1
00:00:00,850 --> 00:00:02,680
‫Let's see the empire in action.

2
00:00:03,190 --> 00:00:06,520
‫Empire has its own show like command line interface.

3
00:00:16,270 --> 00:00:20,200
‫As of this video, capturing Empire has two hundred and eighty two modules.

4
00:00:21,070 --> 00:00:24,940
‫First, let's start by typing the help command to display the help.

5
00:00:26,160 --> 00:00:32,010
‫Now I'm going to show you how to use Empire Project step by step, first step, create a listener.

6
00:00:32,970 --> 00:00:37,020
‫Listeners in Empire are the channels which receive connections from our target machines.

7
00:00:37,830 --> 00:00:40,290
‫It's similar to the listeners in Metasploit Framework.

8
00:00:40,800 --> 00:00:45,960
‫Before we do anything an empire, we need to start the listeners type listeners to enter the listener

9
00:00:45,960 --> 00:00:46,770
‫management state.

10
00:00:47,740 --> 00:00:51,660
‫And as you see the shell prompter changes as Empire Colon listeners.

11
00:00:54,450 --> 00:00:59,250
‫Once we move to the listeners management state, we can see its options by typing the help command.

12
00:01:01,030 --> 00:01:03,700
‫Let's take a look at some of the commands of the listener state.

13
00:01:05,220 --> 00:01:08,070
‫Info is a display information about the active listener.

14
00:01:08,640 --> 00:01:12,180
‫Now you think it's the same as the show options command of Metasploit.

15
00:01:13,340 --> 00:01:20,870
‫Kill is to kill a particular listener list is to list all the active listeners use listener is to use

16
00:01:20,870 --> 00:01:22,850
‫one of the listener modules of Empire.

17
00:01:24,600 --> 00:01:27,510
‫You, Stadia is to use one of the available stages.

18
00:01:27,930 --> 00:01:29,280
‫We'll see that on the next step.

19
00:01:29,850 --> 00:01:32,580
‫Let us now look at how to start a listener module and empire.

20
00:01:33,710 --> 00:01:40,760
‫Type the use listener command, but a space character and press tap twice to see the listeners available

21
00:01:40,760 --> 00:01:41,270
‫on Empire.

22
00:01:42,080 --> 00:01:43,970
‫There are seven different listeners listed.

23
00:01:44,840 --> 00:01:47,690
‫Let's use the HTTP listener as an example.

24
00:01:48,620 --> 00:01:51,320
‫Type use listener, HDTV and presenter.

25
00:01:52,420 --> 00:01:57,940
‫Now, the same as with the Linux bash, you can use the tab button to complete any particular keyword

26
00:01:58,870 --> 00:01:59,290
‫here.

27
00:01:59,830 --> 00:02:02,860
‫Press tab in the middle of the word instead of writing the entire word.

28
00:02:04,220 --> 00:02:09,620
‫Again, the shell prompt has changed as Empire Colin listeners slash 8GB.

29
00:02:10,910 --> 00:02:17,060
‫Health command now displays the commands of this state, as you see some of the commands are the same

30
00:02:17,060 --> 00:02:20,510
‫with the previous menu, but there are some different commands here.

31
00:02:21,950 --> 00:02:26,150
‫The info command shows the options of the particular type of listener we want to start.

32
00:02:27,170 --> 00:02:30,440
‫The set command is used to assign the values of the options.

33
00:02:31,160 --> 00:02:34,880
‫Similarly, the unset command is used to clear these values.

34
00:02:36,070 --> 00:02:38,800
‫Every listener requires certain options to be set.

35
00:02:39,550 --> 00:02:45,730
‫For example, when you run info command, you see that the HTTP listener needs the host and port values

36
00:02:45,730 --> 00:02:50,740
‫to be configured and important warning here in empire commands are case sensitive.

37
00:02:51,160 --> 00:02:58,750
‫That means if the name of an option is name with an uppercase end, you have to use its exact same style.

38
00:02:59,850 --> 00:03:02,610
‫Name with a lowercase has a different meaning for Empire.

39
00:03:03,820 --> 00:03:11,470
‫Default values are set for the options IP addresses of your current system is set as the host and 80

40
00:03:11,470 --> 00:03:12,490
‫is set as port.

41
00:03:13,970 --> 00:03:17,630
‫The default name of the listener is set as HTP.

42
00:03:18,680 --> 00:03:21,890
‫Change the values if you want using set command.

43
00:03:22,990 --> 00:03:27,850
‫I want to change the listener name as my HTP listener.

44
00:03:37,020 --> 00:03:42,300
‫When all options are set, we can start the lists and are using the execute command.

45
00:03:43,630 --> 00:03:49,180
‫When we go back to the main menu using the main command or back command twice, we see that we have

46
00:03:49,180 --> 00:03:50,710
‫now one active listener.

47
00:03:52,930 --> 00:03:58,690
‫The second step is using stages now and here, it's better to explain the stages and stage concepts

48
00:03:58,690 --> 00:04:04,660
‫of the exploitation world stages set up a network connection between the attacker and the victim and

49
00:04:04,660 --> 00:04:06,730
‫are designed to be small and reliable.

50
00:04:07,480 --> 00:04:12,520
‫Stages are payload components that are downloaded by stager modules.

51
00:04:13,480 --> 00:04:21,580
‫The various payload stages provide advanced features with no size limits such as maternity, VMC injection

52
00:04:21,580 --> 00:04:27,460
‫or shell stages at Empire are used to set the stage for the post exploitation activities.

53
00:04:27,970 --> 00:04:33,790
‫They're similar to payloads which are used to create a connection back to empire type use.

54
00:04:33,820 --> 00:04:40,900
‫Stager would have space, character and press tab twice to see all of the available stages.

55
00:04:41,440 --> 00:04:44,020
‫Let's start the launch of Stager as an example.

56
00:04:44,560 --> 00:04:48,310
‫The stage will generate a command ready to launch in command line terminal seemed.

57
00:04:49,860 --> 00:04:56,940
‫Type used stage Stager Multi Slash Launcher Command to load the Stager Shell prompter changes as the

58
00:04:56,940 --> 00:04:58,350
‫name of the stage that we chose.

59
00:04:58,860 --> 00:05:02,820
‫If you type help now you see the commands of the stage or state.

60
00:05:03,820 --> 00:05:11,260
‫Use, generate or execute to generate a stage you set and unset to set in unset values to particular

61
00:05:11,260 --> 00:05:17,620
‫options, interact to interact with a particular agent, which is normally used when there are multiple

62
00:05:17,620 --> 00:05:23,830
‫listeners type info to see the information about the stager and the options to be set.

63
00:05:24,930 --> 00:05:30,480
‫Let's set the options to be able to generate the stage, we need to set a listener in water for the

64
00:05:30,480 --> 00:05:34,660
‫stages to be able to communicate with Empire in the last step.

65
00:05:34,680 --> 00:05:36,810
‫We already created a listener.

66
00:05:37,380 --> 00:05:45,570
‫Let us set this listener for our launch or Stadia type set listener, my HTTP listener for this purpose.

67
00:05:46,110 --> 00:05:50,550
‫If you gave another name to your listener, use that instead of my HTTP listener.

68
00:05:51,520 --> 00:05:55,660
‫And once again, don't forget that Empire is case sensitive.

69
00:05:56,680 --> 00:06:03,070
‫Leave the other options as default for now run, execute or generate command to generate the Stadia.

70
00:06:03,850 --> 00:06:08,530
‫The Stadia has created a command ready to be launched in the command line terminal.

71
00:06:10,670 --> 00:06:12,950
‫The third step using agents.

72
00:06:14,330 --> 00:06:21,230
‫When we set the stage to our target system and the machine engages with it, we get a reverse connection

73
00:06:21,230 --> 00:06:21,620
‫back.

74
00:06:22,190 --> 00:06:23,660
‫This is known as an agent.

75
00:06:24,410 --> 00:06:29,810
‫In our example, let's run the generated command into the victim's command line terminal window.

76
00:06:30,690 --> 00:06:34,700
‫Now there are a few different methods to start a terminal screen in a Windows OS.

77
00:06:35,690 --> 00:06:42,530
‫You can press Windows Plus R to start the Run Dialog Box Type Command in the dialog box and hit Enter.

78
00:06:44,580 --> 00:06:50,700
‫Or you can type command seemed in Windows Start menu, windows will find you the tool.

79
00:06:51,690 --> 00:06:58,290
‫Or you can try to find the command prompt to inside the all applications menu, which I honestly don't

80
00:06:58,290 --> 00:06:58,740
‫remember.

81
00:06:59,100 --> 00:07:03,750
‫Copy the generated command pasted in the command prompt of the victim's system.

82
00:07:04,590 --> 00:07:07,080
‫Command prompt disappears when the command is executed.

83
00:07:08,110 --> 00:07:15,400
‫Go back to Cali, as you can see, we have a new agent type Maine to go back to the main screen of Empire.

84
00:07:15,820 --> 00:07:17,290
‫We see that we have an agent.

85
00:07:18,330 --> 00:07:20,580
‫Type agents to go to agents.

86
00:07:22,570 --> 00:07:28,000
‫Use interact command with the Agent I.D. You're now in a session of the victims system.

87
00:07:30,170 --> 00:07:32,270
‫Type help to see the commands you can use.

88
00:07:40,490 --> 00:07:45,110
‫For example, type info to see the entire information of the victims system.

89
00:07:58,850 --> 00:08:02,030
‫Or type C to take a screenshot, et cetera.