Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp) - Metasploit

This page contains detailed information about how to use the payload/cmd/windows/powershell/x64/custom/reverse_winhttps metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview

---

Name: Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)
Module: payload/cmd/windows/powershell/x64/custom/reverse_winhttps
Source code: modules/payloads/adapters/cmd/windows/powershell/x64.rb
Disclosure date: -
Last modification time: 2022-05-27 16:41:25 +0000
Supported architecture(s): cmd
Supported platform(s): Windows
Target service / protocol: -
Target network port(s): -
List of CVEs: -

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS (Windows x64 winhttp)

Module Ranking and Traits

---

Module Ranking:

• normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

---

msf > use payload/cmd/windows/powershell/x64/custom/reverse_winhttps
msf payload(reverse_winhttps) > show options
    ... show and set options ...
msf payload(reverse_winhttps) > generate

To learn how to generate payload/cmd/windows/powershell/x64/custom/reverse_winhttps with msfvenom, please read this.

Required Options

---

• LHOST: The local listener hostname

Go back to menu.

Msfconsole Usage

---

Here is how the cmd/windows/powershell/x64/custom/reverse_winhttps payload module looks in the msfconsole:

msf6 > use payload/cmd/windows/powershell/x64/custom/reverse_winhttps

msf6 payload(cmd/windows/powershell/x64/custom/reverse_winhttps) > show info

       Name: Powershell Exec, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)
     Module: payload/cmd/windows/powershell/x64/custom/reverse_winhttps
   Platform: Windows
       Arch: cmd
Needs Admin: No
 Total size: 4871
       Rank: Normal

Provided by:
  Spencer McIntyre
  bwatters-r7
  OJ Reeves

Basic options:
Name            Current Setting  Required  Description
----            ---------------  --------  -----------
EXITFUNC        process          yes       Exit technique (Accepted: '', seh, thread, process, none)
LHOST                            yes       The local listener hostname
LPORT           8443             yes       The local listener port
LURI                             no        The HTTP Path
SHELLCODE_FILE                   no        Shellcode bin to launch

Description:
  Execute an x64 payload from a command via PowerShell. Custom 
  shellcode stage. Tunnel communication over HTTPS (Windows x64 
  winhttp)

Module Options

---

This is a complete list of options available in the cmd/windows/powershell/x64/custom/reverse_winhttps payload:

msf6 payload(cmd/windows/powershell/x64/custom/reverse_winhttps) > show options

Module options (payload/cmd/windows/powershell/x64/custom/reverse_winhttps):

   Name            Current Setting  Required  Description
   ----            ---------------  --------  -----------
   EXITFUNC        process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                            yes       The local listener hostname
   LPORT           8443             yes       The local listener port
   LURI                             no        The HTTP Path
   SHELLCODE_FILE                   no        Shellcode bin to launch

Advanced Options

---

Here is a complete list of advanced options supported by the cmd/windows/powershell/x64/custom/reverse_winhttps payload:

msf6 payload(cmd/windows/powershell/x64/custom/reverse_winhttps) > show advanced

Module advanced options (payload/cmd/windows/powershell/x64/custom/reverse_winhttps):

   Name                                Current Setting                     Required  Description
   ----                                ---------------                     --------  -----------
   EnableStageEncoding                 false                               no        Encode the second stage payload
   HandlerSSLCert                                                          no        Path to a SSL certificate in unified PEM format
   HttpCookie                                                              no        An optional value to use for the Cookie HTTP header
   HttpHostHeader                                                          no        An optional value to use for the Host HTTP header
   HttpProxyHost                                                           no        An optional proxy server IP address or hostname
   HttpProxyIE                         true                                no        Enable use of IE proxy settings
   HttpProxyPass                                                           no        An optional proxy server password Max parameter length: 63 c
                                                                                     haracters
   HttpProxyPort                                                           no        An optional proxy server port
   HttpProxyType                       HTTP                                yes       The type of HTTP proxy (Accepted: HTTP, SOCKS)
   HttpProxyUser                                                           no        An optional proxy server username Max parameter length: 63 c
                                                                                     haracters
   HttpReferer                                                             no        An optional value to use for the Referer HTTP header
   HttpServerName                      Apache                              no        The server header that the handler will send in response to
                                                                                     requests
   HttpUnknownRequestResponse          <html><body><h1>It works!</h1></bo  no        The returned HTML response body when the handler receives a
                                       dy></html>                                    request that is not from a payload
   HttpUserAgent                       Mozilla/5.0 (Windows NT 10.0; Win6  no        The user-agent that the payload should use for communication
                                       4; x64) AppleWebKit/537.36 (KHTML,             Max parameter length: 255 characters
                                        like Gecko) Chrome/98.0.4758.81 S
                                       afari/537.36
   IgnoreUnknownPayloads               false                               no        Whether to drop connections from payloads using unknown UUID
                                                                                     s
   OverrideLHOST                                                           no        When OverrideRequestHost is set, use this value as the host
                                                                                     name for secondary requests
   OverrideLPORT                                                           no        When OverrideRequestHost is set, use this value as the port
                                                                                     number for secondary requests
   OverrideRequestHost                 false                               no        Forces a specific host and port instead of using what the cl
                                                                                     ient requests, defaults to LHOST:LPORT
   OverrideScheme                                                          no        When OverrideRequestHost is set, use this value as the schem
                                                                                     e for secondary requests, e.g http or https
   PayloadUUIDName                                                         no        A human-friendly name to reference this unique payload (requ
                                                                                     ires tracking)
   PayloadUUIDRaw                                                          no        A hex string representing the raw 8-byte PUID value for the
                                                                                     UUID
   PayloadUUIDSeed                                                         no        A string to use when generating the payload UUID (determinis
                                                                                     tic)
   PayloadUUIDTracking                 false                               yes       Whether or not to automatically register generated UUIDs
   PingbackRetries                     0                                   yes       How many additional successful pingbacks
   PingbackSleep                       30                                  yes       Time (in seconds) to sleep between pingbacks
   Powershell::encode_final_payload    false                               yes       Encode final payload for -EncodedCommand
   Powershell::encode_inner_payload    false                               yes       Encode inner payload for -EncodedCommand
   Powershell::exec_in_place           false                               yes       Produce PSH without executable wrapper
   Powershell::exec_rc4                false                               yes       Encrypt PSH with RC4
   Powershell::method                  reflection                          yes       Payload delivery method (Accepted: net, reflection, old, msi
                                                                                     l)
   Powershell::no_equals               false                               yes       Pad base64 until no "=" remains
   Powershell::noninteractive          true                                yes       Execute powershell without interaction
   Powershell::persist                 false                               yes       Run the payload in a loop
   Powershell::prepend_protections_by  auto                                yes       Prepend AMSI/SBL bypass (Accepted: auto, true, false)
   pass
   Powershell::prepend_sleep                                               no        Prepend seconds of sleep
   Powershell::remove_comspec          false                               yes       Produce script calling powershell directly
   Powershell::strip_comments          true                                yes       Strip comments
   Powershell::strip_whitespace        false                               yes       Strip whitespace
   Powershell::sub_funcs               false                               yes       Substitute function names
   Powershell::sub_vars                true                                yes       Substitute variable names
   Powershell::wrap_double_quotes      true                                yes       Wraps the -Command argument in single quotes
   PrependMigrate                      false                               yes       Spawns and runs shellcode in new process
   PrependMigrateProc                                                      no        Process to spawn and run shellcode in
   ReverseAllowProxy                   false                               yes       Allow reverse tcp even with Proxies specified. Connect back
                                                                                     will NOT go through proxy but directly to LHOST
   ReverseListenerBindAddress                                              no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                                                 no        The port to bind to on the local system if different from LP
                                                                                     ORT
   ReverseListenerComm                                                     no        The specific communication channel to use for this listener
   SSLVersion                          Auto                                yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL
                                                                                     23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TL
                                                                                     S1, TLS1.1, TLS1.2)
   StageEncoder                                                            no        Encoder to use if EnableStageEncoding is set
   StageEncoderSaveRegisters                                               no        Additional registers to preserve in the staged payload if En
                                                                                     ableStageEncoding is set
   StageEncodingFallback               true                                no        Fallback to no encoding if the selected StageEncoder is not
                                                                                     compatible
   StagerRetryCount                    10                                  no        The number of times the stager should retry if the first con
                                                                                     nect fails
   StagerRetryWait                     5                                   no        Number of seconds to wait for the stager between reconnect a
                                                                                     ttempts
   StagerURILength                                                         no        The URI length for the stager (at least 5 bytes)
   StagerVerifySSLCert                 false                               no        Whether to verify the SSL certificate hash in the handler
   VERBOSE                             false                               no        Enable detailed status messages
   WORKSPACE                                                               no        Specify the workspace for this module

Go back to menu.

Related Pull Requests

---

• #16597 Merged Pull Request: Fix PowerShell Command Encrypted Shell Payloads
• #16588 Merged Pull Request: Check size for compatibility with powershell
• #16548 Merged Pull Request: Add Powershell Command Adapter

Go back to menu.

See Also

---

Check also the following modules related to this module:

• payload/cmd/windows/adduser
• payload/cmd/windows/bind_lua
• payload/cmd/windows/bind_perl
• payload/cmd/windows/bind_perl_ipv6
• payload/cmd/windows/bind_ruby
• payload/cmd/windows/download_eval_vbs
• payload/cmd/windows/download_exec_vbs
• payload/cmd/windows/generic
• payload/cmd/windows/jjs_reverse_tcp
• payload/cmd/windows/powershell/adduser
• payload/cmd/windows/powershell_bind_tcp
• payload/cmd/windows/powershell/custom/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/custom/bind_hidden_tcp
• payload/cmd/windows/powershell/custom/bind_ipv6_tcp
• payload/cmd/windows/powershell/custom/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/custom/bind_named_pipe
• payload/cmd/windows/powershell/custom/bind_nonx_tcp
• payload/cmd/windows/powershell/custom/bind_tcp
• payload/cmd/windows/powershell/custom/bind_tcp_rc4
• payload/cmd/windows/powershell/custom/bind_tcp_uuid
• payload/cmd/windows/powershell/custom/find_tag
• payload/cmd/windows/powershell/custom/reverse_hop_http
• payload/cmd/windows/powershell/custom/reverse_http
• payload/cmd/windows/powershell/custom/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/custom/reverse_https
• payload/cmd/windows/powershell/custom/reverse_https_proxy
• payload/cmd/windows/powershell/custom/reverse_ipv6_tcp
• payload/cmd/windows/powershell/custom/reverse_named_pipe
• payload/cmd/windows/powershell/custom/reverse_nonx_tcp
• payload/cmd/windows/powershell/custom/reverse_ord_tcp
• payload/cmd/windows/powershell/custom/reverse_tcp
• payload/cmd/windows/powershell/custom/reverse_tcp_allports
• payload/cmd/windows/powershell/custom/reverse_tcp_dns
• payload/cmd/windows/powershell/custom/reverse_tcp_rc4
• payload/cmd/windows/powershell/custom/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/custom/reverse_tcp_uuid
• payload/cmd/windows/powershell/custom/reverse_udp
• payload/cmd/windows/powershell/custom/reverse_winhttp
• payload/cmd/windows/powershell/custom/reverse_winhttps
• payload/cmd/windows/powershell/dllinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/dllinject/bind_hidden_tcp
• payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/dllinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/dllinject/bind_named_pipe
• payload/cmd/windows/powershell/dllinject/bind_nonx_tcp
• payload/cmd/windows/powershell/dllinject/bind_tcp
• payload/cmd/windows/powershell/dllinject/bind_tcp_rc4
• payload/cmd/windows/powershell/dllinject/bind_tcp_uuid
• payload/cmd/windows/powershell/dllinject/find_tag
• payload/cmd/windows/powershell/dllinject/reverse_hop_http
• payload/cmd/windows/powershell/dllinject/reverse_http
• payload/cmd/windows/powershell/dllinject/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/dllinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/dllinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/dllinject/reverse_ord_tcp
• payload/cmd/windows/powershell/dllinject/reverse_tcp
• payload/cmd/windows/powershell/dllinject/reverse_tcp_allports
• payload/cmd/windows/powershell/dllinject/reverse_tcp_dns
• payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/dllinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/dllinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/dllinject/reverse_winhttp
• payload/cmd/windows/powershell/dns_txt_query_exec
• payload/cmd/windows/powershell/download_exec
• payload/cmd/windows/powershell/exec
• payload/cmd/windows/powershell/format_all_drives
• payload/cmd/windows/powershell/generic/debug_trap
• payload/cmd/windows/powershell/generic/tight_loop
• payload/cmd/windows/powershell/loadlibrary
• payload/cmd/windows/powershell/messagebox
• payload/cmd/windows/powershell/meterpreter/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/meterpreter/bind_hidden_tcp
• payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/meterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/bind_named_pipe
• payload/cmd/windows/powershell/meterpreter/bind_nonx_tcp
• payload/cmd/windows/powershell/meterpreter/bind_tcp
• payload/cmd/windows/powershell/meterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/meterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/find_tag
• payload/cmd/windows/powershell/meterpreter/reverse_hop_http
• payload/cmd/windows/powershell/meterpreter/reverse_http
• payload/cmd/windows/powershell/meterpreter/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/meterpreter/reverse_https
• payload/cmd/windows/powershell/meterpreter/reverse_https_proxy
• payload/cmd/windows/powershell/meterpreter/reverse_ipv6_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_named_pipe
• payload/cmd/windows/powershell/meterpreter/reverse_nonx_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_ord_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_tcp
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_allports
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_dns
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/meterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/meterpreter/reverse_winhttp
• payload/cmd/windows/powershell/meterpreter/reverse_winhttps
• payload/cmd/windows/powershell/metsvc_bind_tcp
• payload/cmd/windows/powershell/metsvc_reverse_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_hidden_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/patchupdllinject/bind_named_pipe
• payload/cmd/windows/powershell/patchupdllinject/bind_nonx_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp_rc4
• payload/cmd/windows/powershell/patchupdllinject/bind_tcp_uuid
• payload/cmd/windows/powershell/patchupdllinject/find_tag
• payload/cmd/windows/powershell/patchupdllinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_ord_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_allports
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_dns
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/patchupdllinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_hidden_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/bind_named_pipe
• payload/cmd/windows/powershell/patchupmeterpreter/bind_nonx_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/patchupmeterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/patchupmeterpreter/find_tag
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_ipv6_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_nonx_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_ord_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_allports
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_dns
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/patchupmeterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/peinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/peinject/bind_hidden_tcp
• payload/cmd/windows/powershell/peinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/peinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/peinject/bind_named_pipe
• payload/cmd/windows/powershell/peinject/bind_nonx_tcp
• payload/cmd/windows/powershell/peinject/bind_tcp
• payload/cmd/windows/powershell/peinject/bind_tcp_rc4
• payload/cmd/windows/powershell/peinject/bind_tcp_uuid
• payload/cmd/windows/powershell/peinject/find_tag
• payload/cmd/windows/powershell/peinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/peinject/reverse_named_pipe
• payload/cmd/windows/powershell/peinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/peinject/reverse_ord_tcp
• payload/cmd/windows/powershell/peinject/reverse_tcp
• payload/cmd/windows/powershell/peinject/reverse_tcp_allports
• payload/cmd/windows/powershell/peinject/reverse_tcp_dns
• payload/cmd/windows/powershell/peinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/peinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/peinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/pingback_bind_tcp
• payload/cmd/windows/powershell/pingback_reverse_tcp
• payload/cmd/windows/powershell/powershell_bind_tcp
• payload/cmd/windows/powershell/powershell_reverse_tcp
• payload/cmd/windows/powershell/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell_reverse_tcp
• payload/cmd/windows/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell/shell/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/shell/bind_hidden_tcp
• payload/cmd/windows/powershell/shell/bind_ipv6_tcp
• payload/cmd/windows/powershell/shell/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/shell/bind_named_pipe
• payload/cmd/windows/powershell/shell/bind_nonx_tcp
• payload/cmd/windows/powershell/shell/bind_tcp
• payload/cmd/windows/powershell/shell_bind_tcp
• payload/cmd/windows/powershell/shell/bind_tcp_rc4
• payload/cmd/windows/powershell/shell/bind_tcp_uuid
• payload/cmd/windows/powershell/shell_bind_tcp_xpfw
• payload/cmd/windows/powershell/shell/find_tag
• payload/cmd/windows/powershell/shell_hidden_bind_tcp
• payload/cmd/windows/powershell/shell/reverse_ipv6_tcp
• payload/cmd/windows/powershell/shell/reverse_nonx_tcp
• payload/cmd/windows/powershell/shell/reverse_ord_tcp
• payload/cmd/windows/powershell/shell/reverse_tcp
• payload/cmd/windows/powershell/shell_reverse_tcp
• payload/cmd/windows/powershell/shell/reverse_tcp_allports
• payload/cmd/windows/powershell/shell/reverse_tcp_dns
• payload/cmd/windows/powershell/shell/reverse_tcp_rc4
• payload/cmd/windows/powershell/shell/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/shell/reverse_tcp_uuid
• payload/cmd/windows/powershell/shell/reverse_udp
• payload/cmd/windows/powershell/speak_pwned
• payload/cmd/windows/powershell/upexec/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/upexec/bind_hidden_tcp
• payload/cmd/windows/powershell/upexec/bind_ipv6_tcp
• payload/cmd/windows/powershell/upexec/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/upexec/bind_named_pipe
• payload/cmd/windows/powershell/upexec/bind_nonx_tcp
• payload/cmd/windows/powershell/upexec/bind_tcp
• payload/cmd/windows/powershell/upexec/bind_tcp_rc4
• payload/cmd/windows/powershell/upexec/bind_tcp_uuid
• payload/cmd/windows/powershell/upexec/find_tag
• payload/cmd/windows/powershell/upexec/reverse_ipv6_tcp
• payload/cmd/windows/powershell/upexec/reverse_nonx_tcp
• payload/cmd/windows/powershell/upexec/reverse_ord_tcp
• payload/cmd/windows/powershell/upexec/reverse_tcp
• payload/cmd/windows/powershell/upexec/reverse_tcp_allports
• payload/cmd/windows/powershell/upexec/reverse_tcp_dns
• payload/cmd/windows/powershell/upexec/reverse_tcp_rc4
• payload/cmd/windows/powershell/upexec/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/upexec/reverse_tcp_uuid
• payload/cmd/windows/powershell/upexec/reverse_udp
• payload/cmd/windows/powershell/vncinject/bind_hidden_ipknock_tcp
• payload/cmd/windows/powershell/vncinject/bind_hidden_tcp
• payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/vncinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/vncinject/bind_named_pipe
• payload/cmd/windows/powershell/vncinject/bind_nonx_tcp
• payload/cmd/windows/powershell/vncinject/bind_tcp
• payload/cmd/windows/powershell/vncinject/bind_tcp_rc4
• payload/cmd/windows/powershell/vncinject/bind_tcp_uuid
• payload/cmd/windows/powershell/vncinject/find_tag
• payload/cmd/windows/powershell/vncinject/reverse_hop_http
• payload/cmd/windows/powershell/vncinject/reverse_http
• payload/cmd/windows/powershell/vncinject/reverse_http_proxy_pstore
• payload/cmd/windows/powershell/vncinject/reverse_ipv6_tcp
• payload/cmd/windows/powershell/vncinject/reverse_nonx_tcp
• payload/cmd/windows/powershell/vncinject/reverse_ord_tcp
• payload/cmd/windows/powershell/vncinject/reverse_tcp
• payload/cmd/windows/powershell/vncinject/reverse_tcp_allports
• payload/cmd/windows/powershell/vncinject/reverse_tcp_dns
• payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/vncinject/reverse_tcp_rc4_dns
• payload/cmd/windows/powershell/vncinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/vncinject/reverse_winhttp
• payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/custom/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/bind_named_pipe
• payload/cmd/windows/powershell/x64/custom/bind_tcp
• payload/cmd/windows/powershell/x64/custom/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/custom/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/reverse_http
• payload/cmd/windows/powershell/x64/custom/reverse_https
• payload/cmd/windows/powershell/x64/custom/reverse_named_pipe
• payload/cmd/windows/powershell/x64/custom/reverse_tcp
• payload/cmd/windows/powershell/x64/custom/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/custom/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/custom/reverse_winhttp
• payload/cmd/windows/powershell/x64/exec
• payload/cmd/windows/powershell/x64/loadlibrary
• payload/cmd/windows/powershell/x64/messagebox
• payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/bind_named_pipe
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/meterpreter/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/reverse_http
• payload/cmd/windows/powershell/x64/meterpreter/reverse_https
• payload/cmd/windows/powershell/x64/meterpreter/reverse_named_pipe
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/meterpreter/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttp
• payload/cmd/windows/powershell/x64/meterpreter/reverse_winhttps
• payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/peinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/peinject/bind_named_pipe
• payload/cmd/windows/powershell/x64/peinject/bind_tcp
• payload/cmd/windows/powershell/x64/peinject/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/peinject/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/peinject/reverse_named_pipe
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/peinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/pingback_reverse_tcp
• payload/cmd/windows/powershell/x64/powershell_bind_tcp
• payload/cmd/windows/powershell/x64/powershell_reverse_tcp
• payload/cmd/windows/powershell/x64/powershell_reverse_tcp_ssl
• payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/shell/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/shell/bind_named_pipe
• payload/cmd/windows/powershell/x64/shell/bind_tcp
• payload/cmd/windows/powershell/x64/shell_bind_tcp
• payload/cmd/windows/powershell/x64/shell/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/shell/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/shell/reverse_tcp
• payload/cmd/windows/powershell/x64/shell_reverse_tcp
• payload/cmd/windows/powershell/x64/shell/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/shell/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp
• payload/cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/bind_named_pipe
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp_rc4
• payload/cmd/windows/powershell/x64/vncinject/bind_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/reverse_http
• payload/cmd/windows/powershell/x64/vncinject/reverse_https
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_rc4
• payload/cmd/windows/powershell/x64/vncinject/reverse_tcp_uuid
• payload/cmd/windows/powershell/x64/vncinject/reverse_winhttp
• payload/cmd/windows/powershell/x64/vncinject/reverse_winhttps
• payload/cmd/windows/reverse_lua
• payload/cmd/windows/reverse_perl
• payload/cmd/windows/reverse_powershell
• payload/cmd/windows/reverse_ruby

Authors

---

• Spencer McIntyre
• bwatters-r7
• OJ Reeves

Version

---

This page has been produced using Metasploit Framework version 6.2.29-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.