This video discusses the integration between Core Impact and PowerShell Empire and how you can use these two tools together.
Core Impact Workspace Set Up for PowerShell Empire
Core Impact and PowerShell Empire can be used together to further penetrate a organization’s network. To start, you’ll need to set up a Core Impact workspace with a target environment and an agent on the vagrant box at .40. This is an active non-persistent agent.
PowerShell Empire Server Set Up
You’ll also need a server up and running Powershell Empire. To begin the set up, you’ll need to start up a listener.
Now you’ll need to go to the agents menu to see if there are any active agents in Powershell. In this example they are not, so you’ll use Core Impact since you do have an agent over there.
Go to “modules” in Core Impact and search for “Empire” to see all the models for Powershell Empire. First you’ll want to deploy a Powershell Empire Agent. Simply select the "Deploy PowerShell Empire Agent" module and drop it onto your agent(0).
It will then prompt you for address information and credentials. The address needs to point to your Powershell Empire box, so you’ll want to enter the appropriate credentials. Make sure the “Listener” is the listener you recently set up.
You can now leverage Core Impact by checking the module log to track progress. You can also use the terminal to see if the agent is active. If done correctly, from you just installed a Powershell Empire agent on a box that you already had a Core Impact agent installed on.
The next step is to interact with the agent in Powershell Empire. In this example we are running mimikatz.
You can now take a look at what credentials you have discovered. We will use the information to conduct a jump using the usernames and passwords discovered.
You can conduct a jump using the usernames and passwords you recently discovered. Using Powershell Empire you’ll want to utilize the “usemodule lateral movement” command from the agent.
Now you’ll have additional agents in Powershell Empire and you can use the “Install Agent Using Powershell Empire Agent” module in Core Impact using the Powershell Empire agent you just found. Core Impact will contact the Powershell Empire agent that we just moved to and deployed.