Merge pull request #653 from BC-SECURITY/release/5.0.4

v5.0.4 into main

.dockerignore

@@ -1,5 +1,5 @@
 # Git
-.git
+**.git
 .gitignore
 
 # CI

.github/docker-compose.yml

@@ -21,6 +21,8 @@ services:
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: 'root'
+      MYSQL_USER: 'empire_user'
+      MYSQL_PASSWORD: 'empire_password'
       MYSQL_DATABASE: test_empire
     volumes:
      - db:/var/lib/mysql

.github/workflows/dockerimage.yml

@@ -16,10 +16,11 @@ jobs:
         with:
           submodules: 'recursive'
       - name: Publish Docker
-        uses: elgohr/Publish-Docker-Github-Action@2.9
+        uses: elgohr/Publish-Docker-Github-Action@v5
         with:
           name: bcsecurity/empire
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
           dockerfile: Dockerfile
-          tag_names: true
+          default_branch: main
+          tag_names: true

.github/workflows/lint-and-test.yml

@@ -53,6 +53,9 @@ jobs:
       - name: Set up MySQL
         run: |
           sudo systemctl start mysql
+          mysql -u root -proot -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true
+          mysql -u root -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true
+          mysql -u root -proot -e "FLUSH PRIVILEGES;" || true
       - name: Install dependencies
         run: |
           poetry env use ${{ matrix.python-version }}

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.0.4] - 2023-02-25
+
+-   Fix module error in PSRansom (@Cx01N)
+-   Update the install script to set up a new db user instead of overwriting the root user (@Vinnybod)
+-   Update the Starkiller syncer to skip updating if not in a git repo (@Vinnybod)
+-   Update the Docker CI action to publish latest on 'main' branch (@Vinnybod)
+-   Fix install of Poetry for Debian based systems (@Vinnybod)
+
 ## [5.0.3] - 2023-02-20
 
 -   Updated Starkiller to v2.0.5
@@ -408,7 +416,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.3...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.4...HEAD
+
+[5.0.4]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.3...v5.0.4
 
 [5.0.3]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.2...v5.0.3
 

empire/server/api/app.py

@@ -3,6 +3,7 @@
 import os
 from datetime import datetime
 from json import JSONEncoder
+from pathlib import Path
 
 import socketio
 import uvicorn
@@ -47,7 +48,9 @@ def load_starkiller(v2App):
     starkiller_submodule_dir = "empire/server/api/v2/starkiller"
     starkiller_temp_dir = "empire/server/api/v2/starkiller-temp"
 
-    if empire_config.starkiller.auto_update:
+    if (
+        Path(starkiller_submodule_dir) / ".git"
+    ).exists() and empire_config.starkiller.auto_update:
         sync_starkiller(empire_config.dict())
 
     v2App.mount(

empire/server/config.yaml

@@ -3,8 +3,8 @@ database:
   use: mysql
   mysql:
     url: localhost:3306
-    username: root
-    password: root
+    username: empire_user
+    password: empire_password
     database_name: empire
   sqlite:
     location: empire/server/data/empire.db

empire/server/core/db/base.py

@@ -34,7 +34,8 @@ def try_create_engine(engine_url: str, *args, **kwargs) -> Engine:
     try:
         with engine.connect():
             pass
-    except OperationalError:
+    except OperationalError as e:
+        log.error(e, exc_info=True)
         log.error(f"Failed connecting to database using {engine_url}")
         log.error("Perhaps the MySQL service is not running.")
         log.error("Try executing: sudo systemctl start mysql")

empire/server/modules/powershell/exfiltration/PSRansom.py

@@ -17,7 +17,7 @@ def generate(
         obfuscation_command: str = "",
     ):
         # read in the common module source code
-        script, err = main_menu.modules.get_module_source(
+        script, err = main_menu.modulesv2.get_module_source(
             module_name=module.script_path,
             obfuscate=obfuscate,
             obfuscate_command=obfuscation_command,
@@ -47,7 +47,7 @@ def generate(
 
         args += ")\n"
         script = args + script
-        script = main_menu.modules.finalize_module(
+        script = main_menu.modulesv2.finalize_module(
             script=script,
             script_end="",
             obfuscate=obfuscate,

empire/test/test_server_config.yaml

@@ -3,8 +3,8 @@ database:
   use: sqlite
   mysql:
     url: localhost:3306
-    username: root
-    password: root
+    username: empire_user
+    password: empire_password
     database_name: test_empire
   sqlite:
     location: empire/test/test_empire.db

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "empire-bc-security-fork"
-version = "5.0.3"
+version = "5.0.4"
 description = ""
 authors = ["BC Security <[email protected]>"]
 readme = "README.md"

setup/install.sh

@@ -55,8 +55,6 @@ function install_mysql() {
   # https://imsavva.com/silent-installation-mysql-5-7-on-ubuntu/
   # http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
   echo mysql-apt-config mysql-apt-config/enable-repo select mysql-8.0 | sudo debconf-set-selections
-  echo mysql-community-server mysql-community-server/root-pass password "root" | sudo debconf-set-selections
-  echo mysql-community-server mysql-community-server/re-root-pass password "root" | sudo debconf-set-selections
   echo mysql-community-server mysql-server/default-auth-override select "Use Strong Password Encryption (RECOMMENDED)" | sudo debconf-set-selections
 
   if [ "$OS_NAME" == "DEBIAN" ]; then
@@ -77,6 +75,21 @@ function install_mysql() {
   echo -e "\x1b[1;34m[*] Starting MySQL\x1b[0m"
 }
 
+function start_mysql() {
+  sudo systemctl start mysql.service || true # will fail in a docker image
+
+  # Add the default empire user to the mysql database
+  mysql -u root -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true
+  mysql -u root -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true
+  mysql -u root -e "FLUSH PRIVILEGES;" || true
+
+  # Some OS have a root password set by default. We could probably
+  # be more smart about this, but we just try both.
+  mysql -u root -proot -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true
+  mysql -u root -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true
+  mysql -u root -proot -e "FLUSH PRIVILEGES;" || true
+}
+
 function install_xar() {
   # xar-1.6.1 has an incompatibility with libssl 1.1.x that is patched here
   wget https://github.com/BC-SECURITY/xar/archive/xar-1.6.1-patch.tar.gz
@@ -148,8 +161,8 @@ install_powershell
 if ! command_exists mysql; then
   install_mysql
 fi
-sudo systemctl start mysql.service || true # will fail in a docker image
-mysql -u root -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('root');" || true # Set root password to root if its blank
+
+start_mysql
 
 if [ "$ASSUME_YES" == "1" ] ;then
   answer="Y"
@@ -258,12 +271,20 @@ if [ "${python_version[0]}" -eq 3 ] && [ "${python_version[1]}" -lt 8 ]; then
       fi
     fi
   fi
+  # TODO: We should really use the official poetry installer, but since right now we
+  #  recommend running this script as sudo, it installs poetry in a way that you can't
+  #  run it without sudo su. We should probably update the script to not be run as sudo,
+  #  and only use sudo when needed within the script itself.
   python3.8 -m pip install poetry
 else
-  python3 -m pip install poetry
+  if [ "${python_version[0]}" -eq 3 ] && [ "${python_version[1]}" -ge 11 ]; then
+    python3 -m pip install poetry --break-system-packages
+  else
+    python3 -m pip install poetry
+  fi
 fi
 
-echo -e "\x1b[1;34m[*] Installing Poetry\x1b[0m"
+echo -e "\x1b[1;34m[*] Installing Packages\x1b[0m"
 poetry config virtualenvs.in-project true
 poetry install