How it works...
Our first move after gaining access to command execution through a web-shell was to use that command execution capability to upload a more advanced shell to the host so we could try privilege escalation exploits.
First, we prepared a metasploit payload using msfvenom and set up its handler. Then we used PowerShell and its Invoke-Expression (IEX) command. This takes a string and executes it as a script; the string we gave it as parameter was the contents of a file stored in our server that was downloaded using the WebClient object and its DownloadString function. This way, the contents of the remote file were passed directly to be executed by IEX without them being stored on the disk. This prevents the action of most antiviruses, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access