How to do it...

So, we managed to upload our web-shell to a Windows web server. It is located at http://192.168.56.14/cmd.aspx. The first thing to do is to figure out which privilege level the web server is running:

  1. Browse to the web-shell (http://192.168.56.14/cmd.aspx) and run the whoami command, as shown:

As you can see, our user is defaultapppool, from the iis apppool group, which is a very limited one in its default configuration.

  1. Next, we need to improve our method of issuing commands. Let's use msfvenom to create a reverse meterpreter shell. We will use the server's own PowerShell to execute our payload in memory, without it ever ...

Get Kali Linux Web Penetration Testing Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.