From fbdc574c355d50356631020a9b4ea9bb2d2d6250 Mon Sep 17 00:00:00 2001 From: Anthony Rose <20302208+Cx01N@users.noreply.github.com> Date: Wed, 22 Feb 2023 22:40:52 -0500 Subject: [PATCH 1/5] Fix moudle error in psransom (#561) * fix moudle error in psransom * updated changelog --- CHANGELOG.md | 1 + empire/server/modules/powershell/exfiltration/PSRansom.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a1e4b8f1..8fdca7914 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +- Fix module error in PSRansom (@Cx01N) ## [5.0.3] - 2023-02-20 diff --git a/empire/server/modules/powershell/exfiltration/PSRansom.py b/empire/server/modules/powershell/exfiltration/PSRansom.py index 480f85ab4..a13356d92 100644 --- a/empire/server/modules/powershell/exfiltration/PSRansom.py +++ b/empire/server/modules/powershell/exfiltration/PSRansom.py @@ -17,7 +17,7 @@ def generate( obfuscation_command: str = "", ): # read in the common module source code - script, err = main_menu.modules.get_module_source( + script, err = main_menu.modulesv2.get_module_source( module_name=module.script_path, obfuscate=obfuscate, obfuscate_command=obfuscation_command, @@ -47,7 +47,7 @@ def generate( args += ")\n" script = args + script - script = main_menu.modules.finalize_module( + script = main_menu.modulesv2.finalize_module( script=script, script_end="", obfuscate=obfuscate, From ce7407bf725895baea7ad7af04b3658b023ee8d8 Mon Sep 17 00:00:00 2001 From: Vincent Rose Date: Sat, 25 Feb 2023 21:40:28 +0000 Subject: [PATCH 2/5] use --break-system-packages to fix pip install poetry (#557) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use poetry installer instead of unrecommended pip install * add poetry to path * fix typo * dont use poetry installer yet * revert * 🙄 * changelog --- CHANGELOG.md | 1 + setup/install.sh | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fdca7914..ff729d50f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] - Fix module error in PSRansom (@Cx01N) +- Fix install of Poetry for Debian based systems (@Vinnybod) ## [5.0.3] - 2023-02-20 diff --git a/setup/install.sh b/setup/install.sh index 63939afcd..2aedd0f01 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -258,12 +258,20 @@ if [ "${python_version[0]}" -eq 3 ] && [ "${python_version[1]}" -lt 8 ]; then fi fi fi + # TODO: We should really use the official poetry installer, but since right now we + # recommend running this script as sudo, it installs poetry in a way that you can't + # run it without sudo su. We should probably update the script to not be run as sudo, + # and only use sudo when needed within the script itself. python3.8 -m pip install poetry else - python3 -m pip install poetry + if [ "${python_version[0]}" -eq 3 ] && [ "${python_version[1]}" -ge 11 ]; then + python3 -m pip install poetry --break-system-packages + else + python3 -m pip install poetry + fi fi -echo -e "\x1b[1;34m[*] Installing Poetry\x1b[0m" +echo -e "\x1b[1;34m[*] Installing Packages\x1b[0m" poetry config virtualenvs.in-project true poetry install From 2aa82b85db5ea90aaf0a97824c9a44dc18beabbd Mon Sep 17 00:00:00 2001 From: Vincent Rose Date: Sat, 25 Feb 2023 21:41:55 +0000 Subject: [PATCH 3/5] Create a new db user instead of overwriting the root user (#562) * Create a new db user instead of overwriting the root user * fix a couple other issues * use root password for github action mysql * attempt mysql root password twice --- .dockerignore | 2 +- .github/docker-compose.yml | 3 ++- .github/workflows/dockerimage.yml | 5 +++-- .github/workflows/lint-and-test.yml | 3 +++ CHANGELOG.md | 3 +++ empire/server/api/app.py | 5 ++++- empire/server/config.yaml | 4 ++-- empire/server/core/db/base.py | 3 ++- empire/test/test_server_config.yaml | 4 ++-- setup/install.sh | 21 +++++++++++++++++---- 10 files changed, 39 insertions(+), 14 deletions(-) diff --git a/.dockerignore b/.dockerignore index 7d84cd8d9..546c0cff5 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,5 @@ # Git -.git +**.git .gitignore # CI diff --git a/.github/docker-compose.yml b/.github/docker-compose.yml index 3053bdbca..92a542ea0 100644 --- a/.github/docker-compose.yml +++ b/.github/docker-compose.yml @@ -20,7 +20,8 @@ services: image: mysql:8.0 restart: always environment: - MYSQL_ROOT_PASSWORD: 'root' + MYSQL_USER: 'empire_user' + MYSQL_PASSWORD: 'empire_password' MYSQL_DATABASE: test_empire volumes: - db:/var/lib/mysql diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 174afd79e..f76ef8caa 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -16,10 +16,11 @@ jobs: with: submodules: 'recursive' - name: Publish Docker - uses: elgohr/Publish-Docker-Github-Action@2.9 + uses: elgohr/Publish-Docker-Github-Action@v5 with: name: bcsecurity/empire username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} dockerfile: Dockerfile - tag_names: true \ No newline at end of file + default_branch: main + tag_names: true diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml index e6592aa63..7b2307fd1 100644 --- a/.github/workflows/lint-and-test.yml +++ b/.github/workflows/lint-and-test.yml @@ -53,6 +53,9 @@ jobs: - name: Set up MySQL run: | sudo systemctl start mysql + mysql -u root -proot -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true + mysql -u root -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true + mysql -u root -proot -e "FLUSH PRIVILEGES;" || true - name: Install dependencies run: | poetry env use ${{ matrix.python-version }} diff --git a/CHANGELOG.md b/CHANGELOG.md index ff729d50f..a1db465ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] - Fix module error in PSRansom (@Cx01N) +- Update the install script to set up a new db user instead of overwriting the root user (@Vinnybod) +- Update the Starkiller syncer to skip updating if not in a git repo (@Vinnybod) +- Update the Docker CI action to publish latest on 'main' branch (@Vinnybod) - Fix install of Poetry for Debian based systems (@Vinnybod) ## [5.0.3] - 2023-02-20 diff --git a/empire/server/api/app.py b/empire/server/api/app.py index 650b4dde7..928cbcbb4 100644 --- a/empire/server/api/app.py +++ b/empire/server/api/app.py @@ -3,6 +3,7 @@ import os from datetime import datetime from json import JSONEncoder +from pathlib import Path import socketio import uvicorn @@ -47,7 +48,9 @@ def load_starkiller(v2App): starkiller_submodule_dir = "empire/server/api/v2/starkiller" starkiller_temp_dir = "empire/server/api/v2/starkiller-temp" - if empire_config.starkiller.auto_update: + if ( + Path(starkiller_submodule_dir) / ".git" + ).exists() and empire_config.starkiller.auto_update: sync_starkiller(empire_config.dict()) v2App.mount( diff --git a/empire/server/config.yaml b/empire/server/config.yaml index 1cad3c542..2c16fbb4d 100644 --- a/empire/server/config.yaml +++ b/empire/server/config.yaml @@ -3,8 +3,8 @@ database: use: mysql mysql: url: localhost:3306 - username: root - password: root + username: empire_user + password: empire_password database_name: empire sqlite: location: empire/server/data/empire.db diff --git a/empire/server/core/db/base.py b/empire/server/core/db/base.py index eb4a23ae4..c4f0f7fe8 100644 --- a/empire/server/core/db/base.py +++ b/empire/server/core/db/base.py @@ -34,7 +34,8 @@ def try_create_engine(engine_url: str, *args, **kwargs) -> Engine: try: with engine.connect(): pass - except OperationalError: + except OperationalError as e: + log.error(e, exc_info=True) log.error(f"Failed connecting to database using {engine_url}") log.error("Perhaps the MySQL service is not running.") log.error("Try executing: sudo systemctl start mysql") diff --git a/empire/test/test_server_config.yaml b/empire/test/test_server_config.yaml index 580cfa4a2..d6b5b8a9d 100644 --- a/empire/test/test_server_config.yaml +++ b/empire/test/test_server_config.yaml @@ -3,8 +3,8 @@ database: use: sqlite mysql: url: localhost:3306 - username: root - password: root + username: empire_user + password: empire_password database_name: test_empire sqlite: location: empire/test/test_empire.db diff --git a/setup/install.sh b/setup/install.sh index 2aedd0f01..8d3c58fc2 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -55,8 +55,6 @@ function install_mysql() { # https://imsavva.com/silent-installation-mysql-5-7-on-ubuntu/ # http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html echo mysql-apt-config mysql-apt-config/enable-repo select mysql-8.0 | sudo debconf-set-selections - echo mysql-community-server mysql-community-server/root-pass password "root" | sudo debconf-set-selections - echo mysql-community-server mysql-community-server/re-root-pass password "root" | sudo debconf-set-selections echo mysql-community-server mysql-server/default-auth-override select "Use Strong Password Encryption (RECOMMENDED)" | sudo debconf-set-selections if [ "$OS_NAME" == "DEBIAN" ]; then @@ -77,6 +75,21 @@ function install_mysql() { echo -e "\x1b[1;34m[*] Starting MySQL\x1b[0m" } +function start_mysql() { + sudo systemctl start mysql.service || true # will fail in a docker image + + # Add the default empire user to the mysql database + mysql -u root -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true + mysql -u root -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true + mysql -u root -e "FLUSH PRIVILEGES;" || true + + # Some OS have a root password set by default. We could probably + # be more smart about this, but we just try both. + mysql -u root -proot -e "CREATE USER IF NOT EXISTS 'empire_user'@'localhost' IDENTIFIED BY 'empire_password';" || true + mysql -u root -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'empire_user'@'localhost' WITH GRANT OPTION;" || true + mysql -u root -proot -e "FLUSH PRIVILEGES;" || true +} + function install_xar() { # xar-1.6.1 has an incompatibility with libssl 1.1.x that is patched here wget https://github.com/BC-SECURITY/xar/archive/xar-1.6.1-patch.tar.gz @@ -148,8 +161,8 @@ install_powershell if ! command_exists mysql; then install_mysql fi -sudo systemctl start mysql.service || true # will fail in a docker image -mysql -u root -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('root');" || true # Set root password to root if its blank + +start_mysql if [ "$ASSUME_YES" == "1" ] ;then answer="Y" From 005f58bfe26ddae094c7191838063b85a41a0f4e Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sat, 25 Feb 2023 21:43:33 +0000 Subject: [PATCH 4/5] Prepare release 5.0.4 private --- CHANGELOG.md | 7 ++++++- pyproject.toml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1db465ce..5fcf4ef30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + +## [5.0.4] - 2023-02-25 + - Fix module error in PSRansom (@Cx01N) - Update the install script to set up a new db user instead of overwriting the root user (@Vinnybod) - Update the Starkiller syncer to skip updating if not in a git repo (@Vinnybod) @@ -412,7 +415,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Updated shellcoderdi to newest version (@Cx01N) - Added a Nim launcher (@Hubbl3) -[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.3...HEAD +[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.4...HEAD + +[5.0.4]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.3...v5.0.4 [5.0.3]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.0.2...v5.0.3 diff --git a/pyproject.toml b/pyproject.toml index d05fedc89..6421d782d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "empire-bc-security-fork" -version = "5.0.3" +version = "5.0.4" description = "" authors = ["BC Security "] readme = "README.md" From 090bfc4751bde803f08a7dcd6814b1af267b164f Mon Sep 17 00:00:00 2001 From: Vince Rose Date: Sat, 25 Feb 2023 15:14:50 -0700 Subject: [PATCH 5/5] root password required for mysql image --- .github/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/docker-compose.yml b/.github/docker-compose.yml index 92a542ea0..a8ce5df4d 100644 --- a/.github/docker-compose.yml +++ b/.github/docker-compose.yml @@ -20,6 +20,7 @@ services: image: mysql:8.0 restart: always environment: + MYSQL_ROOT_PASSWORD: 'root' MYSQL_USER: 'empire_user' MYSQL_PASSWORD: 'empire_password' MYSQL_DATABASE: test_empire