____        ___
                     |___ \      / _ \
   ___ _ __ ___  _ __  __) |_ __| | | |_ __
  / _ \ '_ ` _ \| '_ \|__ <| '__| | | | '__|
 |  __/ | | | | | |_) |__) | |  | |_| | |
  \___|_| |_| |_| .__/____/|_|   \___/|_|
                | |
                |_|

i will post further updates here, for convenience

updates

wait, what?

happy new year dear

for the last two weeks ive been working on this emp3r0r project. you must have heard of the famous empire, which, is abandoned by its creator obviously.

emp3r0r aims to be a post-exploitation framework, just like empire. the difference, however, is i intend to use go to write CC/agent and other core parts, this way, it can be easier to port emp3r0r to other platforms

i plan to develop it as a post-exploitation framwork for linux, for now

post-exploitation framework for linux

(planned) features

  • client-server structure, reverse connection
  • HTTP2, full duplex connection between agent and cc
  • TLS, with all security check enabled (trust additional CA generated by user)
  • dynamically generated CA and TLS certificates, making build process easier
  • process management
  • vim: a shell helper that helps you edit remote files
  • get/put: another shell helper providing features like sftp
  • cd/pwd: cd and pwd in the shell
  • LPE suggest and auto root
  • an indicator for CC status, which can be used by agents to check if CC is online, which, can be accessed via services like Github and Twitter, drawing less attention

modules

  • cmd : execute shell command on target
  • shell : works like cmd, grabs stdout and stderr, does NOT support interactive programs
  • lpe_suggest : invoke upc and les, open their reports with less in new tmux window
  • get_root : automatic privilege escalation
  • lkm : an lkm providing APIs for file/proc hiding, hidden backdoor, etc. automatically compiled for target kernel
  • injector : inject code into running processes via PTRACE
  • persistence : get persistence via LD_PRELOAD or recompliled libraries
  • harvester : credentials harvesting
  • data_exfil : data exfiltration
  • proxy : socks5 proxy over HTTP2
  • containerized : run code in a container (for better hiding)
  • evilkvm : take advantage of kvm
  • scanner : stealth network mapping

Comments

comments powered by Disqus