Empire β PowerShell Post-Exploitation Agent
iSpeech
Empire is a pure PowerShell post-exploitation agent built on cryptographically secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework.
It has a LOT of modules (90+) and is currently in the midst of implementing a RESTful API which will be great.
Module Categories
Currently Empire has the following categories for modules:
- Code Execution β Ways to run more code
- Collection β Post exploitation data collection
- Credentials β Collect and use creds
- Exfiltration β Identify egress channels
- Lateral Movement β Move around the network
- Management β Host management and auxilary
- Persistence β Survive reboots
- Privesc β Privilege escalation capabilities
- Recon β Test further entry points (HTTP Basic Auth etc)
- Situational Awareness β Network awareness
- Trollsploit β For the lulz
Why PowerShell?
PowerShell offers a multitude of offensive advantages, including:
- Full .NET access
- Application whitelisting
- Direct access to the Win32 API
- Ability to assemble malicious binaries in memor
- Default installation on Windows 7+.
Offensive PowerShell had a watershed year in 2014, but despite the multitude of useful projects, many pen-testers still struggle to integrate PowerShell into their engagements in a secure manner.
[adsense size='1']
How it works
Empire has a few components which you can chain together, similar to something like Metasploits.
It has:
Listeners β Think of this like a metasploit handler, this will catch your session.
Stagers β This is your payload, this is what you will execute on your target system.
Agents β This is how you interact with the target system, you can gather stats & info or run shell commands.
It also had fairly robust logging built in.
You can download Empire here:
Or read more here.
Gloss