Skip to content

Listener

Jump to bottom Edit New page
jm33-m0 edited this page Jan 19, 2025 · 2 revisions

emp3r0r HTTP Listener: Overview and Use Cases

The emp3r0r framework provides two types of HTTP listeners:

  1. Plain HTTP Listener: Serves the payload without encryption or compression.
  2. AES+Deflate HTTP Listener: Compresses and encrypts the payload for added security and efficiency.

Features

  • A standalone listener program (repository link) deployable on any system.
  • A built-in listener module integrated into the emp3r0r agent for flexible usage.

When to Use the HTTP Listener

Staged Payload Delivery (Initial Deployment)

  • Recommended Deployment: Use the standalone listener on a system other than the C2 server for better operational security.
  • Optimal Configuration: Employ the http_aes_compressed listener for enhanced security.
  • Stager Compilation:
    • Modify and compile the provided stager.c to match your environment.
    • Alternatively, create a custom stager following the logic in stager.c.

Payload Delivery During Lateral Movement

  • Use Case: Ideal when C2 connection is slow, and rapid deployment of agents is critical.
  • Workflow:
    1. Upload the emp3r0r agent payload (e.g., executable or shared library) to a foothold machine.
    2. Activate the listener module on the foothold machine.
    3. Deliver the payload to other hosts within the internal network, mirroring the initial delivery process.
Add a custom footer
Add a custom sidebar
Clone this wiki locally