Browse Classifications
- All Resources
- Strategic Content
- Technical Content
- Ahead of the Breach Podcast Content
- Partner Program Content
With Autored, in 3 minutes, you can have a fresh install of Empire with listeners and stagers ready to go.
This is start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. Other efforts in this area have been documented, but they are more complex and time consuming to manage. I only use Terraform and bash scripts to keep customization easy and simple. In 3 minutes, you can have a fresh install of Empire with listeners and stagers ready to go.
You'll need the following:
Download the proper Terraform package for you operating system.
Terraform is very simple to install because its just a single binary.
Extract the zip unzip terraform_0.11.1_linux_amd64.zip
and copy it to your binary path cp terraform /usr/local/bin/terraform
.
Thats it! Test that its working by just executing terraform
You will need two things for AWS.
Create a ssh key pair:
Create a new IAM user, set the needed permissions, and copy over your keys. It's quick:
Create a file in ~/.aws/credentials with the following in it:
[autored]
aws_access_key_id = REPLACE_WITH_YOUR_OWN
aws_secret_access_key = REPLACE_WITH_YOUR_OWN
region = us-east-2
Clone the autored-empire repo:
git clone https://github.com/sprocketsecurity/autored-empire
Note: I download and rename this repo each time for new clients to stay organized. Example:
git clone https://github.com/sprocketsecurity/autored-empire autored-empire-CLIENTNAME
There is a sub directory for each cloud provider. Right now I only support AWS. The config directory contains scripts and files that Terraform will upload and run on the instance during provisioning.
Initialize Terraform. cd into auto-empire/aws then run the following:
terraform init
The configs assume a couple things:
You must be in the directory that contains main.tf to launch Terraform. In this case, auto-empire/aws:
terraform apply
You will see all the output, and in roughly 3 minutes you should have a working Empire instance. The script will output the public IP of the instance and the ssh command to access it.
You can access Empire by sshing to the host and running: screen -x empire
.
A http 80 and 443 listener is setup automatically. The setup script outputs Powershell stagers for both listeners.
They will saved to the ~/Empire directory and named stager-http80.txt
and stager-http443.txt
. Once Empire is ready, you should have an output similar to the screenshot below:
Here are some helpful Terraform commands:
Destroy the host/plan:
terraform destroy
Check for syntax errors in your terraform scripts:
terraform validate
Can't remember if the host is running? or do you want to get the public IP again from the output?
terraform show
terraform destroy
instead.Continuous Human & Automated Security
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.