Agents

Get Current Agents

Handler

  • Handler: GET /api/agents
  • Description: Returns all current Empire agents.
  • Parameters: None

Example

Request:
curl --insecure -i https://localhost:1337/api/agents?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"agents": [
{
"ID": 1,
"checkin_time": "2016-03-31 17:36:34",
"children": null,
"delay": 5,
"external_ip": "192.168.52.200",
"functions": null,
"headers": "",
"high_integrity": 0,
"hostname": "WINDOWS1",
"internal_ip": "192.168.52.200",
"jitter": 0.0,
"kill_date": "",
"lastseen_time": "2016-03-31 17:38:55",
"listener": "http://192.168.52.172:8080/",
"lost_limit": 60,
"name": "3GHZPWEGADMT2KPA",
"old_uris": null,
"os_details": "Microsoft Windows 7 Professional ",
"parent": null,
"process_id": "1636",
"process_name": "powershell",
"ps_version": "2",
"results": "",
"servers": null,
"sessionID": "3GHZPWEGADMT2KPA",
"session_key": "7.+...",
"taskings": "",
"uris": "/admin/get.php,/news.asp,/login/process.jsp",
"user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"username": "WINDOWS1\\user",
"working_hours": ""
},
...
]
}

Get Stale Agents

Handler

  • Handler: GET /api/agents/stale
  • Description: Returns all 'stale' Empire agents (past checkin window).
  • Parameters: None

Example

Request:
curl --insecure -i https://localhost:1337/api/agents/stale?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"agents": [
{
"ID": 1,
"checkin_time": "2016-03-31 17:36:34",
"children": null,
"delay": 5,
"external_ip": "192.168.52.200",
"functions": null,
"headers": "",
"high_integrity": 0,
"hostname": "WINDOWS1",
"internal_ip": "192.168.52.200",
"jitter": 0.0,
"kill_date": "",
"lastseen_time": "2016-03-31 17:38:55",
"listener": "http://192.168.52.172:8080/",
"lost_limit": 60,
"name": "3GHZPWEGADMT2KPA",
"old_uris": null,
"os_details": "Microsoft Windows 7 Professional ",
"parent": null,
"process_id": "1636",
"process_name": "powershell",
"ps_version": "2",
"results": "",
"servers": null,
"sessionID": "3GHZPWEGADMT2KPA",
"session_key": "7.+...",
"taskings": "",
"uris": "/admin/get.php,/news.asp,/login/process.jsp",
"user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"username": "WINDOWS1\\user",
"working_hours": ""
},
...
]
}

Remove Stale Agents

Handler

  • Handler: DELETE /api/agents/stale
  • Description: Removes all 'stale' Empire agents (past checkin window).
  • Parameters: None

Example

Request:
curl --insecure -i https://localhost:1337/api/agents/stale?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
"success": true
}

Get Agent by Name

Handler

  • Handler: GET /api/agents/AGENT_NAME
  • Description: Returns the agent specified by AGENT_NAME.
  • Parameters: None

Example

Request:
curl --insecure -i https://localhost:1337/api/agents/XMY2H2ZPFWNPGEAP?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"agents": [
{
"ID": 1,
"checkin_time": "2016-03-31 20:29:31",
"children": null,
"delay": 5,
"external_ip": "192.168.52.200",
"functions": null,
"headers": "",
"high_integrity": 0,
"hostname": "WINDOWS1",
"internal_ip": "192.168.52.200",
"jitter": 0.0,
"kill_date": "",
"lastseen_time": "2016-03-31 20:29:38",
"listener": "http://192.168.52.173:8080/",
"lost_limit": 60,
"name": "XMY2H2ZPFWNPGEAP",
"old_uris": null,
"os_details": "Microsoft Windows 7 Professional ",
"parent": null,
"process_id": "2600",
"process_name": "powershell",
"ps_version": "2",
"results": null,
"servers": null,
"sessionID": "XMY2H2ZPFWNPGEAP",
"session_key": "+e`x!...",
"taskings": null,
"uris": "/admin/get.php,/news.asp,/login/process.jsp",
"user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"username": "WINDOWS1\\user",
"working_hours": ""
}
]
}

Remove Agent

Handler

  • Handler: DELETE /api/agents/AGENT_NAME
  • Description: Removes the agent specified by AGENT_NAME (doesn't kill first).
  • Parameters: None

Example

Request:
curl --insecure -i https://localhost:1337/api/agents/XMY2H2ZPFWNPGEAP?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
"success": true
}

Task an Agent to run a Shell Command

Handler

  • Handler: POST /api/agents/AGENT_NAME/shell
  • Description: Tasks the agent specified by AGENT_NAME to run the given shell command.
  • Parameters:
    • Command: the shell command to task the agent to run (required)

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/shell?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"command":"whoami"}'
Response:
{
"success": true
}

Task all Agents to run a Shell Command

Handler

  • Handler: POST /api/agents/all/shell
  • Description: Tasks all agents to run the given shell command.
  • Parameters:
    • Command: the shell command to task the agents to run (required)

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/shell?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"command":"pwd"}'
Response:
{
"success": true
}

Get Agent Results

Handler

  • Handler: GET /api/agents/AGENT_NAME/results
  • Description: Retrieves results for the agent specifed by AGENT_NAME.
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"results": [
{
"agentname": "CXPLDTZCKFNT3SLT",
"results": "WINDOWS1\\user\nPath \r\n---- \r\nC:\\Users\\user
}
]
}r

Delete Agent Results

Handler

  • Handler: DELETE /api/agents/AGENT_NAME/results
  • Description: Deletes the result buffer for the agent specifed by AGENT_NAME.
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
"success": true
}

Delete All Agent Results

Handler

  • Handler: DELETE /api/agents/all/results
  • Description: Deletes all agent result buffers
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/results?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X DELETE
Response:
{
"success": true
}

Clear Queued Agent Tasking

Handler

  • Handler: POST/GET /api/agents/AGENT_NAME/clear
  • Description: Clears the queued taskings for the agent specified by AGENT_NAME.
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/clear?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"success": true
}

Rename an Agent

Handler

  • Handler: POST/GET /api/agents/AGENT_NAME/rename
  • Description: Renames the agent specified by AGENT_NAME.
  • Parameters:
    • Newname: the name to rename the specified agent to (required)

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/rename?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5 -X POST -d '{"newname":"initial"}'
Response:
{
"success": true
}

Kill an Agent

Handler

  • Handler: POST/GET /api/agents/AGENT_NAME/kill
  • Description: Tasks the agent specified by AGENT_NAME to exit.
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/CXPLDTZCKFNT3SLT/kill?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"success": true
}

Kill all Agents

Handler

  • Handler: POST/GET /api/agents/all/kill
  • Description: Tasks all agents to exit.
  • Parameters: None

Example

Request:
curl --insecure -i -H "Content-Type: application/json" https://localhost:1337/api/agents/all/kill?token=ks23jlvdki4fj1j23w39h0h0xcuwjrqilocxd6b5
Response:
{
"success": true
}
Last modified 9mo ago
Copy link
On this page
Get Current Agents
Handler
Example
Get Stale Agents
Handler
Example
Remove Stale Agents
Handler
Example
Get Agent by Name
Handler
Example
Remove Agent
Handler
Example
Task an Agent to run a Shell Command
Handler
Example
Task all Agents to run a Shell Command
Handler
Example
Get Agent Results
Handler
Example
Delete Agent Results
Handler
Example
Delete All Agent Results
Handler
Example
Clear Queued Agent Tasking
Handler
Example
Rename an Agent
Handler
Example
Kill an Agent
Handler
Example
Kill all Agents
Handler
Example