Command Injection - PowerShell for Pentesters (PSSE)

Hola! This was the 5th task in the PowerShell for Pentesters Exam, port two web based command injection exploits on Exploit-DB from another language to PowerShell. I chose to exploit the recent Tavis / Google-Security-Research exploit regarding the TrendMicro Local NodeJS server listening on localhost, this time as a PowerShell based privilege escalation vector. You can find the TrendMicro PWM exploit on Exploit-DB here and you can find my script here. I haven't quite got it to work at this point, but I feel like I'm on to something. Feel free to pick it up and get the working exploit! The next one was an older exploit, however I'm using the script as a sandboxing area for getting a remote command injection exploit, that then automatically copies over a file or PowerShell module. This one exploits the Rejetto HTTP File Server version 2.3.X. You can find the HFS exploit on Exploit-DB here, and you can find my HFS exploit here. Both of these scripts are intended to evolve over time, however I had spent so long with the TrendMicro PWM priv esc, and to no real avail, that my better instinct told me to publish my progress to this point and move on, hoping the community could see something I was not. That said, both were fun to explore.

This blogpost has been created for completing the requirements of the SecurityTube PowerShell for Penetration Testers Certification Exam:
http://www.securitytube-training.com/online-courses/powershell-for-pentesters/
Student ID: PSP-3061