wiki/Stagers.md - powershell-empire (master)

Stagers.md @master — view markup · raw · history · blame

Get Current Stagers
Get Stager by Name
Generate Stager

Get Current Stagers

Handler

Handler : GET /api/stagers
Description : Returns all current Empire stagers and options.
No parameters

Example

Request:

curl --insecure -i https://localhost:1337/api/stagers?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5

Response:

{
  "stagers": [
    {
      "Author": [
        "@harmj0y"
      ],
      "Comments": [
        ""
      ],
      "Description": "Generates a ducky script that runes a one-liner stage0 launcher for Empire.",
      "Name": "ducky",
      "options": {
        "Listener": {
          "Description": "Listener to generate stager for.",
          "Required": true,
          "Value": ""
        },
        "OutFile": {
          "Description": "File to output duckyscript to.",
          "Required": true,
          "Value": ""
        },
        "Proxy": {
          "Description": "Proxy to use for request (default, none, or other).",
          "Required": false,
          "Value": "default"
        },
        "ProxyCreds": {
          "Description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
          "Required": false,
          "Value": "default"
        },
        "StagerRetries": {
          "Description": "Times for the stager to retry connecting.",
          "Required": false,
          "Value": "0"
        },
        "UserAgent": {
          "Description": "User-agent string to use for the staging request (default, none, or other).",
          "Required": false,
          "Value": "default"
        }
      }
    },
    ...
  ]
}

Get Stager by Name

Handler

Handler : GET /api/stagers/STAGER_NAME
Description : Returns the Empire stager specified by STAGER_NAME.
No parameters

Example

Request:

curl --insecure -i https://localhost:1337/api/stagers/dll?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5

Response:

{
  "stagers": [
    {
      "Author": [
        "@sixdub"
      ],
      "Comments": [
        ""
      ],
      "Description": "Generate a PowerPick Reflective DLL to inject with stager code.",
      "Name": "dll",
      "options": {
        "Arch": {
          "Description": "Architecture of the .dll to generate (x64 or x86).",
          "Required": true,
          "Value": "x64"
        },
        "Listener": {
          "Description": "Listener to use.",
          "Required": true,
          "Value": ""
        },
        "OutFile": {
          "Description": "File to output dll to.",
          "Required": true,
          "Value": "/tmp/launcher.dll"
        },
        "Proxy": {
          "Description": "Proxy to use for request (default, none, or other).",
          "Required": false,
          "Value": "default"
        },
        "ProxyCreds": {
          "Description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
          "Required": false,
          "Value": "default"
        },
        "StagerRetries": {
          "Description": "Times for the stager to retry connecting.",
          "Required": false,
          "Value": "0"
        },
        "UserAgent": {
          "Description": "User-agent string to use for the staging request (default, none, or other).",
          "Required": false,
          "Value": "default"
        }
      }
    }
  ]
}

Generate Stager

Handler

Handler : POST /api/stagers
Description : Returns the Empire stager specified by parameters.
Parameters :
StagerName : the stager name to generate (required)
Listener : the listener name to generate the stager for (required)
additional : any additional stager values enumerated from stager options

Example

Request:

curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/stagers?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"StagerName":"launcher", "Listener":"testing"}'

Response:

{
  "launcher": {
    "Base64": {
      "Description": "Switch. Base64 encode the output.",
      "Required": true,
      "Value": "True"
    },
    "Listener": {
      "Description": "Listener to generate stager for.",
      "Required": true,
      "Value": "testing"
    },
    "OutFile": {
      "Description": "File to output launcher to, otherwise displayed on the screen.",
      "Required": false,
      "Value": ""
    },
    "Output": "powershell.exe -NoP -sta -NonI -W Hidden -Enc JAB...KQA=",
    "Proxy": {
      "Description": "Proxy to use for request (default, none, or other).",
      "Required": false,
      "Value": "default"
    },
    "ProxyCreds": {
      "Description": "Proxy credentials ([domain\\]username:password) to use for request (default, none, or other).",
      "Required": false,
      "Value": "default"
    },
    "StagerRetries": {
      "Description": "Times for the stager to retry connecting.",
      "Required": false,
      "Value": "0"
    },
    "UserAgent": {
      "Description": "User-agent string to use for the staging request (default, none, or other).",
      "Required": false,
      "Value": "default"
    }
  }
}

Tree @master (Download .tar.gz)

Stagers.md @master — view markup · raw · history · blame

Get Current Stagers

Handler

Example

Get Stager by Name

Handler

Example

Generate Stager

Handler

Example