Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v3.1.5 Master Release #171

Merged
merged 4 commits into from
Apr 14, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.1.4
3.1.5
7 changes: 7 additions & 0 deletions changelog
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
4/13/2020
------------
- Version 3.1.5 Master Release
- Fixed macro staging bug - #164 (@Hubbl3)
- Fixed TLS cipher suite issue with PowerShell 2 - #155 (@tyraniter)
- Updated API reporting for Starkiller integration - #168 (@Cx01N)

4/4/2020
------------
- Version 3.1.4 Master Release
Expand Down
32 changes: 29 additions & 3 deletions empire
Original file line number Diff line number Diff line change
Expand Up @@ -1178,12 +1178,38 @@ def start_restful_api(empireMenu, suppress=False, username=None, password=None,
"""
Returns JSON describing the reporting events from the backend database.
"""
reportingRaw = execute_db_query(conn, 'SELECT ID, name, event_type, message, time_stamp, taskID FROM reporting')
reportingRaw = execute_db_query(conn, '''
SELECT
reporting.time_stamp,
event_type,
u.username,
substr(reporting.name, pos+1) as agent_name,
a.hostname,
taskID,
t.data as "Task",
r.data as "Results"
FROM
(
SELECT
time_stamp,
event_type,
name,
instr(name, '/') as pos,
taskID
FROM reporting
WHERE name LIKE 'agent%'
AND reporting.event_type == 'task' OR reporting.event_type == 'checkin') reporting
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN users u on t.user_id = u.id
ORDER BY reporting.time_stamp DESC
''')
reportingEvents = []

for reportingEvent in reportingRaw:
[ID, name, event_type, message, time_stamp, taskID] = reportingEvent
reportingEvents.append({"ID":ID, "agentname":name, "event_type":event_type, "message":json.loads(message), "timestamp":time_stamp, "taskID":taskID})
[time_stamp, event_type, user_name, agent_name, host_name, taskID, task, results] = reportingEvent
reportingEvents.append({"timestamp":time_stamp, "event_type":event_type, "username":user_name, "agent_name":agent_name, "host_name":host_name, "taskID":taskID, "task":task, "results":results})

return jsonify({'reporting' : reportingEvents})

Expand Down
14 changes: 8 additions & 6 deletions lib/common/empire.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
from builtins import str
from builtins import range

VERSION = "3.1.4 BC-Security Fork"
VERSION = "3.1.5 BC-Security Fork"

from pydispatch import dispatcher

Expand Down Expand Up @@ -968,8 +968,9 @@ def do_report(self, line):
# Empire Log
cur.execute("""
SELECT
time_stamp,
reporting.time_stamp,
event_type,
u.username,
substr(reporting.name, pos+1) as agent_name,
a.hostname,
taskID,
Expand All @@ -986,9 +987,10 @@ def do_report(self, line):
FROM reporting
WHERE name LIKE 'agent%'
AND reporting.event_type == 'task' OR reporting.event_type == 'checkin') reporting
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN taskings t on (reporting.taskID = t.id) AND (agent_name = t.agent)
LEFT OUTER JOIN results r on (reporting.taskID = r.id) AND (agent_name = r.agent)
JOIN agents a on agent_name = a.session_id
LEFT OUTER JOIN users u on t.user_id = u.id
""")
rows = cur.fetchall()
print(helpers.color("[*] Writing data/master.log"))
Expand All @@ -1000,7 +1002,7 @@ def do_report(self, line):
for n in range(len(row)):
if isinstance(row[n], bytes):
row[n] = row[n].decode('UTF-8')
f.write('\n' + row[0] + ' - ' + row[3] + ' (' + row[2] + ')> ' + str(row[5]) + '\n' + str(row[6]) + '\n')
f.write('\n' + row[0] + ' - ' + row[3] + ' (' + row[2] + ')> ' + str(row[5]) + '\n' + str(row[6]) + '\n' + str(row[7]) + '\n')
f.close()
cur.close()
finally:
Expand Down
6 changes: 3 additions & 3 deletions lib/listeners/http.py
Original file line number Diff line number Diff line change
Expand Up @@ -1239,9 +1239,9 @@ def handle_post(request_uri):

context = ssl.SSLContext(proto)
context.load_cert_chain("%s/empire-chain.pem" % (certPath), "%s/empire-priv.key" % (certPath))
cipherlist = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA", "AES256-SHA256", "AES128-SHA256"]
selectciph = random.choice(cipherlist)
cipherlist_tls12 = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-SHA384", "AES256-SHA256", "AES128-SHA256"]
cipherlist_tls10 = ["ECDHE-RSA-AES256-SHA"]
selectciph = random.choice(cipherlist_tls12)+':'+random.choice(cipherlist_tls10)
context.set_ciphers(selectciph)
app.run(host=bindIP, port=int(port), threaded=True, ssl_context=context)
else:
Expand Down
2 changes: 2 additions & 0 deletions lib/stagers/windows/macro.py
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ def generate(self):
macro += "Public Function "+Method+"() As Variant\n"

if OutlookEvasionBool == True:
macro += "\tstrComputer = \".\"\n"
macro += "\tSet objWMIService = GetObject(\"winmgmts:\\\\\" & strComputer & \"\\root\cimv2\")\n"
macro += "\tSet ID = objWMIService.ExecQuery(\"Select IdentifyingNumber from Win32_ComputerSystemproduct\")\n"
macro += "\tFor Each objItem In ID\n"
macro += "\t\tIf StrComp(objItem.IdentifyingNumber, \"2UA20511KN\") = 0 Then End\n"
Expand Down