EmpireProject / Empire

Empire is a PowerShell and Python post-exploitation agent.
http://www.powershellempire.com/
BSD 3-Clause "New" or "Revised" License
7.44k stars 2.82k forks source link

management/invoke_script help? #460

Closed danthegoodman1 closed 7 years ago

danthegoodman1 commented 7 years ago

(I dont think this involves any of the information that is asked for when making a new issue) So I am a little confused about using the management/invoke_script for my goal. What I am trying to do is setup an autorun that automatically runs the bypass_uac wmi module, as well as then goes to that new agent and runs the persistence wmi module. I am not sure how to build the autorun for the invoke_script. (Be warned I am new to this kind of stuff, but I am trying really hard to learn). If agent switching is not possible, then is there anyway that one can easily make an exploit (ducky or macro) that automatically starts the agent as system? I have seen it done here on this Hak5 episode for metasploit. Then I would just run the persistence wmi set to this listener and agent as a normal autorun? Sorry to ask here, but compared to metasploit there is very little new user friendly support for this kind of stuff. Thanks!

xorrior commented 7 years ago

@danthegoodman1 Hopefully I can answer your question adequately. For a brief tutorial on using autorun, I would suggest starting here: https://github.com/EmpireProject/Empire/issues/80 . As for setting an autorun job for the agent spawned from the bypass uac module, there is no way to do this currently. For crafting a ducky payload or macro, I would suggest doing some research and you will most likely find your answer there. Hope this helps.