web_delivery, powershell, SSL and you

Powershell delivery for metasploit payloads has become extremely popular for its flexibility and AV avoidance.

Metasploit recently deprecated psh_web_delivery with web_delivery which offers the ability to deliver Ruby, Python, and Powershell payloads over a webserver.

 

web_delivery

psh_web_delivery deprecated

 

web_delivery_new

New web_delivery module

 

 

One of the nice features is the ability to serve payloads over SSL helping to avoid detection however the default syntax will not function correctly with a self signed certificate

 

Executing web_delivery

Executing web_delivery

 

I removed the “-w hidden” command so we can see the output instead of having it execute, fail, and close the window.

 

Self signed SSL error

Self signed SSL error

Self signed SSL certificate could not be trusted and execution fails

 

However you can suppress the SSL certificate validation by adding “[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}”

no_ssl

Disable SSL validation

This results in successful download and execution of the powershell payload.

When I first ran into this issue I couldn’t find any posts directly related to metasploit or powershell payloads and SSL validation after some digging I found this command.

Hopefully this saves someone else a few minutes of troubleshooting.

 

 

Advertisements
Tagged with: , , , , , ,
Posted in InfoSec, metasploit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: