How to Script Startup of Empire Listeners

Carrie Roberts //  

ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques.


Tired of typing those Empire commands to startup your goto listeners? Wish there was an equivalent to Metasploit resource files for Empire? This is not currently implemented as far as I know, so until then here is a hack to make it happen.

When I’m working with tools on a remote server, which is always the case when I’m using Empire, I always use the Linux screen tool. The biggest reason I use screen is so that my processes, such as Empire, do not quit if/when I get disconnected from the server.

The solution for scripting the startup of Empire Listeners given here utilizes a feature of screen. Some common and useful screen commands can be found in this guide.

First, start a screen session, giving it a specific name. The following command creates a screen session named “my-screen” and immediately enters the default window within the screen session.

# screen -S my-screen

Each screen session can contain many windows. We are currently interacting with the default screen. Let’s rename this screen window to “empire” and start Empire in it. To rename this screen window use this key combination:

Ctrl-a A

This brings up a prompt at the bottom of the window where you can enter the new name:

Now let’s start Empire in this window. I’ve got empire downloaded to the /root/Empire directory so I enter the following commands:

# cd /root/Empire
# ./empire

We will leave Empire running there and start-up another window within our screen session using the Ctrl-a c key combination.

From here we create a bash script that uses a feature of Screen allowing us to send commands to particular windows within a session. The following is an example script, sending commands to start up an Empire listener with specific settings. The commands are sent to the screen session named “my-screen” and the window named “empire” within that session.

In my case, I named the file above “443”. After creating the script I make it executable as follows and then ran it.

# chmod +x 443
# ./443

Now switch back to your other screen window where Empire is running with the Ctrl-a space key combination to see the results.

In the future, all we need to do to start up our custom listener is run the 443 script using the “./443” command. You can create additional scripts for other ports and settings of your choice or combine them all to start up all of your listeners at once.  Do you have a better/easier way to accomplish this task? Please share and I’ll update this post.

You can learn more from Carrie in her classes!

Check them out here:

Attack Emulation Tools: Atomic Red Team, CALDERA and More 

PowerShell for InfoSec

Available live/virtual and on-demand!