Made some logic changes on how/when connections are initiated
2016-01-26 21:23:03 -07:00
byt3bl33d3r 3c5cf012fd - Password. Username and Hash flags now accept one file or
user/pass/has per
  argument
- smart_login function partial code cleanup
2016-01-19 01:56:42 -07:00
byt3bl33d3r b1646c3f76 - Made output *FABULOUS* by aligning the logger output
- Moar unicode fixes (srsly fuck unicode)
2016-01-18 20:40:50 -07:00
byt3bl33d3r 224befe25d Fixed bug that would cause a traceback in rpcquery.py when PTH 2016-01-17 22:43:57 -07:00
byt3bl33d3r 5c31910571 Fixed .join() error in smart_login.py when PTH 2016-01-17 22:42:53 -07:00