Empire

This is to test, play withg empire, a framework to send comand to a remote session (from Linux to Windows) Usually, it take 3 sec for empire to connect Before, you should check the ip

Quick start

>help
Listener | agent | module
>listeners
- >uselisteners <Tab>
- >info
- >sert|unset
- >execute
>usestager <Tab>
>agents
- >list

Execute (Windows commands)

Analyse

whoami
query user # Get connected users
tasklist
wmic process list # Windows Management Instrumentation Command-line tool

Message

msg user Hi you have been infected

Sound

pressing in the shel lmake a bad cmd and trigger the beep

Lateral movements

To make a sound, yo umust run as the user that is logged (the frist arg of msg)

start
runas /user:user cmd
runas /user:user “notepad c:.ini”
tskill notepad or pskill notepad

Empire commands (latteral movements …)

download stores -> files in ./downloads/AGENT_NAME -> log in .agent.log
kill all
ps # List processes
ps powershell # With filter
spawn # Like a span http1 # SPawn a new powershell listener process
psinject http1 explorer.exe # The format is psinject # Warning do not inject in LSASS # Please choose a process in the same section

Prepare (Linux)

espeak Hi from the deep –stdout > hi.wav