This repository has been archived by the owner on Jun 27, 2021. It is now read-only.
/
config.yaml
104 lines (104 loc) · 2.44 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
suppress-self-cert-warning: true
servers:
localhost:
host: https://localhost
port: 1337
socketport: 5000
username: empireadmin
password: password123
autoconnect: true
other-server:
host: https://localhost
port: 1337
socketport: 5000
username: empireadmin
password: password123
another-one:
host: https://localhost
port: 1337
socketport: 5000
username: empireadmin
password: password123
shortcuts:
# Params can be a list like
# params:
# - name: ratio
# value: 80
# - name: location
# value: /tmp
# - name: listener
# dynamic: true
# If a value is provided, it is static values.
# If dynamic is set to true, then you will provide the parameter
# when calling the shortcut in the order they appear like 'sc http1'
# Because order matters, we use a sequence instead of a map
powershell:
whoami:
shell: whoami
ps:
shell: ps
sc:
module: powershell/collection/screenshot
params:
- name: Ratio
value: 80
keylog:
module: powershell/collection/keylogger
params:
- name: Sleep
value: 1
sherlock:
module: powershell/privesc/sherlock
mimikatz:
module: powershell/credentials/mimikatz/logonpasswords
psinject:
module: powershell/management/psinject
params:
- name: Listener
dynamic: true
- name: ProcId
dynamic: true
revtoself:
module: powershell/credentials/tokens
params:
- name: RevToSelf
value: true
shinject:
module: powershell/management/shinject
params:
- name: Listener
dynamic: true
- name: ProcId
dynamic: true
spawn:
module: powershell/management/spawn
params:
- name: Listener
dynamic: true
steal_token:
module: powershell/credentials/tokens
params:
- name: ImpersonateUser
value: true
- name: ProcessID
dynamic: true
bypassuac:
module: powershell/privesc/bypassuac_eventvwr
params:
- name: Listener
dynamic: true
python:
whoami:
shell: whoami
ps:
shell: ps
sc:
module: python/collection/osx/screenshot
params:
- name: SavePath
dynamic: true
keylog:
module: python/collection/osx/keylogger
params:
- name: LogFile
dynamic: true