EmpireProject · mvelazc0 · May 16, 2018 · May 16, 2018 · Jun 15, 2018 · Jun 18, 2018
diff --git a/README.md b/README.md
@@ -6,7 +6,6 @@ Empire relies heavily on the work from several other projects for its underlying
 
 Empire is developed by [@harmj0y](https://twitter.com/harmj0y), [@sixdub](https://twitter.com/sixdub), [@enigma0x3](https://twitter.com/enigma0x3), [@rvrsh3ll](https://twitter.com/424f424f), [@killswitch_gui](https://twitter.com/killswitch_gui), and [@xorrior](https://twitter.com/xorrior).
 
-Feel free to join us in the #psempire channel of the [BloodHound Slack](http://bloodhoundgang.herokuapp.com/)!
 
 ## Install
 

diff --git a/data/module_source/situational_awareness/network/Invoke-SmbLogin_old.ps1 b/data/module_source/situational_awareness/network/Invoke-SmbLogin_old.ps1
@@ -0,0 +1,64 @@
+function Invoke-SMBLogin {
+    [CmdletBinding()]
+    Param
+    (
+        [string]$UserName,
+        [string]$Password,
+		[string]$ComputerName
+    )
+    if (!($UserName) -or !($Password) -or !($ComputerName)) {
+        Write-Warning 'Invoke-SMBLogin: Please specify a username, password and computer.'
+    } else {
+
+		try{
+        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
+        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$ComputerName)
+        $Result=$DS.ValidateCredentials($UserName, $Password)
+
+		if ($Result) {
+			Write-Verbose "SUCCESS: $Username works with $Password on $ComputerName"
+			$out = new-object psobject
+			$out | add-member Noteproperty 'ComputerName' $Computer
+			$out | add-member Noteproperty 'Username' $Username
+			$out | add-member Noteproperty 'Password' $Password
+			$out | add-member Noteproperty 'Result' 'Success'
+			$out
+
+		}
+		else {
+			Write-Verbose "FAILED:  $Username works with $Password on $ComputerName"
+			$out = new-object psobject
+			$out | add-member Noteproperty 'ComputerName' $Computer
+			$out | add-member Noteproperty 'Username' $Username
+			$out | add-member Noteproperty 'Password' $Password
+			$out | add-member Noteproperty 'Result' 'Failed'
+			$out
+
+		}	
+		}
+		Catch{
+
+			if ($_.Exception.Message -like '*network path was not found*'){
+
+				Write-Verbose "SUCCESS (Network path not found) : $Username works with $Password on $ComputerName"
+				$out = new-object psobject
+				$out | add-member Noteproperty 'ComputerName' $Computer
+				$out | add-member Noteproperty 'Username' $Username
+				$out | add-member Noteproperty 'Password' $Password
+				$out | add-member Noteproperty 'Result' 'Success'
+				$out
+
+			}
+			elseif ($_.Exception.Message -like '*Access is Denied*'){
+				Write-Verbose "SUCCESS ( No persmision ): $Username works with $Password on $ComputerName"
+				$out = new-object psobject
+				$out | add-member Noteproperty 'ComputerName' $Computer
+				$out | add-member Noteproperty 'Username' $Username
+				$out | add-member Noteproperty 'Password' $Password
+				$out | add-member Noteproperty 'Result' 'Success'
+				$out
+
+			}
+		}
+    }
+}
diff --git a/lib/common/helpers.py b/lib/common/helpers.py
@@ -156,10 +156,7 @@ def random_string(length=-1, charset=string.ascii_letters):
 
 def generate_random_script_var_name(origvariname,globDebug=False):
     if globDebug:
-	return origvariname
-    else:
-	hash_object=hashlib.sha1(str(origvariname)+str(globentropy)).hexdigest()
-	return hash_object[:(3+(globentropy%3))]
+
 
 def randomize_capitalization(data):
     """

diff --git a/lib/common/messages.py b/lib/common/messages.py
@@ -177,8 +177,7 @@ def display_agents(agents):
 
         print ''
         print helpers.color("[*] Active agents:\n")
-        print " Name     La Internal IP     Machine Name      Username                Process            PID    Delay    Last Seen            Listener"
-        print " ----     -- -----------     ------------      --------                -------            ---    -----    ---------            ----------------"
+
 
         for agent in agents:
 
@@ -194,16 +193,15 @@ def display_agents(agents):
             else:
                 agent['language'] = 'X'
 
-            print " %.8s %.2s %.15s %.17s %.23s %.18s %.6s %.8s %.31s %.16s" % ('{0: <8}'.format(agent['name']),
+
                                   '{0: <2}'.format(agent['language']),
                                   '{0: <15}'.format(str(agent['internal_ip']).split(" ")[0]),
                                   '{0: <17}'.format(agent['hostname']),
                                   '{0: <23}'.format(agent['username']),
                                   '{0: <18}'.format(agent['process_name']),
                                   '{0: <6}'.format(str(agent['process_id'])),
                                   '{0: <8}'.format(str(agent['delay']) + "/"  +str(agent['jitter'])),
-                                  '{0: <31}'.format(str(helpers.lastseen(agent['lastseen_time'], agent['delay'], agent['jitter']))),
-                                  '{0: <16}'.format(str(agent['listener'])))
+
 
             # Skip rows for better readability
             rowToggle = (rowToggle + 1) % 3

diff --git a/lib/modules/powershell/situational_awareness/network/smblogin.py b/lib/modules/powershell/situational_awareness/network/smblogin.py
@@ -0,0 +1,133 @@
+from lib.common import helpers
+
+
+class Module:
+
+    def __init__(self, mainMenu, params=[]):
+
+        self.info = {
+            'Name': 'Invoke-SMBLogin',
+
+            'Author': ['Mauricio Velazco (@mvelazco)'],
+
+            # More verbose multi-line description of the module
+            'Description': ('Validates username & password combination(s) across a host or group of hosts using the SMB protocol.'),
+
+            'Background': False,
+
+            'OutputExtension': None,
+
+            'NeedsAdmin': False,
+
+            'OpsecSafe': True,
+
+            'Language': 'powershell',
+
+            'MinLanguageVersion': '2',
+
+            'Comments': ['Github:','https://github.com/mvelazc0/Invoke-SMBLogin']
+        }
+
+        self.options = {
+            'Agent': {
+
+                'Description':   'Agent to grab a screenshot from.',
+                'Required'   :   True,
+                'Value'      :   ''
+            },
+            'CredID' : {
+                'Description'   :   'CredID from the store to use.',
+                'Required'      :   False,
+                'Value'         :   ''
+            },
+            'ComputerName': {
+                'Description': 'A single computer name (ip) or a list of comma separated computer names (ips)',
+                'Required': True,
+                'Value': ''
+            },
+            'Domain': {
+                'Description': 'Domain to use. If not defined, local accounts will be used',
+                'Required': False,
+                'Value': ''
+            },
+            'Password': {
+                'Description': 'A single password or list of comma separated passwords',
+                'Required': True,
+                'Value': ''
+            },
+            'UserName': {
+                'Description': 'A single username or a list of comma separated usernames',
+                'Required': True,
+                'Value': ''
+            }
+        }
+
+        self.mainMenu = mainMenu
+
+        if params:
+            for param in params:
+                # Parameter format is [Name, Value]
+                option, value = param
+                if option in self.options:
+                    self.options[option]['Value'] = value
+
+
+    def generate(self, obfuscate=False, obfuscationCommand=""):
+
+        moduleSource = self.mainMenu.installPath + "/data/module_source/situational_awareness/network/Invoke-SMBLogin.ps1"
+        if obfuscate:
+            helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
+            moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
+        try:
+            f = open(moduleSource, 'r')
+        except:
+            print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
+            return ""
+
+        moduleCode = f.read()
+        f.close()
+        script = moduleCode
+        scriptEnd = ""
+
+        # if a credential ID is specified, try to parse
+        credID = self.options["CredID"]['Value']
+        if credID != "":
+
+            if not self.mainMenu.credentials.is_credential_valid(credID):
+                print
+                helpers.color("[!] CredID is invalid!")
+                return ""
+
+            (credID, credType, domainName, userName, password, host, os, sid, notes) = \
+            self.mainMenu.credentials.get_credentials(credID)[0]
+
+            if domainName != "":
+                self.options["Domain"]['Value'] = str(domainName)
+                self.options["UserName"]['Value'] = str(userName)
+            else:
+                self.options["UserName"]['Value'] = str(userName)
+                self.options["Domain"]['Value'] = ""
+            if password != "":
+                self.options["Password"]['Value'] = password
+
+        if self.options["UserName"]['Value'] == "" or self.options["Password"]['Value'] == "":
+            print
+            helpers.color("[!] Username and password must be specified.")
+
+        scriptEnd += "Invoke-SMBLogin "
+
+        for option, values in self.options.iteritems():
+            if option.lower() != "agent" and option.lower() != "credid":
+                if values['Value'] and values['Value'] != '':
+                    if values['Value'].lower() == "true":
+                        scriptEnd += " -" + str(option)
+                    else:
+                        scriptEnd += " -" + str(option) + " " + str(values['Value'])
+        if obfuscate:
+            scriptEnd = helpers.obfuscate(psScript=scriptEnd, installPath=self.mainMenu.installPath, obfuscationCommand=obfuscationCommand)
+
+        scriptEnd += "| Out-String | %{$_ + \"`n\"};"
+        scriptEnd += "'Invoke-SMBLogin completed'"
+
+        script += scriptEnd
+        return script
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,7 +6,6 @@ Empire relies heavily on the work from several other projects for its underlying

		Empire is developed by [@harmj0y](https://twitter.com/harmj0y), [@sixdub](https://twitter.com/sixdub), [@enigma0x3](https://twitter.com/enigma0x3), [@rvrsh3ll](https://twitter.com/424f424f), [@killswitch_gui](https://twitter.com/killswitch_gui), and [@xorrior](https://twitter.com/xorrior).

		Feel free to join us in the #psempire channel of the [BloodHound Slack](http://bloodhoundgang.herokuapp.com/)!

		## Install

Expand Down