Metasploit AV Evasion With Powershell

Metasploit AV Evasion With Powershell In this tutorial I will walk through how to create a Meterpreter session that will bypass antivirus while not touching the disk and injecting directly into memory.  This method is useful when the normal psexec exploit module fails. First there are a couple assumptions to start with: You can communicate with […]

Powershell networking cmdlets

BASIC NETWORKING POWERSHELL CMDLETS CHEATSHEET TO REPLACE NETSH, IPCONFIG, NSLOOKUP AND MORE After working with Microsoft Azure, Nano Server and Containers, Powershell together with networking becomes more and more important. I created this little cheat sheet so it becomes easy for people to get started. Basic Networking Information with PowerShell Get the IP Configuration (ipconfig with PowerShell) 1 […]


The lonely potato Never heard about the “Rotten Potato”? If not, read this post written by the authors of this fantastic exploit before continuing: The mechanism is quite complex, it allows us to intercept the NTLM authentication challenge which occurs during the  DCOM activation through  our endpoint listener and impersonate the user’s security access  token  […]


Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC). According to the Core Security Website, Impacket supports protocols like IP, TCP, UDP, ICMP, IGMP, ARP, IPv4, IPv6, SMB, MSRPC, NTLM, Kerberos, WMI, LDAP […]

metasploit – msfvenom-tutorials-beginners

Hello friends!! Today we will learn to create payloads from a popular tool known as metasploit, we will explore various option available within the tool to create payloads with different extensions and techniques. Msfvenom Msfvenom is a command line instance of Metasploit that is used to generate and output all of the various types of shell […]

metasploit – persisted backdoor crashing on Windows 8.1 (“ApacheBench command line utility has stopped working”)

persisted backdoor crashing on Windows 8.1 (“ApacheBench command line utility has stopped working”) to Persisted backdoor crashing on Windows 8.1 x64 (“ApacheBench command line utility has stopped working”) A few things come to mind: The ApacheBench template is not used for x64 payloads. If you’re seeing an error that says “ApacheBench command line utility”, then […]

HackTheBox – Minion

Minion write-up Contents Enumeration Port scanning Brute forcing directories and files Getting shell Getting decoder Getting admin Enumeration Port scanning We scan the full range of TCP ports using masscan: $ sudo masscan -e tun0 -p0-65535 –max-rate 500 Starting masscan 1.0.4 — forced options: -sS -Pn -n –randomize-hosts -v –send-eth Initiating SYN Stealth Scan […]

Hacking with Unicorn

On my Kali machine, I use unicorn to generate shellcode that will be executed in memory (therefore avoiding AV) to spawn a PowerShell process to return a reverse meterpreter shell. I then use the Jenkins build agent to execute the payload. First I clone the unicorn repo to /opt/powershell git clone /opt/powershell/unicorn Bash Copy […]

Hacking with Empire – PowerShell Post-Exploitation Agent

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. First download the Empire from […]


PowerSploit is a collection of PowerShell scripts which can prove to be very useful during some exploitation and mostly post-exploitation phases of a penetration test.   To follow along with the article please download the latest version of PowerSploit available here: If you have GIT, then you can simply run the following command to get […]