Codebase list powershell-empire / a506f2b
New upstream version 3.6.3 Sophie Brun 3 years ago
6 changed file(s) with 106 addition(s) and 63 deletion(s). Raw diff Collapse all Expand all
+1
-1
VERSION less more
0 3.6.2
0 3.6.3
+8
-0
changelog less more
0 12/18/2020
1 ------------
2 - Version 3.6.3 Master Release
3 - Added save path to download file message - #414 (@meldridge)
4 - Updated installation file formatting - #410 (@Pernat1y)
5 - Fixed python 3.9.1 issue with deprecated base64 function - #422 (@brimstone)
6 - Fixed dump creds and hash not being logged in credentials properly - #423 (@Cx01N)
7
08 11/27/2020
19 ------------
210 - Version 3.6.2 Master Release
+17
-1
lib/common/agents.py less more
315315 percent = round(int(os.path.getsize("%s/%s" % (save_path, filename)))/int(filesize)*100,2)
316316
317317 # notify everyone that the file was downloaded
318 message = "[+] Part of file {} from {} saved [{}%]".format(filename, sessionID, percent)
318 message = "[+] Part of file {} from {} saved [{}%] to {}".format(filename, sessionID, percent, save_path)
319319 signal = json.dumps({
320320 'print': True,
321321 'message': message
20582058 # dynamic script output -> non-blocking
20592059 self.update_agent_results_db(sessionID, data)
20602060
2061 # see if there are any credentials to parse
2062 time = helpers.get_datetime()
2063 creds = helpers.parse_credentials(data)
2064 if creds:
2065 for cred in creds:
2066
2067 hostname = cred[4]
2068
2069 if hostname == "":
2070 hostname = self.get_agent_hostname_db(sessionID)
2071
2072 osDetails = self.get_agent_os_db(sessionID)
2073
2074 self.mainMenu.credentials.add_credential(cred[0], cred[1], cred[2], cred[3], hostname,
2075 osDetails, cred[5], time)
2076
20612077 # update the agent log
20622078 self.save_agent_log(sessionID, data)
20632079
+1
-1
lib/common/empire.py less more
1717
1818 from flask_socketio import SocketIO
1919
20 VERSION = "3.6.2 BC Security Fork"
20 VERSION = "3.6.3 BC Security Fork"
2121
2222 from pydispatch import dispatcher
2323
+22
-25
lib/common/helpers.py less more
542542 for x in range(8, 13):
543543 if lines[x].startswith(b"Domain :"):
544544
545 domain, sid, krbtgtHash = "", "", ""
545 domain, sid, krbtgtHash = b"", b"", b""
546546
547547 try:
548 domainParts = lines[x].split(":")[1]
549 domain = domainParts.split("/")[0].strip()
550 sid = domainParts.split("/")[1].strip()
548 domainParts = lines[x].split(b":")[1]
549 domain = domainParts.split(b"/")[0].strip()
550 sid = domainParts.split(b"/")[1].strip()
551551
552552 # substitute the FQDN in if it matches
553 if hostDomain.startswith(domain.lower()):
553 if hostDomain.startswith(domain.decode("UTF-8").lower()):
554554 domain = hostDomain
555555 sid = domainSid
556556
557557 for x in range(0, len(lines)):
558 if lines[x].startswith("User : krbtgt"):
559 krbtgtHash = lines[x + 2].split(":")[1].strip()
558 if lines[x].startswith(b"User : krbtgt"):
559 krbtgtHash = lines[x + 2].split(b":")[1].strip()
560560 break
561561
562 if krbtgtHash != "":
563 creds.append(("hash", domain, "krbtgt", krbtgtHash, hostName, sid))
562 if krbtgtHash != b"":
563 creds.append(("hash", domain.decode('UTF-8'), "krbtgt", krbtgtHash.decode('UTF-8'), hostName.decode('UTF-8'), sid.decode('UTF-8')))
564564 except Exception as e:
565565 pass
566566
569569 if b'** SAM ACCOUNT **' in lines:
570570 domain, user, userHash, dcName, sid = "", "", "", "", ""
571571 for line in lines:
572 try:
573 if line.strip().endswith("will be the domain"):
574 domain = line.split("'")[1]
575 elif line.strip().endswith("will be the DC server"):
576 dcName = line.split("'")[1].split(".")[0]
577 elif line.strip().startswith("SAM Username"):
578 user = line.split(":")[1].strip()
579 elif line.strip().startswith("Object Security ID"):
580 parts = line.split(":")[1].strip().split("-")
581 sid = "-".join(parts[0:-1])
582 elif line.strip().startswith("Hash NTLM:"):
583 userHash = line.split(":")[1].strip()
584 except:
585 pass
572 if line.strip().endswith(b"will be the domain"):
573 domain = line.split(b"'")[1]
574 elif line.strip().endswith(b"will be the DC server"):
575 dcName = line.split(b"'")[1].split(b".")[0]
576 elif line.strip().startswith(b"SAM Username"):
577 user = line.split(b":")[1].strip()
578 elif line.strip().startswith(b"Object Security ID"):
579 parts = line.split(b":")[1].strip().split(b"-")
580 sid = b"-".join(parts[0:-1])
581 elif line.strip().startswith(b"Hash NTLM:"):
582 userHash = line.split(b":")[1].strip()
586583
587584 if domain != "" and userHash != "":
588 creds.append(("hash", domain, user, userHash, dcName, sid))
585 creds.append(("hash", domain.decode('UTF-8'), user.decode('UTF-8'), userHash.decode('UTF-8'), dcName.decode('UTF-8'), sid.decode('UTF-8')))
589586
590587 return uniquify_tuples(creds)
591588
850847 data += b'=' * missing_padding
851848
852849 try:
853 result = base64.decodestring(data)
850 result = base64.decodebytes(data)
854851 return result
855852 except binascii.Error:
856853 # if there's a decoding error, just return the data
+57
-35
setup/install.sh less more
00 #!/bin/bash
1
12 function install_powershell() {
2 # Deb 10.x
3 if cat /etc/debian_version | grep 10.* ; then
4 # Download the Microsoft repository GPG keys
5 wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb
3 # Debian 10.x
4 if grep "10.*" /etc/debian_version 2>/dev/null; then
5 # Download the Microsoft repository GPG keys
6 wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb
67
7 # Register the Microsoft repository GPG keys
8 sudo dpkg -i packages-microsoft-prod.deb
8 # Register the Microsoft repository GPG keys
9 sudo dpkg -i packages-microsoft-prod.deb
910
10 # Update the list of products
11 sudo apt-get update
11 # Update the list of products
12 sudo apt-get update
1213
13 # Install PowerShell
14 sudo apt-get install -y powershell
15 # Deb 9.x
16 elif cat /etc/debian_version | grep 9.* ; then
14 # Install PowerShell
15 sudo apt-get install -y powershell
16
17 # Debian 9.x
18 elif grep "9.*" /etc/debian_version 2>/dev/null; then
1719 # Install system components
1820 sudo apt-get install -y apt-transport-https curl
21
1922 # Import the public repository GPG keys
2023 curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
24
2125 # Register the Microsoft Product feed
2226 sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/microsoft.list'
27
2328 # Update the list of products
2429 sudo apt-get update
30
2531 # Install PowerShell
2632 sudo apt-get install -y powershell
27 # Deb 8.x
28 elif cat /etc/debian_version | grep 8.* ; then
33
34 # Debian 8.x
35 elif grep "8.*" /etc/debian_version 2>/dev/null; then
2936 # Install system components
3037 sudo apt-get install -y apt-transport-https curl gnupg
38
3139 # Import the public repository GPG keys
3240 curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
41
3342 # Register the Microsoft Product feed
3443 sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-jessie-prod jessie main" > /etc/apt/sources.list.d/microsoft.list'
44
3545 # Update the list of products
3646 sudo apt-get update
47
3748 # Install PowerShell
3849 sudo apt-get install -y powershell
39 #Ubuntu
40 elif lsb_release -d | grep -q "Ubuntu"; then
50
51 # Ubuntu
52 elif lsb_release -d 2>/dev/null | grep -q "Ubuntu"; then
4153 # Read Ubuntu version
4254 local ubuntu_version=$( grep 'DISTRIB_RELEASE=' /etc/lsb-release | grep -o -E [[:digit:]]+\\.[[:digit:]]+ )
55
4356 # Install system components
4457 sudo apt-get install -y apt-transport-https curl
58
4559 # Import the public repository GPG keys
4660 curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
61
4762 # Register the Microsoft Ubuntu repository
4863 curl https://packages.microsoft.com/config/ubuntu/$ubuntu_version/prod.list | sudo tee /etc/apt/sources.list.d/microsoft.list
64
4965 # Update the list of products
5066 sudo apt-get update
67
5168 # Install PowerShell
5269 sudo apt-get install -y powershell
53 #Kali Linux
54 elif lsb_release -d | grep -q "Kali"; then
70
71 # Kali Linux
72 elif lsb_release -d 2>/dev/null | grep -q "Kali"; then
5573 apt update && apt -y install powershell
74
75 else
76 echo 'Unsupported OS. Exiting.' && exit
5677 fi
57 if ls /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY; then
58 rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY
59 fi
78
79 # Disable telemetry
80 rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY 2>/dev/null
81
82 # Install Invoke-Obfuscation module
6083 mkdir -p /usr/local/share/powershell/Modules
6184 cp -r ../lib/powershell/Invoke-Obfuscation /usr/local/share/powershell/Modules
6285 }
80103 function install_bomutils() {
81104 git clone https://github.com/hogliux/bomutils.git
82105 (cd bomutils && make)
83 (cd bomutils && make install)
106 (cd bomutils && sudo make install)
84107 chmod 755 bomutils/build/bin/mkbom && sudo cp bomutils/build/bin/mkbom /usr/local/bin/.
85108 }
86109
100123 false
101124 }
102125
103 # Ask for the administrator password upfront so sudo is no longer required at Installation.
126 # Ask for the sudo password upfront so it is no longer required during installation.
104127 sudo -v
105128
106129 IFS='/' read -a array <<< pwd
112135
113136 Pip_file="requirements.txt"
114137
115 if lsb_release -d | grep -q "Kali"; then
138 if lsb_release -d 2>/dev/null | grep -q "Kali"; then
116139 apt-get update
117140 sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk zlib1g-dev libssl1.1 build-essential libssl-dev libxml2-dev zlib1g-dev
118 elif lsb_release -d | grep -q "Ubuntu"; then
141 elif lsb_release -d 2>/dev/null | grep -q "Ubuntu"; then
119142 if is_libssl_1_0; then
120143 LibSSL_pkgs="libssl1.0.0 libssl-dev"
121144 Pip_file="requirements_libssl1.0.txt"
123146 LibSSL_pkgs="libssl1.1 libssl-dev"
124147 fi
125148 sudo apt-get update
126 sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk $LibSSL_pkgs build-essential
149 sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk "$LibSSL_pkgs" build-essential
150 elif grep "Fedora release" /etc/redhat-release 2>/dev/null; then
151 sudo dnf update
152 sudo dnf install -y autoconf autogen make gcc-c++ libxml2-devel openssl-devel python3-pip python3-devel python3-m2crypto
127153 else
128154 echo "Unknown distro - Debian/Ubuntu Fallback"
129155 if is_libssl_1_0; then
133159 LibSSL_pkgs="libssl1.1 libssl-dev"
134160 fi
135161 sudo apt-get update
136 sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk libffi-dev $LibSSL_pkgs build-essential
162 sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk libffi-dev "$LibSSL_pkgs" build-essential
137163 fi
138164
139165 install_xar
142168
143169 install_powershell
144170
145 if ls /usr/bin/ | grep -q "python3"; then
146 if ! type pip3 > /dev/null; then
147 sudo apt-get --assume-yes install python3-pip
148 fi
149 sudo pip3 install -r $Pip_file
150 fi
171 # Install Python dependencies
172 sudo pip3 install -r "$Pip_file"
151173
152 # set up the database schema
174 # Set up the database schema
153175 python3 ./setup_database.py
154176
155 # generate a cert
177 # Generate a cert
156178 ./cert.sh
157179
158180 cd ..