The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow you to use PowerShell which is available by default in all operating systems Windows Vista and above. PowerShell provides a fruitful landscape for deploying payloads and performing functions that do not get triggered by Preventative Technologies.
- Powershell Alphanumeric Shellcode Injector
- Powershell Reverse Shell
- Powershell Bind Shell
- Powershell Dump SAM Database
-: Requiremets :-
Attacker :- setoolkit
Victim :- powershell and widnwos OS
-: Steps :-
1.Open terminal type 'setoolkit' and Hit Enter you see following in your terminal.
1.Open terminal type 'setoolkit' and Hit Enter you see following in your terminal.
3.Now choose 10, “Powershell Attack Vector”.
4.Now choose 1, “Powershell Alphanumeric Shellcode Injector” and type IP address And Port No. of Your PC for Reverse Connection.
5. Press Enter here SET will start Metasploit Payload handler service.
6.Now is retrieve the Powershell code that SET created. The code is
saved in
/root/.set/reports/powershell/x64_powershell_injection.txt Copy that file to Desktop And Send It to Victim.
7.Sent The Code or Send that text file and Tell Victim to Copy And Paste that Code in Command Prompt.
8. When Victim Paste That code in cmd And Press Enter after few seconds commnd prompt will close. and we will get meterpreter shell on msfconsole. :)
9. Now Type "sessions -l" to get list of session.
10.Now type "sessions -l ID" and Hit Enter. u will get meterpreter shell then type meterpreter commands to execute your activity for eg. shell to start and access command prompt.
That's it
