Run installutil from powershell

Asked 8 years, 3 months ago. Active 8 years, 1 month ago. Viewed 8k times. How can I pass the parameters to installutil? Any help is appreciated. Improve this question. Add a comment. Active Oldest Votes. Improve this answer. Sign up or log in Sign up using Google. The InstallUtil can run executables which are written in.

NET language. There is python script written by khr0x40sh which imports Metasploit payloads generated by MSFvenom into a C template and produces the.

The C file can be compiled as an executable also via the csc binary of a system that is running. NET framework. The compiled executable that contains the malicious payload can be then dropped on the target system. AppLocker prevents the file of being executed however through the Installutil this file is executed as normal and returns a Meterpreter session.

There is a specific Metasploit module which can be used to bypass AppLocker via the InstallUtil method. This module will generate a. NET executable on the target system and it will utilize the InstallUtil binary to execute the payload bypassing the AppLocker protection. In environments where PowerShell is restricted by AppLocker Casey Smith did some further work and wrote C code which can be used in conjunction with the InstallUtil bypass technique in order to run PowerShell commands and scripts.

However in order for the above command to run it needs the System. There is an additional improvement on this code which can be compiled as. DLL and it can take an optional parameter to run PowerShell scripts which are stored locally. You can enable this in an elevated Powershell session using the following commandlet:.

By default any access to remote management is restricted to computers on the same subnet. You can open this up by making an adjustment in Windows Firewall:. There are many ways to show-horn a set of files onto a remote location, and the net use utility can be used if file sharing is enabled on the target environment.

This allows you to create a temporary mapped drive using the following syntax:. Although the connection will be dropped when you log off, you should try to tidy up after yourself by closing the connection explicitly once you have finished copying the files, i.

You can use Powershell remote management to run a script on another server using the invoke-command commandlet.