-
-
Notifications
You must be signed in to change notification settings - Fork 250
Write modules for emp3r0r
Jimmy Mi edited this page Oct 23, 2024
·
11 revisions
The vaccine
module in emp3r0r is designed to provide statically-linked binaries for emp3r0r agents. When the emp3r0r C2 server starts, it automatically packages whatever is in the vaccine
directory and makes it available for agents to download. This means you can use these tools on a target host through the interactive_shell
without worrying about compatibility issues.
-
Static Bash Shell: emp3r0r agents come with a compressed static
bash
binary. This shell is embedded in the agent and extracted at runtime. It’s fully capable, like the system's native Bash. -
Adding Utilities: It’s a good idea to include common system utilities like
cat
,ls
, or any tool you might need, to ensure functionality on the target host.
Custom modules let you extend emp3r0r's functionality. Unlike the Metasploit Framework, these modules run on target hosts, not on the C2 server.
- Launching attacks from a compromised machine (e.g., lateral movement).
- Running third-party tools.
- Local privilege escalation exploits.
- Credential collection and data exfiltration.
- Dependencies: Many scripts and binaries rely on dependencies. Python, for example, requires a compatible interpreter and libraries.
- Compatibility: Pre-compiled binaries may not run on all targets due to differences in libraries (e.g., Glibc compatibility issues).
- On-Target Compilation: Avoid compiling on target machines—it’s unreliable and can be noisy.
- Choose a language and make sure your executables run without errors on target hosts.
- Minimize dependencies, focusing on portability and basic APIs.
- Consider static compilation when possible to reduce compatibility issues.
- Use
pyinstaller
to create standalone binaries. - Alternatively, use the built-in
python3.9
environment. More details here.
- Ensure any additional utilities your script requires are present (e.g.,
jq
,nmap
). If not, add them to thevaccine
module.
- Disable
CGO
unless you are sure about the target environment.
- Use musl libc for static compilation.
-
UPX: Compress binaries with UPX, but remember to
strip
them first for smaller sizes.
Every module requires a config.json
file with the following structure:
{
"name": "bettercap",
"exec": "bettercap",
"platform": "Linux",
"interactive": true,
"author": "jm33-ng",
"date": "2022-03-09",
"comment": "Run bettercap as an interactive shell",
"options": {
"args": ["--", "run bettercap with this commandline arg"]
}
}
- name: The name displayed for the module.
- exec: The executable file name.
- platform: Target OS (e.g., Linux, Windows).
-
interactive: Indicates if the module has a terminal interface (e.g.,
bash
,htop
). - author: Creator’s name.
- date: Creation date.
- comment: A brief description.
- options: A dictionary of parameters with descriptions.
type ModConfig struct {
Name string `json:"name"` // Module name
Exec string `json:"exec"` // Executable to run
Platform string `json:"platform"` // Target OS
IsInteractive bool `json:"interactive"` // True if the module is a shell-like interface
Author string `json:"author"` // Author name
Date string `json:"date"` // Creation date
Comment string `json:"comment"` // Brief description
Options map[string][]string `json:"options"` // Parameters: [value, description]
}
-
Load: Create a directory under
~/.emp3r0r/modules
and place theconfig.json
there. -
Use:
- Use the
search <query>
command in the emp3r0r console to locate your module. -
use <module_name>
to select it. - If your module has configurable options, set them with
set option value
. These values will be passed as environment variables to your executable.
- Use the
Make sure your module’s options are handled correctly by reading the environment variables.