Translate a host name to IPv4 address format using a remote agent. - Empire Module
This page contains detailed information about how to use the python/situational_awareness/network/gethostbyname Empire module. For list of all Empire modules, visit the Empire Module Library.
Module Overview
Name: Translate a host name to IPv4 address format using a remote agent.
Module: python/situational_awareness/network/gethostbyname
Source code:
empire/server/modules/python/situational_awareness/network/gethostbyname.yaml
MITRE ATT&CK:
T1018
Language: Python
Needs admin: No
OPSEC safe: Yes
Background: Yes
The gethostbyname module uses Python's socket.gethostbyname("example.com") function to resolve host names on a remote agent.
This module runs in a foreground and is OPSEC unsafe as it writes on the disk and therefore could be detected by AV/EDR running on the target system.
Note that the gethostbyname module does not need administrative privileges to work properly which means that a normal user can run this module.
Required Module Options
This is a list of options that are required by the gethostbyname module:
Agent
Agent to execute module on.
Target
FQDN, domain name, or hostname to lookup using the remote target.
Gethostbyname Example Usage
Here's an example of how to use the gethostbyname module in the Empire client console:
[+] New agent Y4LHEV83 checked in
[*] Sending agent (stage 2) to Y4LHEV83 at 192.168.204.135
(empire usestager/windows/ducky) > usemodule python/situational_awareness/network/gethostbyname
Author @TweekFawkes
Background True
Comments none
Description Uses Python's socket.gethostbyname("example.com") function to resolve
host names on a remote agent.
Language python
Name python/situational_awareness/network/gethostbyname
NeedsAdmin False
OpsecSafe True
Techniques http://attack.mitre.org/techniques/T1018
,Record Options--,----------,-----------------------------------,
| Name | Value | Required | Description |
|--------|-------|----------|-----------------------------------|
| Agent | | True | Agent to execute module on. |
|--------|-------|----------|-----------------------------------|
| Target | | True | FQDN, domain name, or hostname to |
| | | | lookup using the remote target. |
'--------'-------'----------'-----------------------------------'
(Empire: usemodule/python/situational_awareness/network/gethostbyname) > set Agent Y4LHEV83
[*] Set Agent to Y4LHEV83
(Empire: usemodule/python/situational_awareness/network/gethostbyname) > set Target 192.168.100.1
[*] Set Target to 192.168.100.1
(Empire: usemodule/python/situational_awareness/network/gethostbyname) > execute
[*] Tasked Y4LHEV83 to run Task 1
...
Now wait for the results to come.
Author
References
- https://github.com/BC-SECURITY/Empire/tree/master/empire/server/modules/python/situational_awareness/network/gethostbyname.yaml
- http://attack.mitre.org/techniques/T1018
See Also
Check also the following modules related to this module:
- python/situational_awareness/network/find_fruit
- python/situational_awareness/network/port_scan
- python/situational_awareness/network/smb_mount
- python/situational_awareness/network/http_rest_api
- python/situational_awareness/network/active_directory/dscl_get_groups
- python/situational_awareness/network/active_directory/get_groups
- python/situational_awareness/network/active_directory/get_computers
- python/situational_awareness/network/active_directory/get_userinformation
- python/situational_awareness/network/active_directory/get_fileservers
- python/situational_awareness/network/active_directory/get_users
- python/situational_awareness/network/active_directory/dscl_get_groupmembers
- python/situational_awareness/network/active_directory/get_groupmembers
- python/situational_awareness/network/active_directory/get_ous
- python/situational_awareness/network/active_directory/dscl_get_users
- python/situational_awareness/network/active_directory/get_groupmemberships
- python/situational_awareness/network/active_directory/get_domaincontrollers
- python/situational_awareness/network/dcos/marathon_api_delete_app
- python/situational_awareness/network/dcos/marathon_api_create_start_app
- python/situational_awareness/network/dcos/chronos_api_delete_job
- python/situational_awareness/network/dcos/etcd_crawler
- python/situational_awareness/network/dcos/chronos_api_add_job
- python/situational_awareness/network/dcos/chronos_api_start_job
Version
This page has been created based on Empire version 4.1.3 (BC Security Fork).
Visit Empire Module Library for more modules.