Closed AlessandroZ closed 6 years ago
This would be great.
lol
@AlessandroZ I'd say go for it. Please submit the PR to the dev branch.
I have checked the empire code and I didn't find an easily way to do it. Because, each modules are able to load a powershell script and get the output back (using the generate function). But in my case, the module would be more complexe. I should be able to launch a script, download the new directory created (or a zip file), and then execute some python code (in order to launch lazagne locally). So the generate function is to limited for my task. So I don't know how to process without changing the core (I don't want to change the core, I do not have enough time).
I was also looking to know a way to download a file from the remote host (for example how to use this kind of function).
You know better your code as I do, so maybe you will be able to find an easy way to do it. I don't think it would be as easy as I supposed.
Let me know, if you have an idea, otherwise I don't think to do a PR. Sorry.
@xorrior I think @AlessandroZ needs some help here. I'm not qualified enough to assist here. Do you know anybody who can provide help out?
Hi guys,
Some times ago, I did a tool called LaZagne to dump lots of credentials from a remote target. It has been easy to add it to the pupy project because it interprets the python code all in memory so nothing is dropped on the disk. However, to be embedded in non python project was quite difficult (except using the binary but it's not really cool).
For forensic purpose, I have developed another tool called LaZagneForensic to retrieve passwords from another host. At fisrt passwords were retrieved from a mounted disk (for forensic analysis) but then I did a powershell script to dump all configuration files from a remote host. Then this new folder should be downloaded to our Linux host and passwords could be decrypted offline.
Lots of passwords can be decrypted without needed the user Windows password but some need it. However, the password could be retrieved using mimikatz or other technics.
I didn't do a pull request because I don't know if it's a good idea and I don't how your manage external tools. In pupy, we use git submodules to be able to update it if needed. Moreover, I didn't analyse your code to check how you could download folders from a remote host (I'm quite bad in powershell).
Here are all steps needed:
Then integrating lazagne will be easy. Here is an example of script to integrate it. It's an adaptation to the following script:
So If you are interested about integrating LaZagne to Empire, it will be great. Otherwise, no problems, I understand very well.
Keep going, I like your works !