For todays short tutorial, i do not have a victim computer set up but i am still going to go ahead and demonstrate a simple SET (Social Engineering Toolkit) attack called “Powershell Alphanumeric Shellcode Injector”.
The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow
you to use PowerShell which is available by default in all operating systems Windows Vista and above.
This allows you to get a remote shell by completely bypassing Anti-Viruson your victims computer. Yea cool huh?! But like everything that has a catch, the catch to this is that the application of this attack is not as convenient too apply. You cant have them all!
I will be using Backtrack5 KDE in this tutorial.
1) Lets start up a terminal and type : cd /pentest/exploits/set.
2) Next type : ./set
3) Once SET is loaded (As shown Below), Choose 1 for “Social-Engineering Attacks”.
4) Now we will choose option “10″ for Powershell Attack Vectors.
5) Lets choose option 1 for Power Alphanumeric Shellcode Injector and enter the reverse port, i used the default “443″.
6) Select your victim machine and for this tutorial lets take it as my victims is running a x64 machine. So i typed x64.
7) Next it will ask you if you want to start your listener, select yes. And we are done with the preparation!
8) Next open your Dolphin Manager and navigate to “Root->Pentest->Exploits->Set->Reports->Powershell”. There you will see both the 32 and 64 bit versions of the Powershell code. Lets open the’x64_powershell_injection.txt”.
9) Ok here comes the catch , You will have to social engineer or manually input the below shell command into the target computer command prompt. If you are charming enough, you can talk the person into doing it for you.
10) Once you have done that, go back to your previous terminal with the listener turned on, You will be greeted with an anti-virus hassle free welcome from your target. You can proceed to upload / download / delete programs.
Authors Note :
1) In regard to the questions about the possibility of converting powershell codes into .bat or .exe. Well there are ways to achieve that outcome with tools out there such as Portable PowerShell, PrimalScript, PowerGUI Pro 3.0.etc etc. But whether or not if it will stay undetectable, that i cant say for sure. I will update the result as soon as i get to it. I am now currently in the midst of battling a dying laptop. Or you could also use metasploit to create a .jsp file to upload on a web server to exploit your victims.
2) My laptop recently just survived a 4 hour direct rain storm. Miraculously it still works but the graphic card has turned faulty. So pardon the quality . I accept paypal donations
3) This is for educational purposes ONLY.
4) DO NOT harm the innocent.
“We have to create culture, don’t watch TV, don’t read magazines, don’t even listen to NPR. Create your own roadshow. The nexus of space and time where you are now is the most immediate sector of your universe, and if you’re worrying about Michael Jackson or Bill Clinton or somebody else, then you are disempowered, you’re giving it all away to icons, icons which are maintained by an electronic media so that you want to dress like X or have lips like Y. This is shit-brained, this kind of thinking. That is all cultural diversion, and what is real is you and your friends and your associations, your highs, your orgasms, your hopes, your plans, your fears. And we are told ‘no’, we’re unimportant, we’re peripheral. ‘Get a degree, get a job, get a this, get a that.’ And then you’re a player, you don’t want to even play in that game. You want to reclaim your mind and get it out of the hands of the cultural engineers who want to turn you into a half-baked moron consuming all this trash that’s being manufactured out of the bones of a dying world.” ― Terence McKenna