email info@BC-Security.org

Top Categories

Spotlight

todayOctober 10, 2024

Offensive Security Tools Cx01N

Not Your Grandfather’s Empire

Not Your Grandfather’s Empire I’ve wanted to put this blog together since returning home from DEFCON. Anytime we ran into someone who recognized our swag, they mentioned how much they loved Empire back in the day and didn’t realize it was being actively maintained. This made me reflect on all [...]


Empire 3.7 and Starkiller 1.6

Offensive Security Tools Vincent Rose todayJanuary 21, 2021 3669 13 5

Background
share close

Last week we announced a new partnership with Kali for Starkiller and Empire. You can read up more about that in our previous post. The purpose of this post is to outline the new features in Empire and Starkiller.

Starkiller

For those who may have missed the last announcement, Starkiller is now easier than ever to install and run from Kali. Simply run apt install starkiller to install and starkiller to run!

Starkiller 1.6 brings a small revamp to the agent screen. The old UI had a lot of wasted horizontal real-estate. We really didn’t need the input fields to go across the entire screen. So, we’ve changed the task viewer to be on the right side of the screen, and it makes better use of the space.

Old Starkiller UI
New Starkiller UI

On the agent screen, we have added a new tasks tab. This screen’s information is the same info that you see on the right-side task viewer, but in a neater table format that matches the reporting screen, filtered to the current agent.

Agent Task Tab

At long last, we bring the upload and download features to Starkiller. On the top right of the agents view, there are two new buttons. For uploads, select the file on your local machine and a destination on the target machine. For downloads, just enter the source file from the target machine. Downloads work for both PowerShell and Python agents. Unfortunately, some recent changes broke uploads on Python agents, but a fix is in the works.

Uploading a file to an agent

A new Plugins page has been added to Starkiller. From the sidebar, click Plugins. This will give a list of all the plugins that are active on the server. Clicking into one brings up that plugin’s options and allows the user to execute it. The example below uses the SOCKS Proxy Server Plugin to start a SOCKS proxy server.

Plugin execution page

Sponsors-Only

The sponsors build of Starkiller gets another feature! In addition to the current features: file browser and chat widget, operators now have access to an interactive agent shell that replaces the task viewer that is available in the public build of Starkiller. The interactive agent shell works for both PowerShell and Python agents. You can now quickly navigate directories, enumerate processes, and cat files to the terminal while still being able to queue more complex modules on the left-hand side of the screen. If you have used the new Empire-CLI, the shell will feel fairly familiar to you. This will be in a sponsors build in the next 1-2 weeks.

Interactive agent shell

Empire

CLI Submodule

The new Empire-CLI will remain in its own repository, but will now be packaged with the rest of Empire as a submodule. This means you can pull down Empire-CLI as if it’s a part of the Empire repo by adding --recursive to your git clone command, or if you already have Empire cloned git submodule update --recursive. In an upcoming release, we will be deprecating the old server CLI. Don’t worry, it’s going to stick around at least until the next major release of Empire (4.0). If you haven’t already seen the new CLI, here is a demo and walk-through from last month.

Database Management Refactor

All database interaction within the server now goes through SQLAlchemy ORM. SQLAlchemy provides an abstraction over the database that simplifies a lot of the existing codebase and allows for more options in the underlying database system. Right now, only SQLite is supported, but coming in a future release – you will have the ability to swap in high-performance databases like MySQL or Postgres with little effort.

Conclusion

We are looking forward to continuing iterating on Empire and Starkiller. If you want to discuss any of the upcoming changes, you can find us in the BC Security Discord or send us an e-mail at info@BC-Security.org.

Written by: Vincent Rose

Rate it

Previous post