Get Reverse-shell via Windows one-liner

Get Reverse-shell via Windows one-liner

This article will help those who play with CTF challenges, because today we will discuss “Windows One- Liner” to use malicious commands such as power shell or rundll32 to get reverse shell of the Windows system. Generally, while abusing HTTP services or other programs, we get RCE vulnerability. This loophole allows you to remotely execute any system command. We have therefore prepared a list of Windows commands that enable you to use the target machine to get reverse connections.

Table of Content

Mshta.exe

  • Launch HTA attack via HTA Web Server of Metasploit

Rundll32.exe

  • Launch Rundll32 Attack via SMB Delivery of Metasploit

Regsvr32.exe

  • Launch Regsvr32 via Script Web Delivery of Metasploit

Certutil.exe

  • Launch MSbuild Attack via Msfvenom C# shellcode

Powershell.exe

  • Launch Powercat attack via Powershell
  • Launch cscript.exe via Powershell
  • Launch Batch File Attack via Powershell

Msiexec.exe

  • Launch msiexec attack via msfvenom

Wmic.exe

  • Launch Wmic.exe attack via Koadic

Full Article Read Here

Jesse Ratcliffe, OSCP

Senior Security Consultant | Penetration Tester | Offensive Security Engineer

6 年

Koadic is nice. Start one listener, plant your payloads and wait for zombies.

回复
Sikhululwe Khashane

Penetration Testing/Red Team/Adversary Emulation/Cybersecurity Architect/Cybersecurity Operations/Governance | OSCP | 2 x AWS | CEH | ML | AI | MCSA | Machine Learning

6 年

thank you for sharing

回复
Gouthum “Karate" Karadi

Blockchain Developer, Investor and Educator

6 年

Love me some koadic

Geet Madan

Penetration Tester | Threat Hunter | Red Teamer ????

6 年

nice

要查看或添加评论,请登录

Aarti S.的更多文章

  • HIRING

    HIRING

    Location - India (Remote) Job Type - Full Time Experience - Entry Level (1-3 Years) Job Summary: We are seeking a…

  • Data Exfiltration using PowerShell Empire

    Data Exfiltration using PowerShell Empire

    In our previous post, we had already discussed “Command and Control with DropboxC2” But we are going to demonstrate…

  • Development: Vulnhub Walkthrough

    Development: Vulnhub Walkthrough

    Today we are going to take on another challenge known as “DEVELOPMENT”. This is designed for OSCP practice, and the…

  • Hack the Box : Irked Walkthrough

    Hack the Box : Irked Walkthrough

    Today we are going to solve another CTF challenge “irked”. It is a retired vulnerable lab presented by Hack the Box for…

  • Hack the Box: Teacher Walkthrough

    Hack the Box: Teacher Walkthrough

    oday we are going to solve another CTF challenge “Teacher”. It is a retired vulnerable lab presented by Hack the Box…

  • Covert Channel: The Hidden Network

    Covert Channel: The Hidden Network

    Generally, the hacker uses a hidden network to escape themselves from firewall and IDS such. In this post, you will…

  • SP eric: Vulnhub Lab Walkthrough

    SP eric: Vulnhub Lab Walkthrough

    Hello friends! Today we are going to take another CTF challenge known as “SP eric”. The credit for making this VM…

  • Command & Control: WebDav C2

    Command & Control: WebDav C2

    In this article, we will learn how to use WebDav C2 tool. Table of Content: Introduction Installation Exploiting Target…

  • Comprehensive Guide on Netcat

    Comprehensive Guide on Netcat

    his article will provide you with the basic guide of Netcat and how to get a session from it using different methods…

    4 条评论
  • Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

    Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

    This is our 8th post in the series of the empire which covers how to use empire as GUI. Empire has a great GUI…

社区洞察

其他会员也浏览了