February 2016 – harmj0y

This post is part of the ‘Empire Series’ with some background and an ongoing list of series posts [kept here]. Recently, an Empire user requested that we build a ‘standalone payload generator’, similar to msfvenom’s functionality. The motivation is to provide a scriptable capability that makes integration with other tools relatively easy. This short post will cover the newly integrated command line options for Empire which allow for the scripted generation of stagers. To display the currently available options, run ./empire -h

# ./empire -h
usage: empire [-h] [--debug [DEBUG]] [-s [STAGER]]
              [-o [STAGER_OPTIONS [STAGER_OPTIONS ...]]] [-l [LISTENER]] [-v]

optional arguments:
  -h, --help            show this help message and exit
  --debug [DEBUG]       Debug level for output (default of 1).
  -s [STAGER], --stager [STAGER]
                        Specify a stager to generate. Lists all stagers if
                        none is specified.
  -o [STAGER_OPTIONS [STAGER_OPTIONS ...]], --stager-options [STAGER_OPTIONS [STAGER_OPTIONS ...]]
                        Supply options to set for a stager in OPTION=VALUE
                        format. Lists options if nothing is specified.
  -l [LISTENER], --listener [LISTENER]
                        Display listener options. Displays all listeners if
                        nothing is specified.
  -v, --version         Display current Empire version.

# ./empire -h

usage: empire [-h] [--debug [DEBUG]] [-s [STAGER]]

[-o [STAGER_OPTIONS [STAGER_OPTIONS ...]]] [-l [LISTENER]] [-v]

optional arguments:

-h, --help show this help message and exit

--debug [DEBUG] Debug level for output (default of 1).

-s [STAGER], --stager [STAGER]

Specify a stager to generate. Lists all stagers if

none is specified.

-o [STAGER_OPTIONS [STAGER_OPTIONS ...]], --stager-options [STAGER_OPTIONS [STAGER_OPTIONS ...]]

Supply options to set for a stager in OPTION=VALUE

format. Lists options if nothing is specified.

-l [LISTENER], --listener [LISTENER]

Display listener options. Displays all listeners if

nothing is specified.

-v, --version Display current Empire version.

In order to effectively use Empire’s CLI, you need to have a listener currently set up so the data is stored in…

This post is part of the ‘Empire Series’ with some background and an ongoing list of series posts [kept here]. Code execution is great and remote control is awesome, but if you don’t have a persistence strategy planned nothing can throw a wrench in your engagement like an unplanned reboot or user logout. This post covers 17 current Empire persistence modules that can help you with retaining hard-fought access, broken into userland/elevated options, PowerBreach, and miscellaneous approaches. We like to break reboot persistence down into a three different questions. First, are you installing the persistence from userland or an elevated context? Second, where are you storing the…

Month: February 2016

Empire’s CLI

Nothing Lasts Forever: Persistence with Empire