Meatballs1
commented
10 years ago Pretty awesome ;)
Thanks to @sempervictus you could import Exploit::Powershell and use cmd_psh_payload(payload.encoded) to generate the powershell command line etc.
Closed nullbind closed 10 years ago
Meatballs1
commented
10 years ago Pretty awesome ;)
Thanks to @sempervictus you could import Exploit::Powershell and use cmd_psh_payload(payload.encoded) to generate the powershell command line etc.
nullbind
commented
10 years ago Well that's sweet. Thanks for the info. If I get motivated one of these days I'll update it. So many things to play with, so little time. :)
On Thu, Jan 23, 2014 at 1:36 PM, Meatballs1 notifications@github.comwrote:
Pretty awesome ;)
Thanks to @sempervictus https://github.com/sempervictus you could import Exploit::Powershell and use cmd_psh_payload(payload.encoded) to generate the powershell command line etc.
— Reply to this email directly or view it on GitHubhttps://github.com/pwnwiki/q/pull/14#issuecomment-33159896 .
Added MSF PSH WebShell Generator
This module will generate a webshell in the language defined by the "WEB_LANG" option that passes a base64 encoded PowerShell command to the Windows operating system that will execute the defined MSF payload. This can be a handy way to deliver Metasploit payloads when you have the ability to upload arbitrary files to a web server. The txt extension can also be defined in order to write the raw PowerShell command to a file for manual execution.
It was denied by the Metasploit team, because they wanted it baked into the Msf::Util::Exe. I’m sure there were other little things that they didn’t call out too. Either way it seems to work on the lab systems just fine, and we’ve used the webshell payloads in a few pentests without issue.
Since I’m lazy and most likely wont add it to Msf::Util::Exe I thought this might be a better home for it. Let me know if you think it’s a fit. If so, there is at least one other module I might send your way.
Thanks,
Scott