search

BC-SECURITY / Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
https://bc-security.gitbook.io/empire-wiki/
BSD 3-Clause "New" or "Revised" License
4.18k stars 572 forks source link

Internal Monologue runs only once for each agent #43

Closed Invoke-Mimikatz closed 4 years ago

Invoke-Mimikatz commented 4 years ago

Empire Version

3.0 Bug Fixes

OS Information (Linux flavor, Python version)

Kali 2019.2, Python 3.7.5

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

Expected behaviour: invoke_internal_monologue module dumps the same NetNTLMv1 hashes every time, once for each run of the module.

Observed behaviour: invoke_internal_monologue module dumps NetNTLMv1 hashes only ONCE on the first run of the module for that agent, and never again after that (for that agent only). The agent stays alive, and commands can be run on the agent after, but invoke_internal_monologue will return no v1's again.

Screenshot of error, embedded text output, or Pastebin link to the error

image

Any additional information

Running agent on Windows 10 (1809), PSVersion 5.1

Cx01N commented 4 years ago

@Invoke-Mimikatz I added a check to clear the table if the module has been run before. It is not the most graceful fix, but it fixes the issue. Could you test out the PR and see if it fixed the issue for your setup?

Invoke-Mimikatz commented 4 years ago

Nice fix. Seems to work as expected on my systems

image