1
00:00:00,820 --> 00:00:06,550
Let's see the empire in action empire has its own show like command line interface.

2
00:00:16,270 --> 00:00:20,200
As of this video, capturing Empire has 282 modules.

3
00:00:21,040 --> 00:00:24,940
First, let's start by typing the HELP command to display the help.

4
00:00:26,160 --> 00:00:33,570
Now I'm going to show you how to use Empire Project step by step, first step, create a listener listeners

5
00:00:33,570 --> 00:00:37,030
and inspire the channels which receive connections from our target machines.

6
00:00:37,800 --> 00:00:40,320
It's similar to the listeners in metastable at framework.

7
00:00:40,800 --> 00:00:45,960
Before we do anything an empire, we need to start the listeners type listeners to enter the listener

8
00:00:45,960 --> 00:00:46,800
management state.

9
00:00:47,670 --> 00:00:51,690
As you see, the Shell prompter changes as Empire Kolan listeners.

10
00:00:54,450 --> 00:00:59,280
Once we move to the listener's management state, we can see its options by typing the Help Korban.

11
00:01:01,030 --> 00:01:03,730
Let's take a look at some of the commands of the listener state.

12
00:01:05,190 --> 00:01:08,050
Info is to display information about the active listener.

13
00:01:08,610 --> 00:01:12,210
Now you think it's the same as the show options command of Métis Point.

14
00:01:13,340 --> 00:01:20,690
Kill is to kill a particular listener list is to list all the active listeners, use listener is to

15
00:01:20,690 --> 00:01:22,880
use one of the listener modules of empire.

16
00:01:24,600 --> 00:01:29,280
You, stager, is to use one of the available stagers, we'll see that on the next step.

17
00:01:29,850 --> 00:01:32,580
Let us now look at how to start a listener module and empire.

18
00:01:33,710 --> 00:01:40,760
Type the use listener command for a space character and press tab twice to see the listener available

19
00:01:40,760 --> 00:01:41,280
and empire.

20
00:01:42,050 --> 00:01:44,020
There are seven different listeners listed.

21
00:01:44,840 --> 00:01:47,720
Let's use the listener as an example.

22
00:01:48,620 --> 00:01:51,320
Type news listener HTP and Press enter.

23
00:01:52,390 --> 00:01:57,970
Now, the same as with the Linux bash, you can use the tab button to complete any particular keyword

24
00:01:58,870 --> 00:02:02,890
here press tab in the middle of the word instead of writing the entire word.

25
00:02:04,190 --> 00:02:09,620
Again, the shell prompt has changed as Empire listeners slash HTP.

26
00:02:10,880 --> 00:02:17,090
Health command now displays the commands of this state, as you see some of the commands of the same

27
00:02:17,090 --> 00:02:20,540
with the previous menu, but there are some different commands here.

28
00:02:21,920 --> 00:02:25,350
The infocom and chose the options of the particular type of listening.

29
00:02:25,380 --> 00:02:26,180
We want to start.

30
00:02:27,170 --> 00:02:30,450
The set command is used to assign the values of the options.

31
00:02:31,130 --> 00:02:34,940
Similarly, the unset command is used to clear these values.

32
00:02:36,040 --> 00:02:42,400
Every listener requires certain options to be set, for example, when you run Infocom and you see that

33
00:02:42,400 --> 00:02:49,300
the listener needs the most important values to be configured and important warning here in Empire,

34
00:02:49,300 --> 00:02:50,740
commands are case sensitive.

35
00:02:51,130 --> 00:02:58,780
That means if the name of an option is name with an uppercase N, you have to use its exact same style.

36
00:02:59,850 --> 00:03:02,630
Name with a lower case has a different meaning for empire.

37
00:03:03,850 --> 00:03:11,470
Default values are set for the options IP addresses of your current system is set as the host and 80

38
00:03:11,500 --> 00:03:12,520
is set as part.

39
00:03:13,970 --> 00:03:17,630
The default name of the listener is set as HTP.

40
00:03:18,710 --> 00:03:21,890
Change the values if you want, using set command.

41
00:03:22,960 --> 00:03:27,880
I want to change the listener name as my listener.

42
00:03:37,050 --> 00:03:42,330
When all options are set, we can start the lists and are using the execute command.

43
00:03:43,630 --> 00:03:49,180
When we go back to the main menu, using the main command or back command twice, we see that we have

44
00:03:49,180 --> 00:03:50,740
now one active listener.

45
00:03:52,870 --> 00:03:58,720
The second step is using stagers now and here, it's better to explain the stadia and stage concepts

46
00:03:58,720 --> 00:04:04,690
of the exploitation world stagers set up a network connection between the attacker and the victim and

47
00:04:04,690 --> 00:04:06,760
are designed to be small and reliable.

48
00:04:07,480 --> 00:04:12,550
Stages are payload components that are downloaded by stage or modules.

49
00:04:13,510 --> 00:04:20,740
The various payload stages provide advanced features with no size limit, such as an interpreter, C

50
00:04:20,740 --> 00:04:27,490
injection or shell stagers at Empire are used to set the stage for the post exploitation activities.

51
00:04:27,970 --> 00:04:35,350
They're similar to payloads which are used to create a connection back to empire type use, stager of

52
00:04:35,350 --> 00:04:40,930
space, character and press tab twice to see all of the available stages.

53
00:04:41,440 --> 00:04:43,120
Let's start the launch stage.

54
00:04:43,120 --> 00:04:48,580
Or as an example, a stage will generate a command ready to launch in command line terminal CMD.

55
00:04:49,860 --> 00:04:57,180
Type used stager multi slash launcher command to load the stager shell prompted changes as the name

56
00:04:57,180 --> 00:04:58,380
of the stager we chose.

57
00:04:58,860 --> 00:05:02,850
If you type help now you see the commands of the stagers state.

58
00:05:03,820 --> 00:05:11,830
Use, generate or execute to generate a stage set and unset to set in on set values to particular options,

59
00:05:12,520 --> 00:05:18,220
interact to interact with a particular agent which is normally used when there are multiple listeners'

60
00:05:19,030 --> 00:05:23,860
type info to see the information about the stager and the options to be set.

61
00:05:24,760 --> 00:05:30,420
Now, let's set the options to be able to generate the stadia we need to set a listener in order for

62
00:05:30,420 --> 00:05:32,850
the stagers to be able to communicate with Empire.

63
00:05:33,570 --> 00:05:36,810
In the last step, we already created a listener.

64
00:05:37,350 --> 00:05:45,590
Let us set this listener for our launcher stager type set listener, my HTP listener for this purpose.

65
00:05:46,080 --> 00:05:50,580
If you gave another name to your listener, use that instead of my listener.

66
00:05:51,490 --> 00:05:58,810
And once again, don't forget that empire is case sensitive, leave the other options as default for

67
00:05:58,810 --> 00:06:03,100
now, run, execute or generate command to generate the stager.

68
00:06:03,880 --> 00:06:08,560
The stager has created a command ready to be launched in the command line terminal.

69
00:06:10,700 --> 00:06:12,980
The third step using agents.

70
00:06:14,360 --> 00:06:21,230
When we set the stage to our target system in the machine engages with it, we get a reverse connection

71
00:06:21,230 --> 00:06:21,600
back.

72
00:06:22,190 --> 00:06:28,730
This is known as an agent in our example, let's run the generated command into the victim's command

73
00:06:28,730 --> 00:06:29,810
line terminal window.

74
00:06:30,590 --> 00:06:34,720
Now, there are a few different methods to start a terminal screen and a Windows OS.

75
00:06:35,660 --> 00:06:42,530
You can press Windows plus R to start the run dialog box type command in the dialog box and hit enter.

76
00:06:44,580 --> 00:06:50,730
Or you can type command CMD in Windows Start menu windows will find you the tool.

77
00:06:51,690 --> 00:06:58,320
Or you can try to find the command prompt to inside the all applications menu, which I honestly don't

78
00:06:58,320 --> 00:07:03,780
remember, copy the generated command pasted in the command prompt of the victims system.

79
00:07:04,620 --> 00:07:07,110
Command prompt disappears when the command is executed.

80
00:07:08,110 --> 00:07:15,450
Go back to Kawi, as you can see, we have a new agent type main to go back to the main screen of empire.

81
00:07:15,850 --> 00:07:17,320
We see that we have an agent.

82
00:07:18,360 --> 00:07:20,610
Type agents to go to agents.

83
00:07:22,600 --> 00:07:28,030
Use Interac command with the agent agented, you're now in a session of the victim's system.

84
00:07:30,200 --> 00:07:32,300
Type help to see the commands you can use.

85
00:07:40,460 --> 00:07:45,140
For example, type info to see the entire information of the victim system.

86
00:07:58,820 --> 00:08:02,050
Autopsy to take a screenshot, etc..