{
	"id": "008a2fe6-15c1-4001-9875-d45f43d8f1ac",
	"created_at": "2026-04-06T00:21:08.242385Z",
	"updated_at": "2026-04-10T03:21:31.038015Z",
	"deleted_at": null,
	"sha1_hash": "58c9be6ce39d271b69c9dd3314c77326a6d8f955",
	"title": "Introducing Antak - A webshell which utilizes powershell",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1142820,
	"plain_text": "Introducing Antak - A webshell which utilizes powershell\r\nArchived: 2026-04-05 14:34:22 UTC\r\nDuing penetration tests, I always wanted to have a simple yet powerful webshell. For that, I wrote Antak last year,\r\ndemonstrated it at Defcon 21 but never released for I was busy in other things :)\r\nAntak stands for God of Death in Indian mythology, popularly known as Yamraj. Muhahaha\r\nThe webshell is a part of Nishang now. It is written in ASP.Net.\r\nAntak's UI has been designed to resemble a powershell console.\r\nUse clear to clear the output box. Use help to see the built-in help.\r\nLets see some of its features.\r\nRunning Commands\r\nTo run commands on the target machine, just type those in the command text box and press enter or click on\r\nsubmit.\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 1 of 6\n\nEach command is executed in a separate powershell process. To run multiple commands in a single process, use\r\nsemi-colon (;) separated commands like cd..;pwd;ls\r\nYou are effectively sitting on a powershell prompt with -noninteractvie and -executionpolicy bypass parameters.\r\nSo all powershell commands would run. Great!\r\nCode snip for command execution:\r\nUpload a file\r\nTo upload a file using Antak:\r\n1. Write the path writable directory in command box. Usually, at least C:\\Windows\\Temp should be writable.\r\n2. Use the browse button to locate the file on your local machine.\r\n3. Click on \"Upload the file\" button.\r\nAlso, lets verify if the file has been uploaded.\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 2 of 6\n\nNice! The file has been uploaded.\r\nCode for this:\r\nDownload a file\r\nTo download a file, just write/copy its complete path in command box and click on the \"download\" button.\r\n \r\n And this downloaded text file contains username and password to another machine. Of course, you won't find\r\nsuch things in an enterpreise enviroonment (pun intended) :D\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 3 of 6\n\nCode for download:\r\nExecuting Scripts\r\nThere are many ways how a script could be executed using Antak. \r\nUPDATE: In methods 1 and 2 below the script does not touch disk (someone asked me this).\r\n1. Paste the script in command box and click \"Encode and Execute\".\r\nLets try this with the egress testing script Firebuster.ps1\r\n \r\n2. Using powershell one-liner for download \u0026 execute. Paste the one-liner in command box and click on execute.\r\nLets try this with powershell payload generated using msf.\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 4 of 6\n\nThe one liner which could be used is:\r\n3. An uploaded script could be executed in the usual way.\r\nLets upload powerpreter on the target and use Get-Information function.\r\nHandy!\r\nRemoting/Pivoting\r\nRecall that we are practically on a powershell prompt. So lets try to use powershell remoting to execute\r\ncommands on remote machines. Two things which are required for using powershell remoting from Antak are:\r\n1. Administrative credentials for the target remote system.\r\n2. Powershell remoting must already be enabled between system where Antak is residing and the target machine.\r\nAs it is not possible to change any settings due to low privileges under which Antak runs.\r\nRecall that we downloaded a plain-text credential for a remote machine. That could be used now.\r\nFollowing semi-colon(;) separated commands could be used to achieve this. This command takes username and\r\npassword in plain and exeucte ipconfig on the target.\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 5 of 6\n\nLets use this :)\r\nGreat! We are able to execute commands on the remote machine.\r\nThat is it for Antak, hope you liked it. It is a part of Nishang and could be found here:\r\nhttps://github.com/samratashok/nishang\r\nIf you would like to see Antak in action, you may like to see the webcast I did for Garage4hackers:\r\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nI look forward to feedback, bugs and feature requests.\r\nSource: http://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nhttp://www.labofapenetrationtester.com/2014/06/introducing-antak.html\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"http://www.labofapenetrationtester.com/2014/06/introducing-antak.html"
	],
	"report_names": [
		"introducing-antak.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434868,
	"ts_updated_at": 1775791291,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/58c9be6ce39d271b69c9dd3314c77326a6d8f955.pdf",
		"text": "https://archive.orkl.eu/58c9be6ce39d271b69c9dd3314c77326a6d8f955.txt",
		"img": "https://archive.orkl.eu/58c9be6ce39d271b69c9dd3314c77326a6d8f955.jpg"
	}
}