Hack Remote PC with Reverse PowerShell using Brosec

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec’s most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard.

Firstly install the Brosec tool in your Kali Linux. Follow the below steps one by one:

Reference:

//github.com/gabemarshall/Brosec

  • apt-get install npm build-essential g++ xsel netcat Install dependencies
  • npm config set registry //registry.npmjs.org/ Npm registry seems to be broken by default when installed from Kali repos
  • npm install -g n Install n (nodejs version manager)
  • n latest Install latest version of nodejs
  • git clone //github.com/gabemarshall/Brosec.git – Clone Brosec repo
  • cd Brosec && npm install – cd into the directory and install npm depdendencies

After that start Brosec by typing in terminal:

./bros

It will show you menu options.

Now set the IP of your localhost :

set lhost 192.168.0.111

Now set the lport :

set lport 4444

After setting the localhost and lport, choose option 5 Miscellaneous.

You will see 2 options Reverse Shells and Exfiltration. Now select option1 Reverse Shells, see the image below:

After choosing the option Reverse Shells, you will see 5 options. In my case I’m selecting option 4 Reverse Shell PSH

Now it will show you a message Should I start a netcat listener for you?

Press Y to start the netcat listener. It will generate a powershell script, see the below picture.

And copy this code in text editor and save it with .ps1 (powershell extension)

Now send the saved .ps1 file to the victim using any social engineering method. When the victim clicks on it, you will get the session of the victim’s PC. See the picture below for reference.

Now you can use the systeminfo command to get the information of the victim’s PC.

Leave a Reply

Your email address will not be published. Required fields are marked *