1
00:00:00,820 --> 00:00:06,550
‫Let's see the empire in action empire has its own show like command line interface.

2
00:00:16,310 --> 00:00:20,220
‫As of this video, capturing Empire has 282 modules.

3
00:00:21,080 --> 00:00:24,980
‫First, let's start by typing the HELP command to display the help.

4
00:00:26,170 --> 00:00:33,580
‫Now I'm going to show you how to use Empire Project step by step, first step, create a listener listeners

5
00:00:33,580 --> 00:00:37,070
‫and empower the channels which receive connections from our target machines.

6
00:00:37,840 --> 00:00:40,330
‫It's similar to the listeners in metastable at framework.

7
00:00:40,840 --> 00:00:46,000
‫Before we do anything an empire, we need to start the listeners type listeners to enter the listener

8
00:00:46,000 --> 00:00:46,840
‫management state.

9
00:00:47,720 --> 00:00:51,730
‫As you see, the Shell prompter changes as Empire Kolan listeners.

10
00:00:54,500 --> 00:00:59,330
‫Once we move to the listener's management state, we can see its options by typing the Help Korban.

11
00:01:01,070 --> 00:01:03,770
‫Let's take a look at some of the commands of the listener state.

12
00:01:05,220 --> 00:01:08,080
‫Info is to display information about the active listener.

13
00:01:08,640 --> 00:01:12,240
‫Now you think it's the same as the show options command of Métis Point.

14
00:01:13,360 --> 00:01:20,710
‫Kill is to kill a particular listener list is to list all the active listeners, use listener is to

15
00:01:20,710 --> 00:01:22,900
‫use one of the listener modules of empire.

16
00:01:24,610 --> 00:01:29,320
‫You, stager, is to use one of the available stagers, we'll see that on the next step.

17
00:01:29,890 --> 00:01:32,620
‫Let us now look at how to start a listener module and empire.

18
00:01:33,740 --> 00:01:40,790
‫Type the use listener command for a space character and press tab twice to see the listener available

19
00:01:40,790 --> 00:01:41,310
‫and empire.

20
00:01:42,080 --> 00:01:44,060
‫There are seven different listeners listed.

21
00:01:44,870 --> 00:01:51,350
‫Let's use the listener as an example type use listener http and press enter.

22
00:01:52,420 --> 00:01:58,000
‫Now, the same as with the Linux bash, you can use the tab button to complete any particular keyword

23
00:01:58,930 --> 00:02:02,920
‫here press tab in the middle of the word instead of writing the entire word.

24
00:02:04,190 --> 00:02:09,640
‫Again, the Shell prop has changed as Empire listeners HTP.

25
00:02:10,930 --> 00:02:17,110
‫Health command now displays the commands of this state, as you see some of the commands of the same

26
00:02:17,110 --> 00:02:20,560
‫with the previous menu, but there are some different commands here.

27
00:02:22,000 --> 00:02:25,370
‫The info and chose the options of the particular type of listening.

28
00:02:25,400 --> 00:02:26,200
‫We want to start.

29
00:02:27,170 --> 00:02:30,470
‫The set command is used to assign the values of the options.

30
00:02:31,160 --> 00:02:34,940
‫Similarly, the unset command is used to clear these values.

31
00:02:36,070 --> 00:02:42,430
‫Every listener requires certain options to be set, for example, when you run Infocom and you see that

32
00:02:42,430 --> 00:02:49,840
‫the listener meets the host import values to be configured, an important warning here in Empire commands

33
00:02:49,840 --> 00:02:50,770
‫are case sensitive.

34
00:02:51,160 --> 00:02:58,810
‫That means if the name of an option is name with an uppercase M, you have to use its exact same style.

35
00:02:59,890 --> 00:03:02,650
‫Name with a lowercase has a different meaning for empire.

36
00:03:03,880 --> 00:03:11,500
‫Default values are set for the options IP addresses of your current system is set as the host and 80

37
00:03:11,530 --> 00:03:12,550
‫is set as part.

38
00:03:14,000 --> 00:03:17,660
‫The default name of the listener is set as HTP.

39
00:03:18,730 --> 00:03:21,940
‫Change the values if you want, using set command.

40
00:03:22,990 --> 00:03:27,910
‫I want to change the listener name as my HTP listener.

41
00:03:37,070 --> 00:03:42,350
‫When all options are set, we can start the lists and are using the execute command.

42
00:03:43,660 --> 00:03:49,210
‫When we go back to the main menu, using the main command or back command twice, we see that we have

43
00:03:49,210 --> 00:03:50,770
‫now one active listener.

44
00:03:52,920 --> 00:03:58,740
‫The second step is using stagers now and here, it's better to explain the stadia and stage concepts

45
00:03:58,740 --> 00:04:04,710
‫of the exploitation world stagers set up a network connection between the attacker and the victim and

46
00:04:04,710 --> 00:04:06,810
‫are designed to be small and reliable.

47
00:04:07,500 --> 00:04:12,570
‫Stages are payload components that are downloaded by stage or modules.

48
00:04:13,530 --> 00:04:20,640
‫The various payload stages provide advanced features with no size limit, such as an interpreter, VANOC

49
00:04:20,790 --> 00:04:22,260
‫injection or shell.

50
00:04:23,130 --> 00:04:27,530
‫Stagers at Empire are used to set the stage for the post exploitation activities.

51
00:04:27,990 --> 00:04:35,270
‫They're similar to payloads which are used to create a connection back to empire type use stadia but

52
00:04:35,280 --> 00:04:38,130
‫of space, character and press tab twice.

53
00:04:38,400 --> 00:04:43,160
‫To see all of the available stages, let's start the launch stage.

54
00:04:43,230 --> 00:04:48,600
‫As an example, a stage will generate a command ready to launch in command line terminal CMD.

55
00:04:49,900 --> 00:04:57,220
‫Type used stager, multi slash launcher command to load the stager shell prompter changes as the name

56
00:04:57,220 --> 00:05:02,860
‫of the stage we chose if you type help now you see the commands of the stagers state.

57
00:05:03,850 --> 00:05:11,860
‫Use, generate or execute to generate a stage set and unset to set in on set values to particular options,

58
00:05:12,550 --> 00:05:18,250
‫interact to interact with a particular agent which is normally used when there are multiple listeners'

59
00:05:19,060 --> 00:05:23,890
‫type info to see the information about the stager and the options to be set.

60
00:05:24,860 --> 00:05:30,440
‫Now, let's set the options to be able to generate the stadia we need to set a listener in order for

61
00:05:30,440 --> 00:05:32,870
‫the stagers to be able to communicate with Empire.

62
00:05:33,590 --> 00:05:36,860
‫In the last step, we already created a listener.

63
00:05:37,400 --> 00:05:45,620
‫Let us set this listener for our launcher stager type set listener, my HTP listener for this purpose.

64
00:05:46,130 --> 00:05:50,600
‫If you gave another name to your listener, use that instead of my HTP listener.

65
00:05:51,520 --> 00:05:58,840
‫And once again, don't forget that empire is case sensitive, leave the other options as default for

66
00:05:58,840 --> 00:06:03,130
‫now, run, execute or generate command to generate the stager.

67
00:06:03,910 --> 00:06:08,590
‫The stager has created a command ready to be launched in the command line terminal.

68
00:06:10,730 --> 00:06:13,010
‫The third step using agents.

69
00:06:14,390 --> 00:06:21,260
‫When we set the stage to our target system in the machine engages with it, we get a reverse connection

70
00:06:21,260 --> 00:06:21,630
‫back.

71
00:06:22,220 --> 00:06:28,760
‫This is known as an agent in our example, let's run the generated command into the victim's command

72
00:06:28,760 --> 00:06:29,840
‫line terminal window.

73
00:06:30,620 --> 00:06:34,730
‫Now, there are a few different methods to start a terminal screen and Windows OS.

74
00:06:35,690 --> 00:06:42,560
‫You can press Windows plus R to start the run dialog box type command in the dialog box and hit enter.

75
00:06:44,640 --> 00:06:50,760
‫Or you can take command CMD in Windows Start menu windows will find you the tool.

76
00:06:51,720 --> 00:06:58,350
‫Or you can try to find the command prompt to inside the all applications menu, which I honestly don't

77
00:06:58,350 --> 00:06:58,780
‫remember.

78
00:06:59,130 --> 00:07:03,810
‫Copy the generated command pasted in the command prompt of the victims system.

79
00:07:04,680 --> 00:07:07,140
‫Command prompt disappears when the command is executed.

80
00:07:08,130 --> 00:07:15,490
‫Go back to Kawi, as you can see, we have a new agent type main to go back to the main screen of empire.

81
00:07:15,870 --> 00:07:17,340
‫We see that we have an agent.

82
00:07:18,360 --> 00:07:20,640
‫Type agents to go to agents.

83
00:07:22,610 --> 00:07:28,040
‫Use Interac command with the agent Edet, you're now in a session of the victim's system.

84
00:07:30,230 --> 00:07:32,320
‫Type help to see the commands you can use.

85
00:07:40,490 --> 00:07:45,170
‫For example, type info to see the entire information of the victim's system.

86
00:07:58,880 --> 00:08:02,080
‫Autopsy to take a screenshot, etc..