Ultimate Empire Cheat Sheet
Ultimate Empire Cheat Sheet
A pure PowerShell/Python post-exploitation framework.
1. Server & Client (Empire 4.x+)
Modern Empire uses a Client/Server architecture. You must start the server first.
Start Server
Starts the database and listener capabilities.
Start Client
Connects to the server interface.
Starkiller (GUI)
Alternatively, use Starkiller (a GUI frontend) to connect to http://localhost:1337 (Default user: empireadmin, Pass: password123).
2. Listeners (C2)
The "ears" of Empire. You must setup a listener to catch connections from agents.
Create HTTP Listener
Management
View running listeners.
Kill Listener
3. Stagers (Payloads)
Generates the code (bat, ps1, exe) that you execute on the target to get an agent.
Batch File Stager
Good for Windows CMD execution.
PowerShell One-Liner
Base64 encoded command for pasting into a PS console.
Python Stager (Linux/Mac)
4. Agents (Sessions)
Manage compromised machines.
Listing & Interaction
Basic Commands
Once inside an agent:
sysinfo: Get OS, User, Domain info.upload [file]: Upload local file to target.download [file]: Download remote file.shell [cmd]: Run a native OS command (e.g.,shell whoami).sleep 0: Make agent responsive (noisy).
Rename Agent
5. Modules (Post-Exploitation)
Empire's strength lies in its massive library of PowerShell/Python scripts.
Searching
Situational Awareness
Recon tools (Sherlock, PowerView).
Credential Dumping
Execution
Once a module is selected and options are set:
6. Lateral Movement
Moving from one compromised host to another.
Invoke-PsExec
Invoke-WMI
Stealthier than PsExec.
Post a Comment