Empire
Empire copied to clipboard
EmpireProject
Powershell stager for http(s) listener
Empire Version
2.5
OS Information (Linux flavor, Python version)
kali-rolling 2019.1 x64, py 2.7.15+
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
The powershell stagers script created for the http listener, having https enabled, when executed generates an error in the communication channel with the server. The problem is the TLS protocol version used by default in powershell cli which is 1.0 Tested on
- win10pro x64, PS version 5.1
- win 7pro SP1 x64, PS version 3.0
Screenshot of error, embedded text output, or Pastebin link to the error
My http listener configuration
My stager multi/launcher configuration, also tested with windows/launcher_bat and windows/macro
PS payload executed on Win10 ["Request rejected: It's not possible to create a secure SSL\TLS channel..."]
Same thing on Win7
Packets exchanged between the server 192.168.1.66 and the win10 machine, same thing happens with the win7 machine
TLS version of the generated certificate used by the listener
Any additional information
I solved the problem forcing the payload agent generation on http.py file to use TLS1.2
I don't know if it's the best approach or solution, in my case it solves all the problems with the stagers
Any additional comments will be very appreciated. Thank you to the Empire team for this wonderful framework
What Win10 build and .NET version are you running on? I haven't been able to reproduce this.
What Win10 build and .NET version are you running on? I haven't been able to reproduce this.
I do not think that the problem is related to the .Net, as far as I know the .Net set the TLS version available but not the default used in PS. Anyway following the information that you have requested:
This is the CLR version used in my PS enviroment:
Can confirm. The same issue happened to me as well and @zinzloun's solution worked.
