Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm) - Metasploit

This page contains detailed information about how to use the payload/cmd/windows/powershell/upexec/reverse_tcp_rc4 metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Module: payload/cmd/windows/powershell/upexec/reverse_tcp_rc4
Source code: modules/payloads/adapters/cmd/windows/powershell.rb
Disclosure date: -
Last modification time: 2022-05-27 16:41:25 +0000
Supported architecture(s): cmd
Supported platform(s): Windows
Target service / protocol: -
Target network port(s): -
List of CVEs: -

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it (staged). Connect back to the attacker

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

msf > use payload/cmd/windows/powershell/upexec/reverse_tcp_rc4
msf payload(reverse_tcp_rc4) > show options
    ... show and set options ...
msf payload(reverse_tcp_rc4) > generate

To learn how to generate payload/cmd/windows/powershell/upexec/reverse_tcp_rc4 with msfvenom, please read this.

Required Options

---

• LHOST: The listen address (an interface may be specified)

• PEXEC: Full path to the file to upload and execute

Go back to menu.

Msfconsole Usage

---

Here is how the cmd/windows/powershell/upexec/reverse_tcp_rc4 payload module looks in the msfconsole:

msf6 > use payload/cmd/windows/powershell/upexec/reverse_tcp_rc4

msf6 payload(cmd/windows/powershell/upexec/reverse_tcp_rc4) > show info

       Name: Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
     Module: payload/cmd/windows/powershell/upexec/reverse_tcp_rc4
   Platform: Windows
       Arch: cmd
Needs Admin: No
 Total size: 4345
       Rank: Normal

Provided by:
  Spencer McIntyre
  vlad902 <[email protected]>
  sf <[email protected]>
  hdm <[email protected]>
  skape <[email protected]>
  mihi
  RageLtMan

Basic options:
Name         Current Setting  Required  Description
----         ---------------  --------  -----------
EXITFUNC     process          yes       Exit technique (Accepted: '', seh, thread, process, none)
LHOST                         yes       The listen address (an interface may be specified)
LPORT        4444             yes       The listen port
PEXEC                         yes       Full path to the file to upload and execute
RC4PASSWORD  msf              yes       Password to derive RC4 key from

Description:
  Execute an x86 payload from a command via PowerShell. Uploads an 
  executable and runs it (staged). Connect back to the attacker

Module Options

---

This is a complete list of options available in the cmd/windows/powershell/upexec/reverse_tcp_rc4 payload:

msf6 payload(cmd/windows/powershell/upexec/reverse_tcp_rc4) > show options

Module options (payload/cmd/windows/powershell/upexec/reverse_tcp_rc4):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   EXITFUNC     process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                         yes       The listen address (an interface may be specified)
   LPORT        4444             yes       The listen port
   PEXEC                         yes       Full path to the file to upload and execute
   RC4PASSWORD  msf              yes       Password to derive RC4 key from

Advanced Options

---

Here is a complete list of advanced options supported by the cmd/windows/powershell/upexec/reverse_tcp_rc4 payload:

msf6 payload(cmd/windows/powershell/upexec/reverse_tcp_rc4) > show advanced

Module advanced options (payload/cmd/windows/powershell/upexec/reverse_tcp_rc4):

   Name                                 Current Setting  Required  Description
   ----                                 ---------------  --------  -----------
   AutoRunScript                                         no        A script to run automatically on session creation.
   AutoVerifySession                    true             yes       Automatically verify and drop invalid sessions
   CommandShellCleanupCommand                            no        A command to run before the session is closed
   CreateSession                        true             no        Create a new session for every successful login
   EnableStageEncoding                  false            no        Encode the second stage payload
   InitialAutoRunScript                                  no        An initial script to run on session creation (before AutoRunScript)
   PayloadBindPort                                       no        Port to bind reverse tcp socket to on target system.
   PayloadUUIDName                                       no        A human-friendly name to reference this unique payload (requires tracking)
   PayloadUUIDRaw                                        no        A hex string representing the raw 8-byte PUID value for the UUID
   PayloadUUIDSeed                                       no        A string to use when generating the payload UUID (deterministic)
   PayloadUUIDTracking                  false            yes       Whether or not to automatically register generated UUIDs
   PingbackRetries                      0                yes       How many additional successful pingbacks
   PingbackSleep                        30               yes       Time (in seconds) to sleep between pingbacks
   Powershell::encode_final_payload     false            yes       Encode final payload for -EncodedCommand
   Powershell::encode_inner_payload     false            yes       Encode inner payload for -EncodedCommand
   Powershell::exec_in_place            false            yes       Produce PSH without executable wrapper
   Powershell::exec_rc4                 false            yes       Encrypt PSH with RC4
   Powershell::method                   reflection       yes       Payload delivery method (Accepted: net, reflection, old, msil)
   Powershell::no_equals                false            yes       Pad base64 until no "=" remains
   Powershell::noninteractive           true             yes       Execute powershell without interaction
   Powershell::persist                  false            yes       Run the payload in a loop
   Powershell::prepend_protections_byp  auto             yes       Prepend AMSI/SBL bypass (Accepted: auto, true, false)
   ass
   Powershell::prepend_sleep                             no        Prepend seconds of sleep
   Powershell::remove_comspec           false            yes       Produce script calling powershell directly
   Powershell::strip_comments           true             yes       Strip comments
   Powershell::strip_whitespace         false            yes       Strip whitespace
   Powershell::sub_funcs                false            yes       Substitute function names
   Powershell::sub_vars                 true             yes       Substitute variable names
   Powershell::wrap_double_quotes       true             yes       Wraps the -Command argument in single quotes
   PrependMigrate                       false            yes       Spawns and runs shellcode in new process
   PrependMigrateProc                                    no        Process to spawn and run shellcode in
   ReverseAllowProxy                    false            yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through prox
                                                                   y but directly to LHOST
   ReverseListenerBindAddress                            no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                               no        The port to bind to on the local system if different from LPORT
   ReverseListenerComm                                   no        The specific communication channel to use for this listener
   ReverseListenerThreaded              false            yes       Handle every connection in a new thread (experimental)
   StageEncoder                                          no        Encoder to use if EnableStageEncoding is set
   StageEncoderSaveRegisters                             no        Additional registers to preserve in the staged payload if EnableStageEncoding is set
   StageEncodingFallback                true             no        Fallback to no encoding if the selected StageEncoder is not compatible
   StagerRetryCount                     10               no        The number of times the stager should retry if the first connect fails
   StagerRetryWait                      5                no        Number of seconds to wait for the stager between reconnect attempts
   VERBOSE                              false            no        Enable detailed status messages
   WORKSPACE                                             no        Specify the workspace for this module

Go back to menu.

Related Pull Requests

---

• #16588 Merged Pull Request: Check size for compatibility with powershell
• #16548 Merged Pull Request: Add Powershell Command Adapter

Go back to menu.

See Also

---

Check also the following modules related to this module:

• payload/cmd/windows/adduser
• payload/cmd/windows/bind_lua
• payload/cmd/windows/bind_perl
• payload/cmd/windows/bind_perl_ipv6
• payload/cmd/windows/bind_ruby
• payload/cmd/windows/download_eval_vbs
• payload/cmd/windows/download_exec_vbs
• payload/cmd/windows/generic
• payload/cmd/windows/jjs_reverse_tcp
• payload/cmd/windows/powershell/adduser
• payload/cmd/windows/powershell_bind_tcp
• payload/cmd/windows/powershell/custom/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/custom/bind_hidden_tcp
• payload/cmd/windows/powershell/custom/bind_ipv6_tcp
• payload/cmd/windows/powershell/custom/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/custom/bind_named_pipe
• payload/cmd/windows/powershell/custom/bind_nonx_tcp
• payload/cmd/windows/powershell/custom/bind_tcp
• payload/cmd/windows/powershell/custom/bind_tcp_rc4
• payload/cmd/windows/powershell/custom/bind_tcp_uuid
• payload/cmd/windows/powershell/custom/find_tag
• payload/cmd/windows/powershell/custom/reverse_hop_http
• payload/cmd/windows/powershell/custom/reverse_http
• payload/cmd/windows/powershell/custom/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/custom/reverse_https
• payload/cmd/windows/powershell/custom/reverse_https_proxy
• payload/cmd/windows/powershell/custom/reverse_ipv6_tcp
• payload/cmd/windows/powershell/custom/reverse_named_pipe
• payload/cmd/windows/powershell/custom/reverse_nonx_tcp
• payload/cmd/windows/powershell/custom/reverse_ord_tcp
• payload/cmd/windows/powershell/custom/reverse_tcp
• payload/cmd/windows/powershell/custom/reverse_tcp_allports
• payload/cmd/windows/powershell/custom/reverse_tcp_dns
• payload/cmd/windows/powershell/custom/reverse_tcp_rc4
• payload/cmd/windows/powershell/custom/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/custom/reverse_tcp_uuid
• payload/cmd/windows/powershell/custom/reverse_udp
• payload/cmd/windows/powershell/custom/reverse_winhttp
• payload/cmd/windows/powershell/custom/reverse_winhttps
• payload/cmd/windows/powershell/dllinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/dllinject/bind_hidden_tcp
• payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/dllinject/bind_named_pipe
• payload/cmd/windows/powershell/dllinject/bind_nonx_tcp
• payload/cmd/windows/powershell/dllinject/bind_tcp
• payload/cmd/windows/powershell/dllinject/bind_tcp_rc4
• payload/cmd/windows/powershell/dllinject/bind_tcp_uuid
• payload/cmd/windows/powershell/dllinject/find_tag
• payload/cmd/windows/powershell/dllinject/reverse_hop_http
• payload/cmd/windows/powershell/dllinject/reverse_http
• payload/cmd/windows/powershell/dllinject/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/dllinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/dllinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/dllinject/reverse_ord_tcp
• payload/cmd/windows/powershell/dllinject/reverse_tcp
• payload/cmd/windows/powershell/dllinject/reverse_tcp_allports
• payload/cmd/windows/powershell/dllinject/reverse_tcp_dns
• payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/dllinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/dllinject/reverse_winhttp
• payload/cmd/windows/powershell/dns_txt_query_exec
• payload/cmd/windows/powershell/download_exec
• payload/cmd/windows/powershell/exec
• payload/cmd/windows/powershell/format_all_drives
• payload/cmd/windows/powershell/generic/debug_trap
• payload/cmd/windows/powershell/generic/tight_loop
• payload/cmd/windows/powershell/loadlibrary
• payload/cmd/windows/powershell/messagebox
• payload/cmd/windows/powershell/meterpreter/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/meterpreter/bind_hidden_tcp
• payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/bind_named_pipe
• payload/cmd/windows/powershell/meterpreter/bind_nonx_tcp
• payload/cmd/windows/powershell/meterpreter/bind_tcp
• payload/cmd/windows/powershell/meterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/meterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/find_tag
• payload/cmd/windows/powershell/meterpreter/reverse_hop_http
• payload/cmd/windows/powershell/meterpreter/reverse_http
• payload/cmd/windows/powershell/meterpreter/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/meterpreter/reverse_https
• payload/cmd/windows/powershell/meterpreter/reverse_https_proxy
• payload/cmd/windows/powershell/meterpreter/reverse_ipv6_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_named_pipe
• payload/cmd/windows/powershell/meterpreter/reverse_nonx_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_ord_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_allports
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_dns
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/reverse_winhttp
• payload/cmd/windows/powershell/meterpreter/reverse_winhttps
• payload/cmd/windows/powershell/metsvc_bind_tcp
• payload/cmd/windows/powershell/metsvc_reverse_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_hidden_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/patchupdllinject/bind_named_pipe
• payload/cmd/windows/powershell/patchupdllinject/bind_nonx_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp_rc4
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp_uuid
• payload/cmd/windows/powershell/patchupdllinject/find_tag
• payload/cmd/windows/powershell/patchupdllinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_ord_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_allports
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_dns
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/bind_named_pipe
• payload/cmd/windows/powershell/patchupmeterpreter/bind_nonx_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/find_tag
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_ipv6_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_nonx_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_ord_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_allports
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_dns
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/peinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/peinject/bind_hidden_tcp
• payload/cmd/windows/powershell/peinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/peinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/peinject/bind_named_pipe
• payload/cmd/windows/powershell/peinject/bind_nonx_tcp
• payload/cmd/windows/powershell/peinject/bind_tcp
• payload/cmd/windows/powershell/peinject/bind_tcp_rc4
• payload/cmd/windows/powershell/peinject/bind_tcp_uuid
• payload/cmd/windows/powershell/peinject/find_tag
• payload/cmd/windows/powershell/peinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/peinject/reverse_named_pipe
• payload/cmd/windows/powershell/peinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/peinject/reverse_ord_tcp
• payload/cmd/windows/powershell/peinject/reverse_tcp
• payload/cmd/windows/powershell/peinject/reverse_tcp_allports
• payload/cmd/windows/powershell/peinject/reverse_tcp_dns
• payload/cmd/windows/powershell/peinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/peinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/peinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/pingback_bind_tcp
• payload/cmd/windows/powershell/pingback_reverse_tcp
• payload/cmd/windows/powershell/powershell_bind_tcp
• payload/cmd/windows/powershell/powershell_reverse_tcp
• payload/cmd/windows/powershell/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell_reverse_tcp
• payload/cmd/windows/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell/shell/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/shell/bind_hidden_tcp
• payload/cmd/windows/powershell/shell/bind_ipv6_tcp
• payload/cmd/windows/powershell/shell/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/shell/bind_named_pipe
• payload/cmd/windows/powershell/shell/bind_nonx_tcp
• payload/cmd/windows/powershell/shell/bind_tcp
• payload/cmd/windows/powershell/shell_bind_tcp
• payload/cmd/windows/powershell/shell/bind_tcp_rc4
• payload/cmd/windows/powershell/shell/bind_tcp_uuid
• payload/cmd/windows/powershell/shell_bind_tcp_xpfw
• payload/cmd/windows/powershell/shell/find_tag
• payload/cmd/windows/powershell/shell_hidden_bind_tcp
• payload/cmd/windows/powershell/shell/reverse_ipv6_tcp
• payload/cmd/windows/powershell/shell/reverse_nonx_tcp
• payload/cmd/windows/powershell/shell/reverse_ord_tcp
• payload/cmd/windows/powershell/shell/reverse_tcp
• payload/cmd/windows/powershell/shell_reverse_tcp
• payload/cmd/windows/powershell/shell/reverse_tcp_allports
• payload/cmd/windows/powershell/shell/reverse_tcp_dns
• payload/cmd/windows/powershell/shell/reverse_tcp_rc4
• payload/cmd/windows/powershell/shell/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/shell/reverse_tcp_uuid
• payload/cmd/windows/powershell/shell/reverse_udp
• payload/cmd/windows/powershell/speak_pwned
• payload/cmd/windows/powershell/upexec/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/upexec/bind_hidden_tcp
• payload/cmd/windows/powershell/upexec/bind_ipv6_tcp
• payload/cmd/windows/powershell/upexec/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/upexec/bind_named_pipe
• payload/cmd/windows/powershell/upexec/bind_nonx_tcp
• payload/cmd/windows/powershell/upexec/bind_tcp
• payload/cmd/windows/powershell/upexec/bind_tcp_rc4
• payload/cmd/windows/powershell/upexec/bind_tcp_uuid
• payload/cmd/windows/powershell/upexec/find_tag
• payload/cmd/windows/powershell/upexec/reverse_ipv6_tcp
• payload/cmd/windows/powershell/upexec/reverse_nonx_tcp
• payload/cmd/windows/powershell/upexec/reverse_ord_tcp
• payload/cmd/windows/powershell/upexec/reverse_tcp
• payload/cmd/windows/powershell/upexec/reverse_tcp_allports
• payload/cmd/windows/powershell/upexec/reverse_tcp_dns
• payload/cmd/windows/powershell/upexec/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/upexec/reverse_tcp_uuid
• payload/cmd/windows/powershell/upexec/reverse_udp
• payload/cmd/windows/powershell/vncinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/vncinject/bind_hidden_tcp
• payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/vncinject/bind_named_pipe
• payload/cmd/windows/powershell/vncinject/bind_nonx_tcp
• payload/cmd/windows/powershell/vncinject/bind_tcp
• payload/cmd/windows/powershell/vncinject/bind_tcp_rc4
• payload/cmd/windows/powershell/vncinject/bind_tcp_uuid
• payload/cmd/windows/powershell/vncinject/find_tag
• payload/cmd/windows/powershell/vncinject/reverse_hop_http
• payload/cmd/windows/powershell/vncinject/reverse_http
• payload/cmd/windows/powershell/vncinject/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/vncinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/vncinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/vncinject/reverse_ord_tcp
• payload/cmd/windows/powershell/vncinject/reverse_tcp
• payload/cmd/windows/powershell/vncinject/reverse_tcp_allports
• payload/cmd/windows/powershell/vncinject/reverse_tcp_dns
• payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/vncinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/vncinject/reverse_winhttp
• payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/bind_named_pipe
• payload/cmd/windows/powershell/x64/custom/bind_tcp
• payload/cmd/windows/powershell/x64/custom/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/custom/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/reverse_http
• payload/cmd/windows/powershell/x64/custom/reverse_https
• payload/cmd/windows/powershell/x64/custom/reverse_named_pipe
• payload/cmd/windows/powershell/x64/custom/reverse_tcp
• payload/cmd/windows/powershell/x64/custom/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/custom/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/reverse_winhttp
• payload/cmd/windows/powershell/x64/custom/reverse_winhttps
• payload/cmd/windows/powershell/x64/exec
• payload/cmd/windows/powershell/x64/loadlibrary
• payload/cmd/windows/powershell/x64/messagebox
• payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/bind_named_pipe
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/reverse_http
• payload/cmd/windows/powershell/x64/meterpreter/reverse_https
• payload/cmd/windows/powershell/x64/meterpreter/reverse_named_pipe
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttp
• payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttps
• payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/peinject/bind_named_pipe
• payload/cmd/windows/powershell/x64/peinject/bind_tcp
• payload/cmd/windows/powershell/x64/peinject/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/peinject/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/peinject/reverse_named_pipe
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/pingback_reverse_tcp
• payload/cmd/windows/powershell/x64/powershell_bind_tcp
• payload/cmd/windows/powershell/x64/powershell_reverse_tcp
• payload/cmd/windows/powershell/x64/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/shell/bind_named_pipe
• payload/cmd/windows/powershell/x64/shell/bind_tcp
• payload/cmd/windows/powershell/x64/shell_bind_tcp
• payload/cmd/windows/powershell/x64/shell/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/shell/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/shell/reverse_tcp
• payload/cmd/windows/powershell/x64/shell_reverse_tcp
• payload/cmd/windows/powershell/x64/shell/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/shell/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/bind_named_pipe
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/reverse_http
• payload/cmd/windows/powershell/x64/vncinject/reverse_https
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/reverse_winhttp
• payload/cmd/windows/powershell/x64/vncinject/reverse_winhttps
• payload/cmd/windows/reverse_lua
• payload/cmd/windows/reverse_perl
• payload/cmd/windows/reverse_powershell
• payload/cmd/windows/reverse_ruby

Authors

---

• Spencer McIntyre
• vlad902
• sf
• hdm
• skape
• mihi
• RageLtMan

Version

---

This page has been produced using Metasploit Framework version 6.2.29-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.