Codebase list powershell-empire / master cli / config.yaml
master

Tree @master (Download .tar.gz)

config.yaml @masterraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
suppress-self-cert-warning: true
servers:
  localhost:
    host: https://localhost
    port: 1337
    socketport: 5000
    username: empireadmin
    password: password123
    autoconnect: true
  other-server:
    host: https://localhost
    port: 1337
    socketport: 5000
    username: empireadmin
    password: password123
  another-one:
    host: https://localhost
    port: 1337
    socketport: 5000
    username: empireadmin
    password: password123
shortcuts:
  # Params can be a list like
  # params:
  #   - name: ratio
  #     value: 80
  #   - name: location
  #     value: /tmp
  #   - name: listener
  #     dynamic: true
  # If a value is provided, it is static values.
  # If dynamic is set to true, then you will provide the parameter
  # when calling the shortcut in the order they appear like 'sc http1'
  # Because order matters, we use a sequence instead of a map
  powershell:
    whoami:
      shell: whoami
    ps:
      shell: ps
    sc:
      module: powershell/collection/screenshot
      params:
        - name: Ratio
          value: 80
    keylog:
      module: powershell/collection/keylogger
      params:
        - name: Sleep
          value: 1
    sherlock:
      module: powershell/privesc/sherlock
    mimikatz:
      module: powershell/credentials/mimikatz/logonpasswords
    psinject:
      module: powershell/management/psinject
      params:
        - name: Listener
          dynamic: true
        - name: ProcId
          dynamic: true
    revtoself:
      module: powershell/credentials/tokens
      params:
        - name: RevToSelf
          value: true
    shinject:
      module: powershell/management/shinject
      params:
        - name: Listener
          dynamic: true
        - name: ProcId
          dynamic: true
    spawn:
      module: powershell/management/spawn
      params:
        - name: Listener
          dynamic: true
    steal_token:
      module: powershell/credentials/tokens
      params:
        - name: ImpersonateUser
          value: true
        - name: ProcessID
          dynamic: true
    bypassuac:
      module: powershell/privesc/bypassuac_eventvwr
      params:
        - name: Listener
          dynamic: true
  python:
    whoami:
      shell: whoami
    ps:
      shell: ps
    sc:
      module: python/collection/osx/screenshot
      params:
        - name: SavePath
          dynamic: true
    keylog:
      module: python/collection/osx/keylogger
      params:
        - name: LogFile
          dynamic: true