Friday, March 10, 2017

EmpirePanel : Hack with Friends!

Intro:

You may be familiar with what was once called "PowerShell Empire", and is now referred to simply as "Empire".  It's the hot new post-exploitation framework with a lot of fancy features.  One major drawback, however, is that Empire lacks any real multiplayer support.  I noticed that Empire is, at its core, a Flask app, so why the hell not extend it into a fully functional web interface for collaborative hacking?


Goals:

  • A nice, pretty, web interface for Empire
  • Mulitplayer support
  • Functional parity with command line version
  • Minimal invasiveness to the existing Empire code base


High Level Architecture:

EmpirePanel is based on AdminLTE, and is decorated with AngularJS.  It is implemented entirely in HTML and JavaScript except for a minor tweak to enable the new routes in the core Empire code.  All interaction with Empire is done with JavaScript via the provided Empire API.


Walkthrough:

git clone https://github.com/pierce403/EmpirePanel.git
cd EmpirePanel/setup/
./setup_database.sh
./cert.sh
cd ..
./empire --rest --username admin --password admin

Then from a browser, visit https://127.0.0.1:1337/, and log in with the user/pass you set.

You should then be presented with a page looking like this:


Awesome, now lets start hacking.  First we need to create a listener.  I'm using 192.168.174.1 for this listener because that's the IP for my vmware host.


Great.  Now once we have the listener, we click into it, and generate a launcher:


This launcher is the command we run on our target system.  Once we run it, we see an agent pop up.



Okay, let's click into it and see what sorts of things we can do :





Things That Work:

  • Creating and destroying listeners
  • Generating a launchers
  • Collecting agents
  • Running shell commands on agents
  • Running modules on agents

Things That Don't Work Yet:

  • Some agent commands, like rename, ps, etc
  • UI layout consistency
  • AngularJS syncing issues

Fixing Things That Don't Work:

Of course, everything is on github (https://github.com/pierce403/EmpirePanel) and I accept pull requests.  All of my EmpirePanel work is concentrated on two files, empire.js, and index.html in the /static/ directory.

Future Plans:

This demo is only compatible with the 1.5 version of Empire.  Hopefully the API for 2.0 will stabilize soon and I'll be able to port it over, and hopefully, one day get the code upstream.  Maybe this work will simply inspire someone who knows what they're doing to come along and do it all the right way, who knows?  I guess that's all part of the magic of Open Source.  Enjoy!

1 comment:

  1. Thanks for providing this little and useful demo. I am so delighted to be here and to gather this marvelous article to read. Exclusive Discount Coupons

    ReplyDelete