EmPyre v1.0.1 - A post-exploitation OSX/Linux agent.

EmPyre v1.0.1 – A post-exploitation OSX/Linux agent.

Changelog 06/17/2016 – RELEASE 1.0.1:
– Agent now supports python 2.6.x (thanks to calmhavoc <calmhavoc@gmail.com>)
– Teensy stager for micro controller (@matterpreter)
– Self-deleting bash stager
– Linux pure python PCAP sniffer module added
– Kerberos ccache dump module added
– OpenVPN credential scraper module added
– Linux-Priv-Checker module added
– Unix-Privesc-Check module added
– x64 Shellcode Inject module added
– Added dylib stagers without LC_REEXPORT_DYLIB load command for use outside of dylib hijacks
– Added Screensaver Alley-oop to force auth against the OSX keychain.
– Added GitHub templates
– Kerberos Keytab Inject module added

– Bug fixes
— Allow Pipe within shell commands (thanks to Mewtayshun <mewtayshun@gmail.com> and Michael Butler <michael.butler@defpoint.com>)
— Convert jitters to int
— Input validation for sleep / jitter
— cross compatibility for obtaining current user (linux)
— PowerShell remnant code, fixed by @interference-security

empyre v1.0.1

empyre v1.0.1

EmPyre is a pure Python post-exploitation agent built on cryptologically-secure communications and a flexible architecture. It is based heavily on the controller and communication structure of Empire.
Key negotiation
+ KEYs = staging key, set per server (used for RC4 and initial AES comms)
+ KEYn = the DH-EKE negotiated key
+ PUBc = the client-generated DH public key
+ PUBs = the server-generated DH public key

empyre - python post exploitation agent

empyre – python post exploitation agent

The process is as follows:
1. client runs launcher.py that GETs stager.py from /stage0 launcher.py implements a minimized RC4 decoding stub and negotiation key
2. server returns RC4(KEYs, stager.py) (key negotiation stager) stager.py contains minimized DH and AES
3. client generates DH key PUBc, and POSTs HMAC(AES(KEYs, PUBc)) posts to /stage1 server generates a new DH key on each check in
4. server returns HMAC(AES(KEYs, nonce+PUBs)) client calculates shared DH key KEYn
5. client POSTs HMAC(AES(KEYn, [nonce+1]+sysinfo) to /stage2
6. server returns HMAC(AES(KEYn, patched agent.py))
7. client sleeps on interval, and then GETs /tasking.uri
8. if no tasking, return standard looking page
9. if tasking, server returns HMAC(AES(KEYn, tasking))
10. client posts HMAC(AES(KEYn, tasking)) to /response.uri

Download using git:

Download: 1.0.0.zip  | 1.0.0.tar.gz | Our Post Before
Source: https://github.com/adaptivethreat