For today's short tutorial, i do not have a victim computer set up but i am still going to go ahead and demonstrate a simple SET (Social Engineering Toolkit) attack called “Powershell Alphanumeric Shellcode Injector”.
4) Now we will choose option “10? for Powershell Attack Vectors.
5) Lets choose option 1 for Power Alphanumeric Shellcode Injector and enter the reverse port, i used the default “443?.
6) Select your victim machine and for this tutorial lets take it as my victims is running a x64 machine. So i typed x64.
7) Next it will ask you if you want to start your listener, select yes. And we are done with the preparation!
8) Next open your Dolphin Manager and navigate to “Root->Pentest->Exploits->Set->Reports->Powershell”. There you will see both the 32 and 64 bit versions of the Powershell code. Lets open the’x64_powershell_injection.txt”.
9) Ok here comes the catch
, You will have to social engineer or manually input the below shell command into the target computer command prompt. If you are charming enough, you can talk the person into doing it for you.
10) Once you have done that, go back to your previous terminal with the listener turned on, You will be greeted with an anti-virus hassle free welcome from your target. You can proceed to upload / download / delete programs.
Special Note :
The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow
you to use PowerShell which is available by default in all operating systems Windows Vista and above.
This allows you to get a remote shell by completely bypassing Anti-Viruson your victims computer. Yea cool huh?! But like everything that has a catch, the catch to this is that the application of this attack is not as convenient too apply. You cant have them all!
I will be using Backtrack5 KDE in this tutorial.
Lets Begin:
Lets Begin:
1) Lets start up a terminal and type : cd /pentest/exploits/set.
2) Next type : ./set
3) Once SET is loaded (As shown Below), Choose 1 for “Social-Engineering Attacks”.
4) Now we will choose option “10? for Powershell Attack Vectors.
5) Lets choose option 1 for Power Alphanumeric Shellcode Injector and enter the reverse port, i used the default “443?.
6) Select your victim machine and for this tutorial lets take it as my victims is running a x64 machine. So i typed x64.
7) Next it will ask you if you want to start your listener, select yes. And we are done with the preparation!
8) Next open your Dolphin Manager and navigate to “Root->Pentest->Exploits->Set->Reports->Powershell”. There you will see both the 32 and 64 bit versions of the Powershell code. Lets open the’x64_powershell_injection.txt”.
9) Ok here comes the catch
, You will have to social engineer or manually input the below shell command into the target computer command prompt. If you are charming enough, you can talk the person into doing it for you.10) Once you have done that, go back to your previous terminal with the listener turned on, You will be greeted with an anti-virus hassle free welcome from your target. You can proceed to upload / download / delete programs.
Special Note :
1) In regard to the questions about the possibility of converting powershell codes into .bat or .exe. Well there are ways to achieve that outcome with tools out there such as Portable PowerShell, PrimalScript, PowerGUI Pro 3.0.etc etc. But whether or not if it will stay undetectable, that i cant say for sure. I will update the result as soon as i get to it. I am now currently in the midst of battling a dying laptop. Or you could also use metasploit to create a .jsp file to upload on a web server to exploit your victims.
2) This is for educational purposes ONLY.
3) DO NOT harm the innocent.
COMMENTS