Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Commit

Permalink
Fix for issue #285 - credential export supporting commas
Browse files Browse the repository at this point in the history
Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py
Updated changelog
  • Loading branch information
HarmJ0y committed Jul 21, 2016
1 parent 2e8a7fb commit fe43560
Show file tree
Hide file tree
Showing 4 changed files with 517 additions and 437 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#Empire
# Empire

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. It premiered at [BSidesLV in 2015](https://www.youtube.com/watch?v=Pq9t59w0mUI).

Expand Down
21 changes: 21 additions & 0 deletions changelog
Original file line number Diff line number Diff line change
@@ -1,3 +1,24 @@
7/20/2016
---------
-Fix for issue #273 - added hostnames to raw screenshot output file
-Fix for issue #285 - credential export supporting commas
-Start of code standardization/pep8 cleanup - mods to agents.py, empire.py, and credentials.py

7/16/2016
---------
-Added collection/keethief module to pilfer KeePass key material from memory
-"creds X" now searches additional fields for the term (like domain)
-merged credentials/enum_cred_store from @BeetleChunks

7/15/2016
---------
-Merged @rvrsh3ll's collection/browser_data module
-Merged @curi0usJack's situational_awareness/network/smbautobrute module
-fix for issue #258 - "interact AGENT" now works globally in every menu except an active agent menu
-fix for issue #221 - hop listeners
-fix for issue #252 - management/invoke_script now no longer requires an external script
-fix for issue #257 - sysinfo now executed after running the steal_token command

6/24/2016
---------
-Updated Invoke-Mimikatz to include a fix for multi-cpu boxes/processor detection
Expand Down
59 changes: 41 additions & 18 deletions lib/common/credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
"""

import sqlite3
import helpers

import os
# import sqlite3

class Credentials:

"""
Class that handles interaction with the backend credential model
(adding creds, displaying, etc.).
"""
def __init__(self, MainMenu, args=None):

# pull out the controller objects
self.mainMenu = MainMenu
self.conn = MainMenu.conn
Expand Down Expand Up @@ -58,14 +61,14 @@ def get_credentials(self, filterTerm=None, credtype=None, note=None):
cur.execute("SELECT * FROM credentials WHERE LOWER(domain) LIKE LOWER(?) or LOWER(username) like LOWER(?) or LOWER(host) like LOWER(?) or LOWER(password) like LOWER(?)", [filterTerm, filterTerm, filterTerm, filterTerm])

# if we're filtering by credential type (hash, plaintext, token)
elif(credtype and credtype != ""):
elif credtype and credtype != "":
cur.execute("SELECT * FROM credentials WHERE LOWER(credtype) LIKE LOWER(?)", [credtype])

# if we're filtering by content in the note field
elif(note and note != ""):
elif note and note != "":
cur.execute("SELECT * FROM credentials WHERE LOWER(note) LIKE LOWER(%?%)", [note])

# otherwise return all credentials
# otherwise return all credentials
else:
cur.execute("SELECT * FROM credentials")

Expand All @@ -92,7 +95,7 @@ def add_credential(self, credtype, domain, username, password, host, sid="", not

if results == []:
# only add the credential if the (credtype, domain, username, password) tuple doesn't already exist
cur.execute("INSERT INTO credentials (credtype, domain, username, password, host, sid, notes) VALUES (?,?,?,?,?,?,?)", [credtype, domain, username, password, host, sid, notes] )
cur.execute("INSERT INTO credentials (credtype, domain, username, password, host, sid, notes) VALUES (?,?,?,?,?,?,?)", [credtype, domain, username, password, host, sid, notes])

cur.close()

Expand All @@ -102,7 +105,7 @@ def add_credential_note(self, credentialID, note):
Update a note to a credential in the database.
"""
cur = self.conn.cursor()
cur.execute("UPDATE credentials SET note = ? WHERE id=?", [note,credentialID])
cur.execute("UPDATE credentials SET note = ? WHERE id=?", [note, credentialID])
cur.close()


Expand All @@ -125,16 +128,36 @@ def remove_all_credentials(self):
cur.close()


def export_credentials(self, credtype=None):
def export_credentials(self, export_path=''):
"""
Export the credentials in the database to an output file.
"""
# TODO: implement lol

if(credtype and credtype.lower() == "hash"):
# export hashes in user:sid:lm:ntlm format
pass
else:
# export by csv?
pass

if export_path == '':
print helpers.color("[!] Export path cannot be ''")

export_path += ".csv"

if os.path.exists(export_path):
try:
choice = raw_input(helpers.color("\n[>] File %s already exists, overwrite? [y/N] " % (export_path), "red"))
if choice.lower() != "" and choice.lower()[0] == "y":
pass
else:
return
except KeyboardInterrupt:
return

creds = self.get_credentials()

if len(creds) == 0:
print helpers.color("[!] No credentials in the database.")
return

output_file = open(export_path, 'w')
output_file.write("CredID,CredType,Domain,Username,Password,Host,SID,Notes\n")
for cred in creds:
output_file.write("\"%s\"\n" % ('","'.join([str(x) for x in cred])))

print "\n" + helpers.color("[*] Credentials exported to %s\n" % (export_path))
output_file.close()
Loading

0 comments on commit fe43560

Please sign in to comment.