Have you heard of Continuous Penetration Testing?
With Autored, in 3 minutes, you can have a fresh install of Empire with listeners and stagers ready to go.
This is start of a series I'm calling Autored. My goal is to quickly stand up temporary systems I commonly use during an engagement. Other efforts in this area have been documented, but they are more complex and time consuming to manage. I only use Terraform and bash scripts to keep customization easy and simple. In 3 minutes, you can have a fresh install of Empire with listeners and stagers ready to go.
You'll need the following:
Download the proper Terraform package for you operating system.
Terraform is very simple to install because its just a single binary.
Extract the zip
unzip terraform_0.11.1_linux_amd64.zip and copy it to your binary path
cp terraform /usr/local/bin/terraform.
Thats it! Test that its working by just executing
You will need two things for AWS.
Create a ssh key pair:
Create a new IAM user, set the needed permissions, and copy over your keys. It's quick:
Create a file in ~/.aws/credentials with the following in it:
[autored] aws_access_key_id = REPLACE_WITH_YOUR_OWN aws_secret_access_key = REPLACE_WITH_YOUR_OWN region = us-east-2
Clone the autored-empire repo:
git clone https://github.com/sprocketsecurity/autored-empire
Note: I download and rename this repo each time for new clients to stay organized. Example:
git clone https://github.com/sprocketsecurity/autored-empire autored-empire-CLIENTNAME
There is a sub directory for each cloud provider. Right now I only support AWS. The config directory contains scripts and files that Terraform will upload and run on the instance during provisioning.
Initialize Terraform. cd into auto-empire/aws then run the following:
The configs assume a couple things:
You must be in the directory that contains main.tf to launch Terraform. In this case, auto-empire/aws:
You will see all the output, and in roughly 3 minutes you should have a working Empire instance. The script will output the public IP of the instance and the ssh command to access it.
You can access Empire by sshing to the host and running:
screen -x empire.
A http 80 and 443 listener is setup automatically. The setup script outputs Powershell stagers for both listeners.
They will saved to the ~/Empire directory and named
stager-http443.txt. Once Empire is ready, you should have an output similar to the screenshot below:
Here are some helpful Terraform commands:
Destroy the host/plan:
Check for syntax errors in your terraform scripts:
Can't remember if the host is running? or do you want to get the public IP again from the output?
Protect your company with Sprocket
When your environment changes, or new threats affect your attack surface, we perform security testing. There is a lot more value from this modern approach to testing.