Emp3R0R – Linux Post-Exploitation Framework Made By Linux User

Click the icon to Follow me:- twitterTelegramRedditDiscord

hide processes and files

currently emp3r0r uses libemp3r0r to hide its files and processes, which utilizes glibc hijacking


currently implemented methods:

  • libemp3r0r
  • cron
  • bash profile and command injection

more will be added in the future


basic command shell

this is not a shell, it just executes any commands you send with sh -c and sends the result back to you

besides, it provides several useful helpers:

  • file management: put and get
  • command autocompletion
  • #net shows basic network info, such as ip a, ip r, ip neigh
  • #kill processes, and a simple #ps
  • bash !!! this is the real bash shell, keep on reading!

emp3r0r 07

fully interactive and stealth bash shell

a reverse bash shell, started with custom bash binary and bashrc, leaving no trace on the system shell

emp3r0r’s terminal supports everything your current terminal supports, you can use it just like an openssh session

but wait, it’s more than just a reverse bash shell, with module vaccine, you can use whatever tool you like on your target system

emp3r0r 08

credential harvesting

not implemented yet

i wrote about this in my blog

auto root

currently emp3r0r supports CVE-2018-14665, agents can exploit this vulnerability if possible, and restart itself with root privilege

emp3r0r 09

LPE suggest

upload the latest:

  • mzet-/linux-exploit-suggester
  • pentestmonkey/unix-privesc-check

and run them on target system, return the results

emp3r0r 10

port mapping

map any target addresses to CC side, using HTTP2 (or whatever transport your agent uses)

emp3r0r 11

plugin system

yes, there is a plugin system. please read the wiki for more information


emp3r0r 12

emp3r0r 13


  • pty
  • guitmz
  • readline
  • h2conn
  • diamorphine
  • Upgrading Simple Shells to Fully Interactive TTYs
Download Emp3R0R

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source