- Joined
- April 23, 2024
- Messages
- 23
- Reaction score
- 5
- Points
- 3
- Thread Author
- #1
install Empire on kali linux ( https://github.com/EmpireProject/Empire )
sudo apt install powershell-empire
Run Empire
sudo powershell-empire
Select Listeners to create/view a listeners:
Listeners
To Create a new listner use the "uselistener" command followed by the type of listner. The types of listeners are below:
- dbx – a Dropbox listener (never reveals the attacker’s network to the victim but requires a token for the Dropbox API);
- http – a standard HTTP/HTTPS listener;
- http_com – an HTTP/HTTPS listener that uses a hidden EI COM object;
- http_foreign – an HTTP/HTTPS listener used to inject Empire payloads;
- http_hop – an HTTP/HTTPS listener that redirects commands to another listener to conceal the initial IP address (the RedirectListener parameter is required);
- http_mapi – an HTTP/HTTPS listener that uses the Liniaal utility allowing you to gain control over the target host through an Exchange server;
- meterpreter – an HTTP/HTTPS listener used to inject Meterpreter payloads;
- onedrive – a onedrive listener (you have to register the https://apps.dev.microsoft.com ) app; and
- redirector – a tool that redirects you from one agent to another one.
To create an HTTP listener:
uselistener http
Now type the "info" command to see options of the listener. Set the Name, Host, and Port to be correct
Next is to build your payload. For this use the "usestager" command followed by the payload profile you want (hit TAB to show options)
usestager windows/macro
Next use the "info" command to view the options and make sure the listener is set to the one previously created. Next is to generate your VBA code by running the Execute command:
Execute
This will generate the VBA code needed for your malicious document. Copy that malicious VBA code and create a new excel doc and save it as .xlsm. Next create a new Macro and remove all code from the file that opens. Copy your VBA code into the "ThisWorkbook" macro and save. Now your doc should execute the macro once the "Enable Editing" option is selected upon opening. It also works if you manually change the extension from .xlsm to .xls.
