It brings me joy to know I’m not the only person having problems with this. But the problems I’m having are just so strange. Like, this really should /not/ be happening.
I was going to make a ticket but if it isn’t necessary then I won’t, but again, I really don’t think this should be happening.
Basically, I’ve followed the foothold page up until the point where I’m to receive a reverse shell from the box by uploading & running the powershell script found on the page. I’ve got my python http server listening on 8080, with the reverse shell script in the cwd, in this case I named it legit.ps1… Of course also got nc listening for the shell to come back to me on port 413.
My first few attempts, were relatively successful! The only thing being that when I executed the oneliner from within the SQL shell, to download the reverse shell script from my web server, the box whined @ me, claiming that I was trying to execute malicious code! Would you believe that? Preposterous and baseless accusations. ;^)
So at the time I just thought, “it didn’t mention anything about having to get around any kind of av, but maybe this is just something they purposely didn’t mention?”
Considering this new unforeseen challenge that had arisen, I changed the script’s filename - from shell.ps1, to legit.ps1, as I mentioned above. Additionally, I had changed the default port for the reverse shell from 443, to 431, as also I mentioned above. I also added the friendliest of comments to the very top of the script, cause I’m a friendly dude, no malicious here.
I regret to say that all of my efforts were in vain, as the box would still complain. But, now, about something different!
A picture is worth a thousand words:
Let it be known that the connection is made & the script downloaded, just not executed - in the first error.
But the second error, however, is the weirder one. If you read the error, it’s basically saying that it doesn’t know what the ■■■■ I’m trying to do. Or, well, it does know, but that it just can’t/won’t?? The strangest part about this one is that is seems to just disappear after a little while, like it just stops happening after a while when I try again. And instead of that weird error, I’m back to the AV malicious code detection error.
I am using the exact same script & command for downloading the script every single time. I looked around online before thinking about posting this myself.
I have started from scratch with fresh copies of the resources given on the page. I’ve tried a couple of different reverse shell scripts too, but to no avail.
I wouldn’t be finding this so much of a problem if it wasn’t literally the starting point ■■■■.
Main reason I’m posting this is because there are no mentions anywhere within the starting point’s page about there being anything remotely close to what’s in the contents of the images I linked, or what I’ve encountered off the bat.
Apologies for the huge wall of text. Had to make sure I had all of the details I needed.
I’m incredibly eager to hear feedback on this.