Merge pull request #27 from BC-SECURITY/dev

Empire 3.0 / Python 3
BC-SECURITY · Dec 23, 2019 · 8ef9ec2 · 8ef9ec2
2 parents 08711f8 + 8e86a3b
commit 8ef9ec2
Show file tree

Hide file tree

Showing 389 changed files with 9,108 additions and 5,371 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -31,7 +31,7 @@ develop-eggs/
 dist/
 downloads/
 eggs/
-lib/
+# lib/
 lib64/
 parts/
 sdist/

diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
@@ -0,0 +1,23 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: 
+      - master
+      - dev
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Publish Docker
+        uses: elgohr/Publish-Docker-Github-Action@2.9
+        with:
+          name: bcsecurity/empire
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          dockerfile: Dockerfile
+          tag_names: true 
diff --git a/.gitignore b/.gitignore
@@ -15,3 +15,5 @@ setup/xar*/
 setup/bomutils/
 .venv
 .DS_Store
+venv/
+
diff --git a/Dockerfile b/Dockerfile
@@ -1,33 +1,23 @@
 # NOTE: Only use this when you want to build image locally
-#       else use `docker pull empireproject/empire:{VERSION}`
-#       all image versions can be found at: https://hub.docker.com/r/empireproject/empire/
+#       else use `docker pull bcsecurity/empire:{VERSION}`
+#       all image versions can be found at: https://hub.docker.com/r/bcsecurity/empire/
 
 # -----BUILD COMMANDS----
-# 1) build command: `docker build -t empireproject/empire .`
-# 2) create volume storage: `docker create -v /opt/Empire --name data empireproject/empire`
-# 3) run out container: `docker run -ti --volumes-from data empireproject/empire /bin/bash`
+# 1) build command: `docker build -t bcsecurity/empire .`
+# 2) create volume storage: `docker create -v /empire --name data bcsecurity/empire`
+# 3) run out container: `docker run -ti --volumes-from data bcsecurity/empire /bin/bash`
 
 # -----RELEASE COMMANDS----
-# 1) `USERNAME=empireproject`
-# 2) `IMAGE=empire`
-# 3) `git pull`
-# 4) `export VERSION="$(curl -s https://raw.githubusercontent.com/EmpireProject/Empire/master/lib/common/empire.py | grep "VERSION =" | cut -d '"' -f2)"`
-# 5) `docker tag $USERNAME/$IMAGE:latest $USERNAME/$IMAGE:$VERSION`
-# 1) `docker push $USERNAME/$IMAGE:latest`
-# 2) `docker push $USERNAME/$IMAGE:$VERSION`
+# Handled by GitHub Actions
 
 # -----BUILD ENTRY-----
 
 # image base
-FROM ubuntu:16.04
-
-# pull from BUILD
-ARG empirversion
+FROM python:3.7.5-buster
 
 # extra metadata
-LABEL maintainer="EmpireProject"
+LABEL maintainer="bc-security"
 LABEL description="Dockerfile base for Empire server."
-LABEL version=${empirversion}
 
 # env setup
 ENV STAGING_KEY=RANDOM
@@ -36,25 +26,18 @@ ENV DEBIAN_FRONTEND=noninteractive
 # set the def shell for ENV
 SHELL ["/bin/bash", "-c"]
 
-# install basic build items
-RUN apt-get update && apt-get install -qy \
-    wget \
-    curl \
-    git \
-    sudo \
-    apt-utils \
-    lsb-core \
-    python2.7 \
-    python-dev \ 
-  && ln -sf /usr/bin/python2.7 /usr/bin/python \
-  && rm -rf /var/lib/apt/lists/*
-
-# build empire from source
-# TODO: When we merge to master set branch to master
-RUN git clone --depth=1 -b dev https://github.com/EmpireProject/Empire.git /opt/Empire && \
-    cd /opt/Empire/setup/ && \
+COPY . /empire
+
+RUN apt-get update && \
+      apt-get -y install sudo && \
+      apt-get -y install lsb-release
+
+RUN cd /empire/setup/ && \
     ./install.sh && \
-    rm -rf /opt/Empire/data/empire*
-RUN python2.7 /opt/Empire/setup/setup_database.py
-WORKDIR "/opt/Empire"
-CMD ["python2.7", "empire"]
+    rm -rf /empire/data/empire*
+
+RUN python /empire/setup/setup_database.py
+
+WORKDIR /empire
+
+CMD ["python", "empire"]
diff --git a/README.md b/README.md
@@ -24,10 +24,9 @@
 Keep up-to-date on our blog at [https://www.bc-security.org/blog][7]
 
 # Empire
-## The beta release of [Empire 3.0](https://github.com/BC-SECURITY/Empire/tree/dev) is available on the dev branch ##
 Empire 3.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at [BSidesLV in 2015](https://www.youtube.com/watch?v=Pq9t59w0mUI) and Python EmPyre premeiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at [DEF CON 27](https://github.com/BC-SECURITY/DEFCON27).
 
-Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we've interacted with [heavily here](http://www.powershellempire.com/?page_id=2) and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to improperly cite existing or prior work, please let us know.
+Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we've interacted with [heavily here](http://www.powershellempire.com/?page_id=2) and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at Empire@BC-Security.org.
 
 Empire is developed by [@harmj0y](https://twitter.com/harmj0y), [@sixdub](https://twitter.com/sixdub), [@enigma0x3](https://twitter.com/enigma0x3), [@rvrsh3ll](https://twitter.com/424f424f), [@killswitch_gui](https://twitter.com/killswitch_gui), [@xorrior](https://twitter.com/xorrior), and [@bcsecurity1](https://twitter.com/BCSecurity1). While the main fork for Empire is no longer maintained, this fork is maintained by [BC-Security](https://www.bc-security.org) and will continue to receive periodic updates.
 
@@ -50,32 +49,50 @@ sudo ./setup/install.sh
 
 There's also a [quickstart here](http://www.powershellempire.com/?page_id=110) and full [documentation here](http://www.powershellempire.com/?page_id=83).
 
+## Docker
+If you want to run Empire using a pre-built docker container:
+```bash
+docker pull bcsecurity/empire:{version}
+docker run -it bcsecurity/empire:{version}
+
+# with persistent storage
+docker pull bcsecurity/empire:{version}
+docker create -v /empire --name data bcsecurity/empire:{version}
+docker run -it --volumes-from data bcsecurity/empire:{version}
+
+# if you prefer to be dropped into bash instead of directly into empire
+# or docker run -it --volumes-from data bcsecurity/empire:{version} /bin/bash
+```
+
+All image versions can be found at: https://hub.docker.com/r/bcsecurity/empire/
+* The last commit from master will be deployed to the `latest` tag
+* The last commit from the dev branch will be deployed to the `dev` tag
+* All github tagged releases will be deployed using their version numbers (v3.0, v3.1, etc)
+
 ## Quickstart
 
 Check out the [Empire wiki](https://github.com/EmpireProject/Empire/wiki/Quickstart) for instructions on getting started with Empire.
 
 ## To Do List
 
-* Port code to work with Python 3
+* ~~Port code to work with Python 3~~
 * [Invoke-SocksProxy](https://github.com/p3nt4/Invoke-SocksProxy)
 * Function name randomization
-* JA3/S signature randomization
-* Multi-menu function calls
+* ~~JA3/S signature randomization~~
+* ~~Multi-menu function calls~~
 * Function name aliasing
-* Update to [Mimikatz 2.2.0](https://github.com/gentilkiwi/mimikatz)
+* ~~Update to [Mimikatz 2.2.0](https://github.com/gentilkiwi/mimikatz)~~
 
 ## Contribution Rules
 
 Contributions are more than welcome! The more people who contribute to the project the better Empire will be for everyone. Below are a few guidelines for submitting contributions.
 
 * Beginning with version 3.0, we will require that all updates be both Python 2.x/3.x compatible.
-* Submit pull requests to the [dev branch](https://github.com/powershellempire/Empire/tree/dev). After testing, changes will be merged to master.
+* Submit pull requests to the [dev branch](https://github.com/BC-SECURITY/Empire/tree/dev). After testing, changes will be merged to master.
 * Depending on what you're working on, base your module on [./lib/modules/powershell_template.py](lib/modules/powershell_template.py) or [./lib/modules/python_template.py](lib/modules/python_template.py). **Note** that for some modules you may need to massage the output to get it into a nicely displayable text format [with Out-String](https://github.com/PowerShellEmpire/Empire/blob/0cbdb165a29e4a65ad8dddf03f6f0e36c33a7350/lib/modules/situational_awareness/network/powerview/get_user.py#L111).
 * Cite previous work in the **'Comments'** module section.
 * If your script.ps1 logic is large, may be reused by multiple modules, or is updated often, consider implementing the logic in the appropriate **data/module_source/*** directory and [pulling the script contents into the module on tasking](https://github.com/PowerShellEmpire/Empire/blob/0cbdb165a29e4a65ad8dddf03f6f0e36c33a7350/lib/modules/situational_awareness/network/powerview/get_user.py#L85-L95).
 * Use [approved PowerShell verbs](https://technet.microsoft.com/en-us/library/ms714428(v=vs.85).aspx) for any functions.
 * PowerShell Version 2 compatibility is **STRONGLY** preferred.
 * TEST YOUR MODULE! Be sure to run it from an Empire agent and test both Python 2.x/3.x functionality before submitting a pull to ensure everything is working correctly.
 * For additional guidelines for your PowerShell code itself, check out the [PowerSploit style guide](https://github.com/PowerShellMafia/PowerSploit/blob/master/README.md).
-
-[![alt text][1.1]][1]
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-2.3.0
+3.0
diff --git a/changelog b/changelog
@@ -1,8 +1,44 @@
+11/26/2019
+------------
+- Version 3.0 Beta Release
+	- Added Python 2.6/7 and 3.x compatibility (@Cx01N, @Hubbl3, @Vinnybod)
+	- Improved Windows Defender Evasion 
+	- Updated mimikatz binary in Invoke-Mimikatz to version 2.2.0 20191125 (@Cx01N)
+	- Fixed port assignment feature to listeners (@Cx01N)
+	- Fixed issues with http_Hop listener (@Cx01N)
+	- Fixed issues with redirector listener (@Cx01N)
+	- Fixed typos in default http listener payloads (@Hubbl3)
+	- Fixed psinject AV recognition (@Hubbl3) 
+	- Updated Invoke-Obfuscation to version 1.8 (@phra)
+	- Updated Invoke-Kerberoast (@Zero1t0) 
+	- Added ability to uselisteners on main menu (@Cx01N, @Hubbl3)
+	- Added Get-Subnet_Ranges (@benichmt1)
+	- Added Get-WinUpdates (@classity)
+	- Added Get-KerberosServiceTIcket (@OneLogicalMyth)
+	- Added Invoke-RID_Hijack (@r4wd3r)
+	- Added Invoke-internal_monologue (@audibleblink)
+	- Added Get-LAPSPasswords (@audibleblink)
+	- Added Invoke-SMBLogin (@mvelazc0)
+	- Added Sherlock (@_RastaMouse, @audibleblink)
+	- Added Outlook Sandbox Evasion for Windows Macro launcher (@Cx01N, @Hubbl3)
+	- Added Randomized JA3S signature (@Hubbl3) 
+	- Added AMSI Bypass based on Tal Liberman's AMSI Bypass (@Hubbl3)
+	- Added Invoke-CredentialPhisher (@quickbreach)
+	- Made Security Bypasses configurable for launchers (@phra)
+	- Updated Readme to include install instruction, EOL of Core Devloper support, new contribution rules 
+	- Added OSX shellcode stager (@johneiser)
+	- Added Invoke-Phant0m (@leesoh)
+	- Added Get-AppLockerConfig (@matterpreter)
+	- Added HostRecon (@RootUp)
+	- Added more informative PS agent directory listing (@winnie22)
+
+Credit was given based on Commit Author if something is credited incorrectly or we missed an update 
+please contact us at info@bc-security.org 
 
 03/15/2018
 ------------
 - Version 2.5 Master Release
-	- Patched launcher generation bug 
+	- Patched launcher generation bug
 	- Added OSX Mic record module #893 (@s0lst1c3)
 	- More robust password handling in ssh_command and ssh_launcher modules (@retro-engineer)
 	- Updated server responses for http listener (@xorrior) 

diff --git a/data/agent/agent.ps1 b/data/agent/agent.ps1
@@ -471,7 +471,6 @@ function Invoke-Empire {
         #   uris(comma separated)|UserAgent|header1=val|header2=val2...
         #   headers are optional. format is "key:value"
         #   ex- cookies are "cookie:blah=123;meh=456"
-
         $ProfileParts = $Profile.split('|')
         $script:TaskURIs = $ProfileParts[0].split(',')
         $script:UserAgent = $ProfileParts[1]