For those of us that have had the chance to play around with it, docker is pretty awesome. While primarily designed with development / deployment / continuous integration in mind, it is also pretty awesome for offense related tasks.
I have put together a docker build for PowerShell Empire. You can grab the dockerfile and such from GitHub or just pull the image directly from Docker Hub. I intend on configuring automated builds to ensure that a fresh and fully updated version can be pulled down regularly
Usage & Considerations
In order to build the docker container yourself, you will need to clone this repository:
git clone https://github.com/attactics/PowerShellEmpireDocker
Once you have the repository cloned you will need to build the image from within the cloned directory:
docker build -t PowerShellEmpire .
Once the image has been built, a container can be created and ran. For example:
docker run -it --name PowerShellEmpireDocker -p [HOST_IP]:[HOST_PORT]:
[CONTAINER_PORT] -v /tmp:/tmp PowerShellEmpire
Taking a look at the run command:
- -it instructs docker to let us interact with the container (input & output)
- -p instructs docker to forward communication received on the host IP on port 8080 to the container on port 8080. This can be modified as desired, however it is important to specify the host interface you intend stagers to communicate with.
- -v create a volume linking the host /tmp directory to the containers /tmp directory. This exists to conveniently write stager output files to the host for use. By default, PowerShell Empire writes generated stager files to /tmp. The host location is arbitrary.
Bear in mind that when configuring listeners you must specify the IP address of the _host_ interface you intend to receive connections on. PowerShell Empire will bind a listener to 0.0.0.0, as such even if you specify an IP that does not exist within the container, it will bind without issue. Specifying the host interface when configuring the listener ensures that the stager is built with this same host interface, allowing it to connect back to the host as opposed to a local network interface that exists
within docker networking.
If the above build process consists of more keys than you can bring yourself to type, the pre-built image can be found on docker hub. I intend to update them regulary. You can pull the image to your local device by executing the following
docker pull attactics/powershellempire