Rootkits - 2
- use a CC server to interact with compromised hosts (your windows7 instance)
You have delivered a payload to compromise a windows host. Your objective now is to maintain that access, and control access to the target.
On your Kali machine, you should install powershell empire. I found it easiest to connect to my Kali instance via ssh. We will be installing this via docker. So on your Kali instance, you need to install docker.io. I have recorded a video to show you how to do this install.
A good overview of how to exploit and other things you can do with Empire is found here.
You can exit and re-launch the docker container if you mess up. You will have to re-launch empire and re-create any listeners or agents though.
You will need to copy the powershell script gobbledygook to your windows machine. Make sure you enable shared clipboard on the windows machine so you can copy your machine over. If it doesn’t work, you may have to reboot windows.
Depending on the user that you logged into windows with will determine the
high_integrityvalue of your agent. (So if it already is a 1, you need not do the bypassuac stuff)
A single pdf with the following:
- Output of the
credscommand while interacting with your agent should show a list of some credentials.
- Experiment with at least 3 modules (preferably ones we didn’t use in class) and take screenshots of what they did.
- A short paragraph explaining what powershell empire does.
Last Updated 01/29/2021