-
Notifications
You must be signed in to change notification settings - Fork 332
Stager
Charlie Dean edited this page Aug 9, 2017
·
5 revisions
The Winpayloads stager is either a reverse or bind tcp connection between the target and your machine. It makes use of TLS and therefore is not cleartext and cannot be sniffed. It can be used as a basic remote powershell shell.
- When in Winpayloads menu type
stager. This will now give you the option between bind or reverse connections. - Upon choosing either reverse or bind - a base64 encoded power shell will be printed to the screen. This is now the stager for the connection.
- It is small enough to fit in a windows run command. Eg WIN + R + paste + enter.
- This can be used easily with rubber duckies to get a remote shell quickly.
- Upon a connection, you can head to the clients page and interact with the shell and execute commands.
- Throughout the whole of Winpaylaods, this staged connection can be used with payloads on the main menu and powershell payloads.
- The benefit of using a staged connection is you can, without touching disk, make use of the meterpreter payloads. This further increases the chances of bypassing AV.
- Get staged connection
- Choose any payload on main menu
- Winpayloads will ask what client to use
- The generated payload will be executed on the client without touching disk
- Shellz