v5.10.3 into main

.github/workflows/cherry-pick-main.yml

@@ -66,7 +66,7 @@ jobs:
       - name: Push new branch
         run: git push origin cherry-pick-${{ env.COMMIT_HASH }}
       - name: Create pull request into private-main
-        uses: thomaseizinger/create-pull-request@1.3.1
+        uses: thomaseizinger/create-pull-request@1.4.0
         with:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           title: Cherry-pick ${{ github.event.inputs.commitHash }} to private-main

.github/workflows/lint-and-test.yml

@@ -139,7 +139,7 @@ jobs:
       # To save CI time, only run these tests when the install script or deps changed
       - name: Get changed files using defaults
         id: changed-files
-        uses: tj-actions/changed-files@v44.3.0
+        uses: tj-actions/changed-files@v44.4.0
       - name: Build images
         if: contains(steps.changed-files.outputs.modified_files, 'setup/install.sh') || contains(steps.changed-files.outputs.modified_files, 'poetry.lock')
         run: docker compose -f .github/install_tests/docker-compose-install-tests.yml build --parallel ${{ join(matrix.images, ' ') }}

.github/workflows/release-private-start.yml

@@ -63,7 +63,7 @@ jobs:
       - name: Push new branch
         run: git push origin ${{ env.RELEASE_BRANCH }}
       - name: Create pull request into ${{ env.TARGET_BRANCH }}
-        uses: thomaseizinger/create-pull-request@1.3.1
+        uses: thomaseizinger/create-pull-request@1.4.0
         with:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           head: ${{ env.RELEASE_BRANCH }}

.github/workflows/release-public-start.yml

@@ -56,7 +56,7 @@ jobs:
       - name: Push new branch
         run: git push public ${{ env.RELEASE_BRANCH }}
       - name: Create pull request into main
-        uses: thomaseizinger/create-pull-request@1.3.1
+        uses: thomaseizinger/create-pull-request@1.4.0
         with:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           head: ${{ env.RELEASE_BRANCH }}

.github/workflows/release-sponsor-kali-start.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Push new branch
         run: git push origin ${{ env.RELEASE_BRANCH }}
       - name: Create pull request into ${{ env.TARGET_BRANCH }}
-        uses: thomaseizinger/create-pull-request@1.3.1
+        uses: thomaseizinger/create-pull-request@1.4.0
         with:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           head: ${{ env.RELEASE_BRANCH }}

CHANGELOG.md

@@ -14,6 +14,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.10.3] - 2024-05-23
+
+### Changed
+
+-   Updated the default value for Sharpup to audit (@Cx01N)
+-   Updated the default value for Seatbelt to AntiVirus (@Cx01N)
+-   Updated the default value for SharpWMI to action=query (@Cx01N)
+-   Updated the default value for SharpSC to action=query service= (@Cx01N)
+-   Updated GetSystem to require admin (@Cx01N)
+-   Updated the default value for Moriarty to --debug (@Cx01N)
+
+### Fixed
+
+-   Fixed issue with generate_agent having a mismatched function name for stageless (@Cx01N)
+-   Fixed parsing issue for C# portscan with commas (@Cx01N)
+-   Fixed error for PrivExchange with missing System.XML.dll (@Cx01N)
+
+### Removed
+
+-   Removed BypassUACGrunt due to compatibility with only Covenant (@Cx01N)
+-   Removed BypassUACCommand due to compatibility with only Covenant (@Cx01N) 
+
 ## [5.10.2] - 2024-05-05
 -   Updated Starkiller to v2.8.1
 
@@ -841,7 +863,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.10.2...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.10.3...HEAD
+
+[5.10.3]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.10.2...v5.10.3
 
 [5.10.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.10.1...v5.10.2
 

empire/server/common/empire.py

@@ -38,7 +38,7 @@
 
 from . import agents, credentials, listeners, stagers
 
-VERSION = "5.10.2 BC Security Fork"
+VERSION = "5.10.3 BC Security Fork"
 
 log = logging.getLogger(__name__)
 

empire/server/listeners/http_malleable.py

@@ -441,7 +441,9 @@ def generate_launcher(
                     launcherBase,
                     obfuscation_command=obfuscation_command,
                 )
-                stager = self.mainMenu.obfuscationv2.obfuscate_keywords(stager)
+                launcherBase = self.mainMenu.obfuscationv2.obfuscate_keywords(
+                    launcherBase
+                )
 
             if encode and (
                 (not obfuscate) or ("launcher" not in obfuscation_command.lower())
@@ -770,9 +772,6 @@ def generate_agent(
             with open(self.mainMenu.installPath + "/data/agent/agent.ps1") as f:
                 code = f.read()
 
-            # Get the random function name generated at install and patch the stager with the proper function name
-            code = self.mainMenu.obfuscationv2.obfuscate_keywords(code)
-
             # strip out the comments and blank lines
             code = helpers.strip_powershell_comments(code)
 

empire/server/modules/csharp/GhostPack.Covenant.yaml

@@ -365,7 +365,7 @@
   TokenTask: false
   Options:
   - Name: Command
-    Value: ''
+    Value: 'audit'
     DefaultValue: ''
     Description: SharpUp command to execute.
     SuggestedValues:
@@ -610,7 +610,7 @@
   TokenTask: false
   Options:
   - Name: Command
-    Value: ''
+    Value: 'AntiVirus'
     DefaultValue: ''
     Description: Seatbelt command to execute.
     SuggestedValues:
@@ -854,7 +854,7 @@
   TokenTask: false
   Options:
   - Name: Command
-    Value: ''
+    Value: 'action=query'
     DefaultValue: ''
     Description: SharpWMI command to execute.
     SuggestedValues:

empire/server/modules/csharp/Moriarty.Covenant.yaml

@@ -48,7 +48,7 @@
   TokenTask: false
   Options:
   - Name: Command
-    Value: ''
+    Value: '--debug'
     DefaultValue: ''
     Description: Command to execute.
     SuggestedValues: []

empire/server/modules/csharp/SharpSC.Covenant.yaml

@@ -59,7 +59,7 @@
   TokenTask: false
   Options:
   - Name: Command
-    Value: ''
+    Value: 'action=query service='
     DefaultValue: ''
     Description: SharpSC command to execute.
     SuggestedValues:

empire/server/modules/csharp/SharpSploit.Enumeration.Covenant.yaml

@@ -1450,7 +1450,7 @@
             try
             {
                 List<int> portList = new List<int>();
-                foreach (string entry in Ports.Split(','))
+                foreach (string entry in Ports.Split(';'))
                 {
                     if (entry.Contains("-"))
                     {
@@ -1485,9 +1485,9 @@
     DisplayInCommand: true
     FileOption: false
   - Name: Ports
-    Value: 80,443-445,3389
+    Value: 80; 443-445; 3389
     DefaultValue: ''
-    Description: Ports to scan. Comma-delimited port list, use hyphens for port ranges
+    Description: Ports to scan. Semicolon delimited port list, use hyphens for port ranges
     SuggestedValues: []
     Optional: false
     DisplayInCommand: true

empire/server/modules/csharp/SharpSploit.PrivilegeEscalation.Covenant.yaml

@@ -106,6 +106,12 @@
     - Name: System.IdentityModel.dll
       Location: net35\System.IdentityModel.dll
       DotNetVersion: Net35
+    - Name: System.XML.dll
+      Location: net35\System.XML.dll
+      DotNetVersion: Net35
+    - Name: System.XML.dll
+      Location: net40\System.XML.dll
+      DotNetVersion: Net40
     EmbeddedResources: []
   ReferenceAssemblies: []
   EmbeddedResources: []