Search the Community

Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27. Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we’ve interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at [email protected]. Changelog v5.1.2 Updated Starkiller to v2.1.1 Removed thread from IronPython agent (@Hubbl3) Fixed foreign listener issue with cookies (@Hubbl3) Fixed error message handling for port forward pivot (@Cx01N) Fixed upload not reporting error in PowerShell agent (@Cx01N) Fixed client not giving option to select upload directory (@Cx01N) Fixed persistence/powerbreach/eventlog launcher generation (@Cx01N) [hide][Hidden Content]]

Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premiered at HackMiami 2016. BC-Security presented updates to further evade Microsoft Antimalware Scan Interface (AMSI) and JA3/S signatures at DEF CON 27. Empire relies heavily on the work from several other projects for its underlying functionality. We have tried to call out a few of those people we’ve interacted with heavily here and have included author/reference link information in the source of each Empire module as appropriate. If we have failed to properly cite existing or prior work, please let us know at [email protected]. Changelog v5.0.4 Fix module error in PSRansom (@Cx01N) Update the install script to set up a new db user instead of overwriting the root user (@vinnybod) Update the Starkiller syncer to skip updating if not in a git repo (@vinnybod) Update the Docker CI action to publish latest on ‘main’ branch (@vinnybod) Fix install of Poetry for Debian based systems (@vinnybod) [hide][Hidden Content]]

About Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant. Kraker consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below. Kraker continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: @_w34kp455 and @_asSheShouldBe. [hide][Hidden Content]]

Kaseya VSA Agent versions 9.5 and below suffer from a privilege escalation vulnerability. View the full article

This Metasploit module exploits a command injection vulnerability in the Tesla Agent botnet panel. View the full article

Agent Tesla Botnet arbitrary code execution exploit. View the full article

Android tiene un nuevo malware que se distribuye de manera silenciosa, infectando y sustituyendo apps que tienen como fin el robo de datos. El agente Smith es un nombre conocido para muchos que disfrutaron Matrix hace más de 20 años. Hoy toma relevancia ya que así se ha nombrado a un nuevo malware de Android que se comporta de manera similar a como lo hizo el personaje interpretado por Hugo Weaving. De acuerdo con la empresa de seguridad Check Point, Agent Smith ha infectado alrededor de 25 millones de dispositivos Android. El malware se disfraza como una aplicación relacionada con Google y reemplaza otras aplicaciones instaladas con versiones maliciosas que cuentan con código propio. Agent Smith sustituye aplicaciones como WhatsApp de manera silenciosa Los investigadores de Check Point indican que Agent Smith explota la vulnerabilidad de Android conocida como Janus, que permite inyectar malware a las aplicaciones del móvil saltándose un proceso de verificación que compara la firma anterior con la nueva, todo esto de manera silenciosa sin que el usuario pueda darse cuenta. Una de las características de este malware es que muestra anuncios fraudulentos que podrían derivar en un robo de datos del dueño del móvil, como información personal y bancaria. El hecho de atacar y sustituir las aplicaciones instaladas vuelve compleja la tarea de que el usuario pueda combatirlo por su cuenta, por lo que una de las formas de defenderse ante una posible infección es no instalar aplicaciones de fuentes que no sean confiables. Agent Smith ha afectado a más de 25 millones de usuarios, principalmente en India, donde contabiliza 15 millones de dispositivos. El malware se ha extendido a otros países como Pakistán y Bangladesh, aunque también se han reportado casos en Reino Unido y Estados Unidos. La presencia de Agent Smith no es nueva, de hecho se tiene registro desde principios de 2016 cuando apareció en 9Apps, uno de los canales de descarga de aplicaciones más populares de Asia. El malware se ha mantenido vigente durante todo ese tiempo, incluso infectando algunas aplicaciones de la Play Store. Fuente

Rapid7 Windows InsightIDR Agent version 2.6.3.14 suffers from a local privilege escalation vulnerability. View the full article

Agent Tesla Botnet suffers from an information leakage vulnerability. View the full article

This Metasploit module leverages the remote command execution feature provided by the BMC Patrol Agent software. It can also be used to escalate privileges on Windows hosts as the software runs as SYSTEM but only verifies that the password of the provided user is correct. This also means if the software is running on a domain controller, it can be used to escalate from a normal domain user to domain admin as SYSTEM on a DC is DA. **WARNING** The windows version of this exploit uses powershell to execute the payload. The powershell version tends to timeout on the first run so it may take multiple tries. View the full article

Hacxx Agent is a fully working spyware that execute malicious payloads to extract information from the windows machine. After first execution it will upload the results to the restricted server. Hacxx Agent can: Save and upload a copy of all Chrome History Save and upload a copy of all Edge Cookies Save and upload a copy of all the searches made in the computer Save and upload a copy of all Product keys Save and upload a copy of all USB Devices that have been plug in. Download: [Hidden Content].rar Virustotal: [Hidden Content]

Download: [HIDE][Hidden Content]] Password: level23hacktools.com

This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was the default configuration. This Metasploit module supports TeamCity agents from version 6.0 onwards. View the full article