uilding dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: fonts-liberation2 ibverbs-providers libboost-iostreams1.83.0 libboost-thread1.83.0 libcephfs2 libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0 libibverbs1 libmfx1 libpython3.11-dev librados2 librdmacm1t64 python3-hatch-vcs python3-hatchling python3-lib2to3 python3-pathspec python3-pluggy python3-setuptools-scm python3-trove-classifiers python3.11 python3.11-dev python3.11-minimal rwho rwhod samba-vfs-modules Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: blueman libldb2 libpython3-dev libpython3-stdlib libpython3.12-dev libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 libsmbclient0 libssl3t64 libtalloc2 libtdb1 login login.defs onboard onboard-common onboard-data openssl openssl-provider-legacy passwd python3 python3-arc4 python3-dev python3-ldb python3-minimal python3-nassl python3-samba python3-talloc python3-tdb python3-userpath python3-venv python3.12 python3.12-dev python3.12-minimal python3.12-venv samba samba-common samba-common-bin samba-libs smbclient winexe Suggested packages: python3.12-doc binfmt-support The following packages will be REMOVED: python3-distutils The following NEW packages will be installed: libpython3.12-dev libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 login.defs openssl-provider-legacy pipx python3-userpath python3-venv python3.12 python3.12-dev python3.12-minimal python3.12-venv The following packages will be upgraded: blueman libldb2 libpython3-dev libpython3-stdlib libsmbclient0 libssl3t64 libtalloc2 libtdb1 login onboard onboard-common onboard-data openssl passwd python3 python3-arc4 python3-dev python3-ldb python3-minimal python3-nassl python3-samba python3-talloc python3-tdb samba samba-common samba-common-bin samba-libs smbclient winexe 29 upgraded, 13 newly installed, 1 to remove and 227 not upgraded. Need to get 39.6 MB of archives. After this operation, 69.1 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://kali.download/kali kali-rolling/main amd64 openssl-provider-legacy amd64 3.3.2-1 [298 kB] Get:2 http://kali.download/kali kali-rolling/main amd64 libssl3t64 amd64 3.3.2-1 [2,271 kB] Get:3 http://kali.download/kali kali-rolling/main amd64 libpython3.12-minimal amd64 3.12.6-1 [814 kB] Get:4 http://kali.download/kali kali-rolling/main amd64 libpython3.12-stdlib amd64 3.12.6-1 [1,963 kB] Get:5 http://kali.download/kali kali-rolling/main amd64 libpython3.12t64 amd64 3.12.6-1 [2,147 kB] Get:6 http://kali.download/kali kali-rolling/main amd64 libpython3.12-dev amd64 3.12.6-1 [5,127 kB] Get:7 http://http.kali.org/kali kali-rolling/main amd64 python3-dev amd64 3.12.5-1+b1 [26.1 kB] Get:8 http://http.kali.org/kali kali-rolling/main amd64 libpython3-dev amd64 3.12.5-1+b1 [10.1 kB] Get:9 http://kali.download/kali kali-rolling/main amd64 python3.12-minimal amd64 3.12.6-1 [2,168 kB] Get:10 http://kali.download/kali kali-rolling/main amd64 python3-tdb amd64 1.4.12-1 [16.9 kB] Get:11 http://http.kali.org/kali kali-rolling/main amd64 libtalloc2 amd64 2.4.2-1+b2 [26.0 kB] Get:12 http://http.kali.org/kali kali-rolling/main amd64 python3-talloc amd64 2.4.2-1+b2 [15.2 kB] Get:13 http://http.kali.org/kali kali-rolling/main amd64 python3-samba amd64 2:4.21.0+dfsg-1kali1 [2,724 kB] Get:14 http://kali.download/kali kali-rolling/main amd64 python3-nassl amd64 5.2.0-0kali3 [1,727 kB] Get:15 http://http.kali.org/kali kali-rolling/main amd64 python3-ldb amd64 2:2.10.0+samba4.21.0+dfsg-1kali1 [69.8 kB] Get:16 http://http.kali.org/kali kali-rolling/main amd64 python3-arc4 amd64 0.3.0-0kali1+b2 [7,360 B] Get:17 http://kali.download/kali kali-rolling/main amd64 onboard-data all 1.4.1-9 [3,807 kB] Get:18 http://kali.download/kali kali-rolling/main amd64 onboard-common all 1.4.1-9 [543 kB] Get:19 http://kali.download/kali kali-rolling/main amd64 onboard amd64 1.4.1-9 [350 kB] Get:20 http://kali.download/kali kali-rolling/main amd64 blueman amd64 2.4.3-1 [1,019 kB] Get:21 http://http.kali.org/kali kali-rolling/main amd64 python3-minimal amd64 3.12.5-1+b1 [27.0 kB] Get:22 http://http.kali.org/kali kali-rolling/main amd64 python3 amd64 3.12.5-1+b1 [27.9 kB] Get:23 http://kali.download/kali kali-rolling/main amd64 libtdb1 amd64 1.4.12-1 [45.2 kB] Get:24 http://http.kali.org/kali kali-rolling/main amd64 libsmbclient0 amd64 2:4.21.0+dfsg-1kali1 [91.3 kB] Get:25 http://http.kali.org/kali kali-rolling/main amd64 winexe amd64 2:4.21.0+dfsg-1kali1 [99.8 kB] Get:26 http://http.kali.org/kali kali-rolling/main amd64 smbclient amd64 2:4.21.0+dfsg-1kali1 [471 kB] Get:27 http://http.kali.org/kali kali-rolling/main amd64 samba-libs amd64 2:4.21.0+dfsg-1kali1 [5,945 kB] Get:28 http://http.kali.org/kali kali-rolling/main amd64 libldb2 amd64 2:2.10.0+samba4.21.0+dfsg-1kali1 [171 kB] Get:29 http://http.kali.org/kali kali-rolling/main amd64 samba amd64 2:4.21.0+dfsg-1kali1 [1,327 kB] Get:30 http://http.kali.org/kali kali-rolling/main amd64 samba-common-bin amd64 2:4.21.0+dfsg-1kali1 [1,258 kB] Get:31 http://kali.download/kali kali-rolling/main amd64 login.defs all 1:4.16.0-4 [185 kB] Get:32 http://kali.download/kali kali-rolling/main amd64 passwd amd64 1:4.16.0-4 [1,232 kB] Get:33 http://http.kali.org/kali kali-rolling/main amd64 samba-common all 2:4.21.0+dfsg-1kali1 [57.0 kB] Get:34 http://kali.download/kali kali-rolling/main amd64 python3.12 amd64 3.12.6-1 [669 kB] Get:35 http://http.kali.org/kali kali-rolling/main amd64 libpython3-stdlib amd64 3.12.5-1+b1 [9,884 B] Get:36 http://kali.download/kali kali-rolling/main amd64 python3.12-dev amd64 3.12.6-1 [506 kB] Get:37 http://http.kali.org/kali kali-rolling/main amd64 login amd64 1:4.16.0-2+really2.40.2-8 [81.3 kB] Get:38 http://kali.download/kali kali-rolling/main amd64 openssl amd64 3.3.2-1 [1,381 kB] Get:39 http://kali.download/kali kali-rolling/main amd64 python3.12-venv amd64 3.12.6-1 [5,832 B] Get:40 http://http.kali.org/kali kali-rolling/main amd64 python3-venv amd64 3.12.5-1+b1 [1,188 B] Get:41 http://kali.download/kali kali-rolling/main amd64 python3-userpath all 1.9.1-1 [10.2 kB] Get:42 http://kali.download/kali kali-rolling/main amd64 pipx all 1.7.1-1 [828 kB] Fetched 39.6 MB in 2s (20.9 MB/s) Extracting templates from packages: 100% (Reading database ... 396818 files and directories currently installed.) Preparing to unpack .../libssl3t64_3.3.2-1_amd64.deb ... Unpacking libssl3t64:amd64 (3.3.2-1) over (3.2.2-1) ... Selecting previously unselected package openssl-provider-legacy. Preparing to unpack .../openssl-provider-legacy_3.3.2-1_amd64.deb ... Unpacking openssl-provider-legacy (3.3.2-1) ... Setting up libssl3t64:amd64 (3.3.2-1) ... Setting up openssl-provider-legacy (3.3.2-1) ... Selecting previously unselected package libpython3.12-minimal:amd64. (Reading database ... 396822 files and directories currently installed.) Preparing to unpack .../0-libpython3.12-minimal_3.12.6-1_amd64.deb ... Unpacking libpython3.12-minimal:amd64 (3.12.6-1) ... Selecting previously unselected package libpython3.12-stdlib:amd64. Preparing to unpack .../1-libpython3.12-stdlib_3.12.6-1_amd64.deb ... Unpacking libpython3.12-stdlib:amd64 (3.12.6-1) ... Selecting previously unselected package libpython3.12t64:amd64. Preparing to unpack .../2-libpython3.12t64_3.12.6-1_amd64.deb ... Unpacking libpython3.12t64:amd64 (3.12.6-1) ... Selecting previously unselected package libpython3.12-dev:amd64. Preparing to unpack .../3-libpython3.12-dev_3.12.6-1_amd64.deb ... Unpacking libpython3.12-dev:amd64 (3.12.6-1) ... Preparing to unpack .../4-python3-dev_3.12.5-1+b1_amd64.deb ... Unpacking python3-dev (3.12.5-1+b1) over (3.11.8-1) ... Preparing to unpack .../5-libpython3-dev_3.12.5-1+b1_amd64.deb ... Unpacking libpython3-dev:amd64 (3.12.5-1+b1) over (3.11.8-1) ... Selecting previously unselected package python3.12-minimal. Preparing to unpack .../6-python3.12-minimal_3.12.6-1_amd64.deb ... Unpacking python3.12-minimal (3.12.6-1) ... (Reading database ... 397763 files and directories currently installed.) Removing python3-distutils (3.12.3-3.1) ... (Reading database ... 397708 files and directories currently installed.) Preparing to unpack .../00-python3-tdb_1.4.12-1_amd64.deb ... Unpacking python3-tdb (1.4.12-1) over (1.4.10-1) ... Preparing to unpack .../01-libtalloc2_2.4.2-1+b2_amd64.deb ... Unpacking libtalloc2:amd64 (2.4.2-1+b2) over (2.4.2-1+b1) ... Preparing to unpack .../02-python3-talloc_2.4.2-1+b2_amd64.deb ... Unpacking python3-talloc:amd64 (2.4.2-1+b2) over (2.4.2-1+b1) ... Preparing to unpack .../03-python3-samba_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking python3-samba (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Preparing to unpack .../04-python3-nassl_5.2.0-0kali3_amd64.deb ... Unpacking python3-nassl (5.2.0-0kali3) over (5.1.0-0kali1) ... Preparing to unpack .../05-python3-ldb_2%3a2.10.0+samba4.21.0+dfsg-1kali1_amd64.deb ... Unpacking python3-ldb (2:2.10.0+samba4.21.0+dfsg-1kali1) over (2:2.9.0+samba4.20.1+dfsg-5) ... Preparing to unpack .../06-python3-arc4_0.3.0-0kali1+b2_amd64.deb ... Unpacking python3-arc4 (0.3.0-0kali1+b2) over (0.3.0-0kali1+b1) ... Preparing to unpack .../07-onboard-data_1.4.1-9_all.deb ... Unpacking onboard-data (1.4.1-9) over (1.4.1-6) ... Preparing to unpack .../08-onboard-common_1.4.1-9_all.deb ... Unpacking onboard-common (1.4.1-9) over (1.4.1-6) ... Preparing to unpack .../09-onboard_1.4.1-9_amd64.deb ... Unpacking onboard (1.4.1-9) over (1.4.1-6+b3) ... Preparing to unpack .../10-blueman_2.4.3-1_amd64.deb ... Unpacking blueman (2.4.3-1) over (2.4.1-1) ... Setting up libpython3.12-minimal:amd64 (3.12.6-1) ... Setting up python3.12-minimal (3.12.6-1) ... (Reading database ... 397727 files and directories currently installed.) Preparing to unpack .../python3-minimal_3.12.5-1+b1_amd64.deb ... Unpacking python3-minimal (3.12.5-1+b1) over (3.11.8-1) ... Setting up python3-minimal (3.12.5-1+b1) ... (Reading database ... 397728 files and directories currently installed.) Preparing to unpack .../0-python3_3.12.5-1+b1_amd64.deb ... running python pre-rtupdate hooks for python3.12... Unpacking python3 (3.12.5-1+b1) over (3.11.8-1) ... Preparing to unpack .../1-libtdb1_1.4.12-1_amd64.deb ... Unpacking libtdb1:amd64 (1.4.12-1) over (1.4.10-1) ... Preparing to unpack .../2-libsmbclient0_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking libsmbclient0:amd64 (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Preparing to unpack .../3-winexe_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking winexe (2:4.21.0+dfsg-1kali1) over (1.1~20140107-0kali21+b2) ... Preparing to unpack .../4-smbclient_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking smbclient (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Preparing to unpack .../5-samba-libs_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking samba-libs:amd64 (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Preparing to unpack .../6-libldb2_2%3a2.10.0+samba4.21.0+dfsg-1kali1_amd64.deb ... Unpacking libldb2:amd64 (2:2.10.0+samba4.21.0+dfsg-1kali1) over (2:2.9.0+samba4.20.1+dfsg-5) ... Preparing to unpack .../7-samba_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking samba (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Preparing to unpack .../8-samba-common-bin_2%3a4.21.0+dfsg-1kali1_amd64.deb ... Unpacking samba-common-bin (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Selecting previously unselected package login.defs. Preparing to unpack .../9-login.defs_1%3a4.16.0-4_all.deb ... Unpacking login.defs (1:4.16.0-4) ... Replacing files in old package login (1:4.15.3-2) ... Setting up login.defs (1:4.16.0-4) ... (Reading database ... 397822 files and directories currently installed.) Preparing to unpack .../passwd_1%3a4.16.0-4_amd64.deb ... Unpacking passwd (1:4.16.0-4) over (1:4.15.3-2) ... Replacing files in old package login (1:4.15.3-2) ... Setting up passwd (1:4.16.0-4) ... (Reading database ... 397818 files and directories currently installed.) Preparing to unpack .../0-samba-common_2%3a4.21.0+dfsg-1kali1_all.deb ... Unpacking samba-common (2:4.21.0+dfsg-1kali1) over (2:4.20.1+dfsg-5) ... Selecting previously unselected package python3.12. Preparing to unpack .../1-python3.12_3.12.6-1_amd64.deb ... Unpacking python3.12 (3.12.6-1) ... Preparing to unpack .../2-libpython3-stdlib_3.12.5-1+b1_amd64.deb ... Unpacking libpython3-stdlib:amd64 (3.12.5-1+b1) over (3.11.8-1) ... Selecting previously unselected package python3.12-dev. Preparing to unpack .../3-python3.12-dev_3.12.6-1_amd64.deb ... Unpacking python3.12-dev (3.12.6-1) ... Preparing to unpack .../4-login_1%3a4.16.0-2+really2.40.2-8_amd64.deb ... Unpacking login (1:4.16.0-2+really2.40.2-8) over (1:4.15.3-2) ... Preparing to unpack .../5-openssl_3.3.2-1_amd64.deb ... Unpacking openssl (3.3.2-1) over (3.2.2-1) ... Selecting previously unselected package python3.12-venv. Preparing to unpack .../6-python3.12-venv_3.12.6-1_amd64.deb ... Unpacking python3.12-venv (3.12.6-1) ... Selecting previously unselected package python3-venv. Preparing to unpack .../7-python3-venv_3.12.5-1+b1_amd64.deb ... Unpacking python3-venv (3.12.5-1+b1) ... Selecting previously unselected package python3-userpath. Preparing to unpack .../8-python3-userpath_1.9.1-1_all.deb ... Unpacking python3-userpath (1.9.1-1) ... Selecting previously unselected package pipx. Preparing to unpack .../9-pipx_1.7.1-1_all.deb ... Unpacking pipx (1.7.1-1) ... Setting up libpython3.12-stdlib:amd64 (3.12.6-1) ... Setting up libtdb1:amd64 (1.4.12-1) ... Setting up python3.12 (3.12.6-1) ... Setting up samba-common (2:4.21.0+dfsg-1kali1) ... Setting up libtalloc2:amd64 (2.4.2-1+b2) ... Setting up libpython3.12t64:amd64 (3.12.6-1) ... Setting up libldb2:amd64 (2:2.10.0+samba4.21.0+dfsg-1kali1) ... Setting up openssl (3.3.2-1) ... Installing new version of config file /etc/ssl/openssl.cnf.original ... Setting up libpython3-stdlib:amd64 (3.12.5-1+b1) ... Setting up login (1:4.16.0-2+really2.40.2-8) ... Setting up python3.12-venv (3.12.6-1) ... Setting up samba-libs:amd64 (2:4.21.0+dfsg-1kali1) ... Setting up python3 (3.12.5-1+b1) ... running python rtupdate hooks for python3.12... /usr/share/kali-undercover/scripts/desktopconfig.py:274: SyntaxWarning: invalid escape sequence '\s' if re.match('^' + fallback_monitor + '[^/\s]+$', pp): /usr/share/kali-undercover/scripts/desktopconfig.py:279: SyntaxWarning: invalid escape sequence '\d' w = re.search('^/backdrop/screen\d/monitor[^/]+/workspace\d/', pp) /usr/share/powershell-empire/empire/client/src/menus/ShellMenu.py:62: SyntaxWarning: invalid escape sequence '\)' task_id: int = state.agent_shell(session_id, "(Resolve-Path .\).Path")["id"] /usr/share/powershell-empire/empire/client/src/menus/ShellMenu.py:68: SyntaxWarning: invalid escape sequence '\)' task_id: int = state.agent_shell(session_id, "(Resolve-Path .\).Path")["id"] /usr/share/powershell-empire/empire/server/common/encryption.py:214: SyntaxWarning: invalid escape sequence '\]' string.ascii_letters + string.digits + "!#$%&()*+,-./:;<=>?@[\]^_`{|}~", 32 /usr/share/powershell-empire/empire/server/common/helpers.py:268: SyntaxWarning: invalid escape sequence '\$' if re.search("\$Netapi32|\$Advapi32|\$Kernel32|\$Wtsapi32", code, re.IGNORECASE): /usr/share/powershell-empire/empire/server/common/pylnk.py:198: SyntaxWarning: invalid escape sequence '\w' _DRIVE_PATTERN = re.compile("(\w)[:/\\\\]*$") /usr/share/powershell-empire/empire/server/common/stagers.py:56: SyntaxWarning: invalid escape sequence '\l' + '" -outfile "launcher.bat"; Start-Process -FilePath .\launcher.bat -Wait -passthru -WindowStyle Hidden;' /usr/share/powershell-empire/empire/server/data/agent/ironpython_agent.py:1391: SyntaxWarning: invalid escape sequence '\$' """ /usr/share/powershell-empire/empire/server/data/module_source/python/privesc/linuxprivchecker.py:336: SyntaxWarning: invalid escape sequence '\(' "cmd": "find / \( -wholename '/home/homedir*' -prune \) -o \( -type d -perm -0002 \) -exec ls -ld '{}' ';' 2>/dev/null | grep root", /usr/share/powershell-empire/empire/server/data/module_source/python/privesc/linuxprivchecker.py:341: SyntaxWarning: invalid escape sequence '\(' "cmd": "find / \( -wholename '/home/homedir*' -prune \) -o \( -type d -perm -0002 \) -exec ls -ld '{}' ';' 2>/dev/null | grep -v root", /usr/share/powershell-empire/empire/server/data/module_source/python/privesc/linuxprivchecker.py:346: SyntaxWarning: invalid escape sequence '\(' "cmd": "find / \( -wholename '/home/homedir/*' -prune -o -wholename '/proc/*' -prune \) -o \( -type f -perm -0002 \) -exec ls -l '{}' ';' 2>/dev/null", /usr/share/powershell-empire/empire/server/data/module_source/python/privesc/linuxprivchecker.py:351: SyntaxWarning: invalid escape sequence '\(' "cmd": "find / \( -perm -2000 -o -perm -4000 \) -exec ls -ld {} \; 2>/dev/null", /usr/share/powershell-empire/empire/server/data/module_source/python/privesc/linuxprivchecker.py:1174: SyntaxWarning: invalid escape sequence '\_' """ /usr/share/powershell-empire/empire/server/listeners/http.py:146: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/listeners/http_hop.py:258: SyntaxWarning: invalid escape sequence '\ ' 'cmd = "ps -ef | grep Little\ Snitch | grep -v grep"\n' /usr/share/powershell-empire/empire/server/listeners/http_malleable.py:121: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/listeners/template.py:124: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/modules/powershell/management/spawnas.py:60: SyntaxWarning: invalid escape sequence '\d' script_end = '$tempLoc = "$env:public\debug.bat"' /usr/share/powershell-empire/empire/server/modules/powershell/management/spawnas.py:73: SyntaxWarning: invalid escape sequence '\d' script_end += '-Cmd "$env:public\debug.bat"' /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/schtasks.py:162: SyntaxWarning: invalid escape sequence '\p' "'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\powershell.exe -NonI -W hidden -c \\\"IEX ([Text.Encoding]::UNICODE.GetString([Convert]::FromBase64String(" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi.py:155: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_NTLogEvent' AND TargetInstance.EventCode='4625' AND TargetInstance.Message LIKE '%" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi.py:207: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_LocalTime'" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi.py:226: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_LocalTime'" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi.py:243: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 240 AND TargetInstance.SystemUpTime < 325\"};" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi_updater.py:164: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_LocalTime'" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi_updater.py:183: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_LocalTime'" /usr/share/powershell-empire/empire/server/modules/powershell/persistence/elevated/wmi_updater.py:200: SyntaxWarning: invalid escape sequence '\C' + "';EventNameSpace='root\CimV2';QueryLanguage=\"WQL\";Query=\"SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_PerfFormattedData_PerfOS_System' AND TargetInstance.SystemUpTime >= 240 AND TargetInstance.SystemUpTime < 325\"};" /usr/share/powershell-empire/empire/server/modules/python/persistence/osx/loginhook.py:18: SyntaxWarning: invalid escape sequence '\$' password = password.replace("$", "\$") /usr/share/powershell-empire/empire/server/modules/python/persistence/osx/loginhook.py:19: SyntaxWarning: invalid escape sequence '\$' password = password.replace("$", "\$") /usr/share/powershell-empire/empire/server/modules/python/persistence/osx/loginhook.py:20: SyntaxWarning: invalid escape sequence '\!' password = password.replace("!", "\!") /usr/share/powershell-empire/empire/server/modules/python/persistence/osx/loginhook.py:21: SyntaxWarning: invalid escape sequence '\!' password = password.replace("!", "\!") /usr/share/powershell-empire/empire/server/modules/python/persistence/osx/mail.py:132: SyntaxWarning: invalid escape sequence '\ ' script = """ /usr/share/powershell-empire/empire/server/modules/python/situational_awareness/host/osx/situational_awareness.py:26: SyntaxWarning: invalid escape sequence '\ ' script += """ /usr/share/powershell-empire/empire/server/stagers/multi/launcher.py:84: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/multi/macro.py:95: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/multi/macro.py:206: SyntaxWarning: invalid escape sequence '\c' macro = """#If Mac Then /usr/share/powershell-empire/empire/server/stagers/multi/war.py:82: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/backdoorLnkMacro.py:137: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, " /usr/share/powershell-empire/empire/server/stagers/windows/backdoorLnkMacro.py:381: SyntaxWarning: invalid escape sequence '\d' launch_string2 = ");$u=New-Object -comObject wscript.shell;gci -Pa $env:USERPROFILE\desktop -Fi *.lnk|%{$l=$u.createShortcut($_.FullName);if($l.arguments-like'*xml.xmldocument*'){$s=$l.arguments.IndexOf('''')+1;$r=$l.arguments.Substring($s, $l.arguments.IndexOf('''',$s)-$s);$l.targetPath=$r;$l.Arguments='';$l.Save()}};$b=New-Object System.Xml.XmlDocument;if([int](get-date -U " /usr/share/powershell-empire/empire/server/stagers/windows/bunny.py:100: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/cmd_exec.py:80: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/csharp_exe.py:68: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/dll.py:62: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/ducky.py:85: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/generate_agent.py:56: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/hta.py:79: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_lnk.py:63: SyntaxWarning: invalid escape sequence '\w' "Value": "C:\windows\system32\WindowsPowershell\\v1.0\powershell.exe", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_lnk.py:68: SyntaxWarning: invalid escape sequence '\p' "Value": "C:\program files\windows nt\\accessories\wordpad.exe", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_lnk.py:93: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_sct.py:87: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_vbs.py:75: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/launcher_xml.py:70: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/macro.py:95: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/macro.py:210: SyntaxWarning: invalid escape sequence '\c' macro += '\tSet objWMIService = GetObject("winmgmts:\\\\" & strComputer & "\\root\cimv2")\n' /usr/share/powershell-empire/empire/server/stagers/windows/ms16-051.py:82: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/nim.py:54: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/shellcode.py:74: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/teensy.py:70: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/stagers/windows/wmic.py:84: SyntaxWarning: invalid escape sequence '\]' "Description": "Proxy credentials ([domain\]username:password) to use for request (default, none, or other).", /usr/share/powershell-empire/empire/server/utils/listener_util.py:45: SyntaxWarning: invalid escape sequence '\ ' """ running python post-rtupdate hooks for python3.12... Setting up libpython3.12-dev:amd64 (3.12.6-1) ... Setting up blueman (2.4.3-1) ... blueman-mechanism.service is a disabled or a static unit not running, not starting it. Setting up python3-tdb (1.4.12-1) ... Setting up python3-venv (3.12.5-1+b1) ... Setting up python3-ldb (2:2.10.0+samba4.21.0+dfsg-1kali1) ... Setting up python3.12-dev (3.12.6-1) ... Setting up onboard-common (1.4.1-9) ... Setting up samba-common-bin (2:4.21.0+dfsg-1kali1) ... Setting up python3-nassl (5.2.0-0kali3) ... Setting up libsmbclient0:amd64 (2:4.21.0+dfsg-1kali1) ... Setting up python3-arc4 (0.3.0-0kali1+b2) ... Setting up python3-userpath (1.9.1-1) ... Setting up samba (2:4.21.0+dfsg-1kali1) ... smbd.service is a disabled or a static unit not running, not starting it. nmbd.service is a disabled or a static unit not running, not starting it. Setting up libpython3-dev:amd64 (3.12.5-1+b1) ... Setting up winexe (2:4.21.0+dfsg-1kali1) ... Setting up python3-talloc:amd64 (2.4.2-1+b2) ... Setting up onboard (1.4.1-9) ... Setting up pipx (1.7.1-1) ... Setting up python3-dev (3.12.5-1+b1) ... Setting up smbclient (2:4.21.0+dfsg-1kali1) ... Setting up python3-samba (2:4.21.0+dfsg-1kali1) ... Processing triggers for mailcap (3.72) ... Processing triggers for kali-menu (2024.3.1) ... Processing triggers for desktop-file-utils (0.27-2) ... Processing triggers for hicolor-icon-theme (0.18-1) ... Processing triggers for doc-base (0.11.2) ... Processing 1 changed doc-base file, 1 added doc-base file... Processing triggers for libc-bin (2.40-2) ... Processing triggers for systemd (256.6-1) ... Processing triggers for man-db (2.13.0-1) ... Processing triggers for libglib2.0-0t64:amd64 (2.82.1-1) ... Processing triggers for dbus (1.14.10-4+b1) ... Setting up onboard-data (1.4.1-9) ... ┌──(kali㉿kali)-[~] └─$ smbmap /usr/lib/python3/dist-packages/smbmap/smbmap.py:441: SyntaxWarning: invalid escape sequence '\p' stringbinding = 'ncacn_np:%s[\pipe\svcctl]' % remoteName usage: smbmap [-h] (-H HOST | --host-file FILE) [-u USERNAME] [-p PASSWORD | --prompt] [-k] [--no-pass] [--dc-ip IP or Host] [-s SHARE] [-d DOMAIN] [-P PORT] [-v] [--signing] [--admin] [--no-banner] [--no-color] [--no-update] [--timeout SCAN_TIMEOUT] [-x COMMAND] [--mode CMDMODE] [-L | -r [PATH]] [-g FILE | --csv FILE] [--dir-only] [--no-write-check] [-q] [--depth DEPTH] [--exclude SHARE [SHARE ...]] [-A PATTERN] [-F PATTERN] [--search-path PATH] [--search-timeout TIMEOUT] [--download PATH] [--upload SRC DST] [--delete PATH TO FILE] [--skip] ________ ___ ___ _______ ___ ___ __ _______ /" )|" \ /" || _ "\ |" \ /" | /""\ | __ "\ (: \___/ \ \ // |(. |_) :) \ \ // | / \ (. |__) :) \___ \ /\ \/. ||: \/ /\ \/. | /' /\ \ |: ____/ __/ \ |: \. |(| _ \ |: \. | // __' \ (| / /" \ :) |. \ /: ||: |_) :)|. \ /: | / / \ \ /|__/ \ (_______/ |___|\__/|___|(_______/ |___|\__/|___|(___/ \___)(_______) ----------------------------------------------------------------------------- SMBMap - Samba Share Enumerator v1.10.4 | Shawn Evans - ShawnDEvans@gmail.com https://github.com/ShawnDEvans/smbmap options: -h, --help show this help message and exit Main arguments: -H HOST IP or FQDN --host-file FILE File containing a list of hosts -u USERNAME, --username USERNAME Username, if omitted null session assumed -p PASSWORD, --password PASSWORD Password or NTLM hash, format is LMHASH:NTHASH --prompt Prompt for a password -s SHARE Specify a share (default C$), ex 'C$' -d DOMAIN Domain name (default WORKGROUP) -P PORT SMB port (default 445) -v, --version Return the OS version of the remote host --signing Check if host has SMB signing disabled, enabled, or required --admin Just report if the user is an admin --no-banner Removes the banner from the top of the output --no-color Removes the color from output --no-update Removes the "Working on it" message --timeout SCAN_TIMEOUT Set port scan socket timeout. Default is .5 seconds Kerberos settings: -k, --kerberos Use Kerberos authentication --no-pass Use CCache file (export KRB5CCNAME='~/current.ccache') --dc-ip IP or Host IP or FQDN of DC Command Execution: Options for executing commands on the specified host -x COMMAND Execute a command ex. 'ipconfig /all' --mode CMDMODE Set the execution method, wmi or psexec, default wmi Shard drive Search: Options for searching/enumerating the share of the specified host(s) -L List all drives on the specified host, requires ADMIN rights. -r [PATH] Recursively list dirs and files (no share\path lists the root of ALL shares), ex. 'email/backup' -g FILE Output to a file in a grep friendly format, used with -r (otherwise it outputs nothing), ex -g grep_out.txt --csv FILE Output to a CSV file, ex --csv shares.csv --dir-only List only directories, ommit files. --no-write-check Skip check to see if drive grants WRITE access. -q Quiet verbose output. Only shows shares you have READ or WRITE on, and suppresses file listing when performing a search (-A). --depth DEPTH Traverse a directory tree to a specific depth. Default is 1 (root node). --exclude SHARE [SHARE ...] Exclude share(s) from searching and listing, ex. --exclude ADMIN$ C$' -A PATTERN Define a file name pattern (regex) that auto downloads a file on a match (requires -r), not case sensitive, ex '(web|global).(asax|config)' File Content Search: Options for searching the content of files (must run as root), kind of experimental -F PATTERN File content search, -F '[Pp]assword' (requires admin access to execute commands, and PowerShell on victim host) --search-path PATH Specify drive/path to search (used with -F, default C:\Users), ex 'D:\HR\' --search-timeout TIMEOUT Specifcy a timeout (in seconds) before the file search job gets killed. Default is 300 seconds. Filesystem interaction: Options for interacting with the specified host's filesystem --download PATH Download a file from the remote system, ex.'C$\temp\passwords.txt' --upload SRC DST Upload a file to the remote system ex. '/tmp/payload.exe C$\temp\payload.exe' --delete PATH TO FILE Delete a remote file, ex. 'C$\temp\msf.exe' --skip Skip delete file confirmation prompt Examples: $ smbmap -u jsmith -p password1 -d workgroup -H 192.168.0.1 $ smbmap -u jsmith -p 'aad3b435b51404eeaad3b435b51404ee:da76f2c4c96028b7a6111aef4a50a94d' -H 172.16.0.20 $ smbmap -u 'apadmin' -p 'asdf1234!' -d ACME -Hh 10.1.3.30 -x 'net group "Domain Admins" /domain'