-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Arun edited this page Mar 31, 2017
·
29 revisions
This is something that i wrote to get a meterpreter shell on a windows machine after obtaining a valid set of admin credentials. It was during an internal pentest.
The anti-virus solution on the windows machine was blocking all remote invocations of powershell and hence the in-memory techniques used in crackmapexec modules were not giving me the desired results. I decided to try my luck with the old school approach of smuggling a disguised backdoor into the machine and running that to receive a shell. Veil-Framework's exes were also getting detected.
The final payload set consists of an EXE that reads from a text file to populate a byte array. The byte array is executed as code.