Reverse Proxying Attacker Tools

Ever want to have all of your C2 go to the same box, have the functionality of Meterpreter, and Empire, while making it so if anyone goes to the actual site of your C2 all they get is something like Google?

 Nginx makes that possible, and instead of making a blog post that will disappear, I'll point you at my combo in my "Attacker Knowledge Base" site:

https://attackerkb.com/Combinations/ReverseProxyAttackTools

and instead, show you the results once it's setup:

Metasploit:



Empire:
 

And this is what happens if "they" try and use Google:

Read More

Automating PowerShell Empire Install

PowerShell Empire is an excellent tool and can outperform Metasploit in a few crucial ways simply because it’s using Window’s native scripting language, PowerShell. To this end, it is nice to have installed and set up on attack boxes from RaspberryPis to PwnPlugs to Kali boxes, here is how to do manually. In another post I will show you how to make this much more automated:

First you want to take care of installing all of the dependencies by going to their install.sh script and installing pip and the other python packages needed for your installation. (See here https://github.com/PowerShellEmpire/Empire/blob/master/setup/install.sh )
Next, simply clone the repo:

root@wpad:~# git clone https://github.com/powershellempire/empire
Cloning into 'empire'...
remote: Counting objects: 1988, done.
remote: Compressing objects: 100% (58/58), done.
remote: Total 1988 (delta 30), reused 0 (delta 0), pack-reused 1930
Receiving objects: 100% (1988/1988), 5.55 MiB | 357.00 KiB/s, done.
Resolving deltas: 100% (1159/1159), done.
Checking connectivity... done.

CD into the empire/setup directory and issue the “./install.sh” script with the temporary environmental variable “STAGING_KEY”, you can make it equal whatever you wish, or simply pick “RANDOM” and it will automatically select a long, random password for you.

root@wpad:~# cd empire/setup
root@wpad:~/empire/setup# STAGING_KEY=RANDOM ./install.sh
Reading package lists... Done
Building dependency tree
Reading state information... Done
python-dev is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
python-m2crypto is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
swig is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
python-pip is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Requirement already satisfied (use --upgrade to upgrade): pycrypto in /usr/lib/python2.7/dist-packages
Cleaning up...
Requirement already satisfied (use --upgrade to upgrade): iptools in /usr/local/lib/python2.7/dist-packages
Cleaning up...
Requirement already satisfied (use --upgrade to upgrade): pydispatcher in /usr/local/lib/python2.7/dist-packages
Cleaning up...
[*] Database setup completed!
[*] Certificate written to ../data/empire.pem
[*] Setup complete!

The thing I like about doing the “./install.sh” instead of just doing the database setup is that it double checks to make sure that you have all the dependencies correct and creates a certificate for you.

Read More