diff --git a/VERSION b/VERSION index b72762837..4a788a01d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.6.2 +3.6.3 diff --git a/changelog b/changelog index 49771bad0..33734cdb2 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,11 @@ +12/18/2020 +------------ +- Version 3.6.3 Master Release + - Added save path to download file message - #414 (@meldridge) + - Updated installation file formatting - #410 (@Pernat1y) + - Fixed python 3.9.1 issue with deprecated base64 function - #422 (@brimstone) + - Fixed dump creds and hash not being logged in credentials properly - #423 (@Cx01N) + 11/27/2020 ------------ - Version 3.6.2 Master Release diff --git a/lib/common/agents.py b/lib/common/agents.py index 9dd24c0ad..380a91bb7 100644 --- a/lib/common/agents.py +++ b/lib/common/agents.py @@ -316,7 +316,7 @@ def save_file(self, sessionID, path, data, filesize, append=False): percent = round(int(os.path.getsize("%s/%s" % (save_path, filename)))/int(filesize)*100,2) # notify everyone that the file was downloaded - message = "[+] Part of file {} from {} saved [{}%]".format(filename, sessionID, percent) + message = "[+] Part of file {} from {} saved [{}%] to {}".format(filename, sessionID, percent, save_path) signal = json.dumps({ 'print': True, 'message': message @@ -2059,6 +2059,22 @@ def process_agent_packet(self, sessionID, responseName, taskID, data): # dynamic script output -> non-blocking self.update_agent_results_db(sessionID, data) + # see if there are any credentials to parse + time = helpers.get_datetime() + creds = helpers.parse_credentials(data) + if creds: + for cred in creds: + + hostname = cred[4] + + if hostname == "": + hostname = self.get_agent_hostname_db(sessionID) + + osDetails = self.get_agent_os_db(sessionID) + + self.mainMenu.credentials.add_credential(cred[0], cred[1], cred[2], cred[3], hostname, + osDetails, cred[5], time) + # update the agent log self.save_agent_log(sessionID, data) diff --git a/lib/common/empire.py b/lib/common/empire.py index 2c7cac983..9af85cc55 100755 --- a/lib/common/empire.py +++ b/lib/common/empire.py @@ -18,7 +18,7 @@ from flask_socketio import SocketIO -VERSION = "3.6.2 BC Security Fork" +VERSION = "3.6.3 BC Security Fork" from pydispatch import dispatcher diff --git a/lib/common/helpers.py b/lib/common/helpers.py index 7b5fd6db1..3a7ceb8d4 100644 --- a/lib/common/helpers.py +++ b/lib/common/helpers.py @@ -543,25 +543,25 @@ def parse_mimikatz(data): for x in range(8, 13): if lines[x].startswith(b"Domain :"): - domain, sid, krbtgtHash = "", "", "" + domain, sid, krbtgtHash = b"", b"", b"" try: - domainParts = lines[x].split(":")[1] - domain = domainParts.split("/")[0].strip() - sid = domainParts.split("/")[1].strip() + domainParts = lines[x].split(b":")[1] + domain = domainParts.split(b"/")[0].strip() + sid = domainParts.split(b"/")[1].strip() # substitute the FQDN in if it matches - if hostDomain.startswith(domain.lower()): + if hostDomain.startswith(domain.decode("UTF-8").lower()): domain = hostDomain sid = domainSid for x in range(0, len(lines)): - if lines[x].startswith("User : krbtgt"): - krbtgtHash = lines[x + 2].split(":")[1].strip() + if lines[x].startswith(b"User : krbtgt"): + krbtgtHash = lines[x + 2].split(b":")[1].strip() break - if krbtgtHash != "": - creds.append(("hash", domain, "krbtgt", krbtgtHash, hostName, sid)) + if krbtgtHash != b"": + creds.append(("hash", domain.decode('UTF-8'), "krbtgt", krbtgtHash.decode('UTF-8'), hostName.decode('UTF-8'), sid.decode('UTF-8'))) except Exception as e: pass @@ -570,23 +570,20 @@ def parse_mimikatz(data): if b'** SAM ACCOUNT **' in lines: domain, user, userHash, dcName, sid = "", "", "", "", "" for line in lines: - try: - if line.strip().endswith("will be the domain"): - domain = line.split("'")[1] - elif line.strip().endswith("will be the DC server"): - dcName = line.split("'")[1].split(".")[0] - elif line.strip().startswith("SAM Username"): - user = line.split(":")[1].strip() - elif line.strip().startswith("Object Security ID"): - parts = line.split(":")[1].strip().split("-") - sid = "-".join(parts[0:-1]) - elif line.strip().startswith("Hash NTLM:"): - userHash = line.split(":")[1].strip() - except: - pass + if line.strip().endswith(b"will be the domain"): + domain = line.split(b"'")[1] + elif line.strip().endswith(b"will be the DC server"): + dcName = line.split(b"'")[1].split(b".")[0] + elif line.strip().startswith(b"SAM Username"): + user = line.split(b":")[1].strip() + elif line.strip().startswith(b"Object Security ID"): + parts = line.split(b":")[1].strip().split(b"-") + sid = b"-".join(parts[0:-1]) + elif line.strip().startswith(b"Hash NTLM:"): + userHash = line.split(b":")[1].strip() if domain != "" and userHash != "": - creds.append(("hash", domain, user, userHash, dcName, sid)) + creds.append(("hash", domain.decode('UTF-8'), user.decode('UTF-8'), userHash.decode('UTF-8'), dcName.decode('UTF-8'), sid.decode('UTF-8'))) return uniquify_tuples(creds) @@ -851,7 +848,7 @@ def decode_base64(data): data += b'=' * missing_padding try: - result = base64.decodestring(data) + result = base64.decodebytes(data) return result except binascii.Error: # if there's a decoding error, just return the data diff --git a/setup/install.sh b/setup/install.sh index 7c8a9e3b8..acae9c939 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -1,63 +1,86 @@ #!/bin/bash + function install_powershell() { - # Deb 10.x - if cat /etc/debian_version | grep 10.* ; then - # Download the Microsoft repository GPG keys - wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb + # Debian 10.x + if grep "10.*" /etc/debian_version 2>/dev/null; then + # Download the Microsoft repository GPG keys + wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb + + # Register the Microsoft repository GPG keys + sudo dpkg -i packages-microsoft-prod.deb - # Register the Microsoft repository GPG keys - sudo dpkg -i packages-microsoft-prod.deb + # Update the list of products + sudo apt-get update - # Update the list of products - sudo apt-get update + # Install PowerShell + sudo apt-get install -y powershell - # Install PowerShell - sudo apt-get install -y powershell - # Deb 9.x - elif cat /etc/debian_version | grep 9.* ; then + # Debian 9.x + elif grep "9.*" /etc/debian_version 2>/dev/null; then # Install system components sudo apt-get install -y apt-transport-https curl + # Import the public repository GPG keys curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - + # Register the Microsoft Product feed sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch main" > /etc/apt/sources.list.d/microsoft.list' + # Update the list of products sudo apt-get update + # Install PowerShell sudo apt-get install -y powershell - # Deb 8.x - elif cat /etc/debian_version | grep 8.* ; then + + # Debian 8.x + elif grep "8.*" /etc/debian_version 2>/dev/null; then # Install system components sudo apt-get install -y apt-transport-https curl gnupg + # Import the public repository GPG keys curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - + # Register the Microsoft Product feed sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-jessie-prod jessie main" > /etc/apt/sources.list.d/microsoft.list' + # Update the list of products sudo apt-get update + # Install PowerShell sudo apt-get install -y powershell - #Ubuntu - elif lsb_release -d | grep -q "Ubuntu"; then + + # Ubuntu + elif lsb_release -d 2>/dev/null | grep -q "Ubuntu"; then # Read Ubuntu version local ubuntu_version=$( grep 'DISTRIB_RELEASE=' /etc/lsb-release | grep -o -E [[:digit:]]+\\.[[:digit:]]+ ) + # Install system components sudo apt-get install -y apt-transport-https curl + # Import the public repository GPG keys curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - + # Register the Microsoft Ubuntu repository curl https://packages.microsoft.com/config/ubuntu/$ubuntu_version/prod.list | sudo tee /etc/apt/sources.list.d/microsoft.list + # Update the list of products sudo apt-get update + # Install PowerShell sudo apt-get install -y powershell - #Kali Linux - elif lsb_release -d | grep -q "Kali"; then + + # Kali Linux + elif lsb_release -d 2>/dev/null | grep -q "Kali"; then apt update && apt -y install powershell + + else + echo 'Unsupported OS. Exiting.' && exit fi - if ls /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY; then - rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY - fi + + # Disable telemetry + rm /opt/microsoft/powershell/*/DELETE_ME_TO_DISABLE_CONSOLEHOST_TELEMETRY 2>/dev/null + + # Install Invoke-Obfuscation module mkdir -p /usr/local/share/powershell/Modules cp -r ../lib/powershell/Invoke-Obfuscation /usr/local/share/powershell/Modules } @@ -81,7 +104,7 @@ function install_xar() { function install_bomutils() { git clone https://github.com/hogliux/bomutils.git (cd bomutils && make) - (cd bomutils && make install) + (cd bomutils && sudo make install) chmod 755 bomutils/build/bin/mkbom && sudo cp bomutils/build/bin/mkbom /usr/local/bin/. } @@ -101,7 +124,7 @@ function is_libssl_1_0() { false } -# Ask for the administrator password upfront so sudo is no longer required at Installation. +# Ask for the sudo password upfront so it is no longer required during installation. sudo -v IFS='/' read -a array <<< pwd @@ -113,10 +136,10 @@ fi Pip_file="requirements.txt" -if lsb_release -d | grep -q "Kali"; then +if lsb_release -d 2>/dev/null | grep -q "Kali"; then apt-get update sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk zlib1g-dev libssl1.1 build-essential libssl-dev libxml2-dev zlib1g-dev -elif lsb_release -d | grep -q "Ubuntu"; then +elif lsb_release -d 2>/dev/null | grep -q "Ubuntu"; then if is_libssl_1_0; then LibSSL_pkgs="libssl1.0.0 libssl-dev" Pip_file="requirements_libssl1.0.txt" @@ -124,7 +147,10 @@ elif lsb_release -d | grep -q "Ubuntu"; then LibSSL_pkgs="libssl1.1 libssl-dev" fi sudo apt-get update - sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk $LibSSL_pkgs build-essential + sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk "$LibSSL_pkgs" build-essential +elif grep "Fedora release" /etc/redhat-release 2>/dev/null; then + sudo dnf update + sudo dnf install -y autoconf autogen make gcc-c++ libxml2-devel openssl-devel python3-pip python3-devel python3-m2crypto else echo "Unknown distro - Debian/Ubuntu Fallback" if is_libssl_1_0; then @@ -134,7 +160,7 @@ else LibSSL_pkgs="libssl1.1 libssl-dev" fi sudo apt-get update - sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk libffi-dev $LibSSL_pkgs build-essential + sudo apt-get install -y make autoconf g++ python3-dev swig python3-pip libxml2-dev default-jdk libffi-dev "$LibSSL_pkgs" build-essential fi install_xar @@ -143,17 +169,13 @@ install_bomutils install_powershell -if ls /usr/bin/ | grep -q "python3"; then - if ! type pip3 > /dev/null; then - sudo apt-get --assume-yes install python3-pip - fi - sudo pip3 install -r $Pip_file -fi +# Install Python dependencies +sudo pip3 install -r "$Pip_file" -# set up the database schema +# Set up the database schema python3 ./setup_database.py -# generate a cert +# Generate a cert ./cert.sh cd ..