Our great sponsors
-
Empire
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. (by BC-SECURITY)
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
First of all, Empire4 is a post-exploitation framework, such as Cobalt Strike, Covenant or Meterpreter. It actually rely a lot on Meterpreter, as I will explain later. This means it allows you to deploy listeners in your server and configure attacks connected to them. Empire itself was active for so many years and became deprecated, then Empire4 came up using updated resources. It's open source and it's used for both threat actors (cybercriminals) and offensive security auditors, as well as students of course.
For configuring it, I decided to use both my VPS and my personal device, since anyway I need to deploy a server and a client instances. Empire4 uses Poetry to launch. Poetry is a tool for dependency management and packaging in Python. Empire uses this library which also deploys under Python3.9. I made sure to install that version (as well as the correspondent pip version). If installing version 3.9 of pip is not working, it use in order to get poetry can be forced through:
Now, I realized that some modules take advantage of msfvenom to work. The msfvenom tool is the Meterpreter payload generator. This is the case of the reverse shell generator. The default configuration of the module distinguish among architechtures but doesn't obfuscate the output in any case. I decided to make some changes in my own fork in order to use SGN encoder with x86 architecture, as you can se bellow in empire/server/stagers/windows/reverseshell.py: